How IOS is encrypted

Source: Internet
Author: User
Tags hmac md5 encryption rounds asymmetric encryption

How to encrypt in IOS

1 Main encryption methods are: Base64,md5,rsa,des,aes, keychain storage, cookies

2 comparison of each encryption method

2.1 Base64

2.1.1 Fundamentals: Re-encode data with 64 basic ASCII values.

2.1.2 Implementation Steps

> Splitting data that needs to be encoded into byte arrays

> A group of 3 bytes

> 24-bit data in order, and then divide the 24 bits into 4 groups.

> 2 0, called a byte, before the highest bit in each group.

> When the last byte is insufficient, fill in 0

> Add 1 to 2 = numbers at the end of the last encoding completion

Note: Base64 characters include large/lowercase a-z,0-9, and +/

Base64 can also be decrypted after encryption

2.2 MD5 (digital signature)

2.2.1 Principle: A long integer that converts any length into a byte string to a specific length.

Note: Conversion is the conversion of a byte string instead of a string.

Keep in mind: MD5 encryption is not decrypted, so when using MD5 encrypted program for password authentication, it just verifies the string comparison after encryption, and does not know the user's password.

2.2.2 Use

> The steps are simple, but simple MD5 encryption is not safe, often used in a way

> MD5 Salt: The so-called salt value is a string. The user's password and salt value will be spliced before encryption.

> Timestamp/Dynamic Password: That is, in the MD5 encryption when the time and password after the combination of encryption, it can do the same encryption, form the same password and other encryption after the value is different

Note: Timestamp/dynamic password encryption requires that the client and server side have the same time.

> timestamp/dynamic password encryption Implementation steps: First, the first time with HMAC MD5 encryption. Next, the encrypted value and the current time string are spliced. Finally, the stitched value is again encrypted with HMAC MD5.

The server side receives the password to calculate the current time and the previous minute's value and password to compare

2.3 DES

2.3.1 Principle: It is a packet encryption algorithm that encrypts data in 64-bit groupings. DES is also a symmetric encryption algorithm (encryption and decryption using the same algorithm). Its key length is 56 bits (each 8th bit is used as a parity), the key can be any number of 56 bits, And can be arbitrarily changed.


Des operates on the plaintext packet m of the (bit) bit, and M is displaced by an initial permutation IP into M0, dividing the M0 plaintext into the left half and the right half m0= (L0,R0), each 32 bits long. Then perform 16 rounds of the exact same operation, which is called function f, and the data is combined with the key during the operation. After 16 rounds, the left and right halves fit together through an end permutation, and this is done. In each round, the key position is shifted, and then 48 bits are selected from the 56 bits of the key. The right half of the data is expanded into 48 bits through an extended permutation and replaced with a new 32-bit data by an XOR operation, replacing it once. These four-step operations form the function F. Then, through another XOR operation, the output of function f is combined with the left half, and the result becomes the new right half, and the original right part becomes the new left half. Repeat the operation 16 times and you are done.

Decryption process: After all substitution, substitution, xor, or box loops, you may think that the decryption algorithm is completely different from the encryption algorithm. On the contrary, a well-chosen variety of operations has obtained a very useful property: encryption and decryption using the same algorithm. The only difference between DES encryption and decryption is the reverse order of the keys. If each round of encryption key is K1,K2,K3....K16 then the decryption key is k16,k15,k14 ... K1

2.4 Keychain Storage (sskeychain third-party framework)

2.4.1 Use principle: You can write the plaintext password directly in the keychain.

Note: To give an identifier to the written password, so that the password can be removed.

2.5 cookies

2.5.1 is a network information block used to store information

The 2.5.2 Cookie automatically logs in and automatically sends the user's data to the server.

Note: The information in the Cookie is stored in the nshttpcookiestorage.

2.6 AES

2.6.1 principle: is a symmetric encryption algorithm. Length of DES encryption is extended. The AES design has three key lengths: 128,192,256 bits and three types. The AES algorithm mainly includes three aspects: wheel change, lap number and key expansion.

Specific principle:

2.6.2 first gets the string to encrypt

Next encryption (in the Aescrypt Class)

2.7 RSA

2.7.1 principle: It is an asymmetric encryption method that requires two key public and private keys. The public key and private key is a pair, if the public key is encrypted, it can only be decrypted with the private key, if the private key is encrypted, so long can only be decrypted with the public key.

Workflow: The receiver obtains a pair of keys, so that after one of the keys sent to the sender, the sender with the receiver sent over the key to encrypt, then the password to the receiver, because one of the keys can only be decrypted by another key, and the other key in the receiver's hand is not sent in the network, It can be guaranteed to be safe.

2.7.2 to obtain the public and private keys:

> Find two big prime numbers: A and B

> C = a*b

> D = (A-1) * (B-1)

> Find integer e,e and D coprime.

> Find the integer F, making the e*f/d remainder 1

> calculates that E is the public key, and F is the private key.

> N is responsible for the connection between the public key and the private key, and its formula is as follows (encrypt X)

Encryption: (x^e)%N = Y

Decryption: (y^e)%N = X

Plane ticket:

How IOS is encrypted

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.