iOS Learning-Data encryption

Source: Internet
Author: User
Tags decrypt md5 encryption openssl enc

In the use of encryption, one is hash function (hash), its most famous feature is irreversibility, we can not encrypt the results of the reverse decryption of the content, its most prominent representative is MD5 encryption. MD5 encryption ignores the size of the content and encrypts it into a string of 32-bit strings. Faced with its irreversible and disregard for content size characteristics, we can use it to do a lot of things.

1. Use MD5 to do the traditional password encryption, the server is not the user's password plaintext, but a string of MD5 encrypted data, only to do the login verification. Of course, the same data encryption results are always the same because of the fingerprint-like characteristics of MD5 encryption, that is, different data encryption results are not the same. Some websites can control the plaintext input corresponding to the encrypted data by saving the encrypted data with the corresponding plaintext. In the face of this situation, encryption needs to make some changes, the first is that each user to generate a corresponding salt when registering, so the use of md5+ salt encryption or other ways MD5 (MD5) + Salt and other ways, its content is extremely difficult to crack, And there will be no artificial leaks due to the use of a uniform salt-adding method. In addition, in order to grab the tools of the rampant, to prevent the capture of packets, hackers use the data directly encrypted after the login, MD5 encrypted data can be added time again encrypted upload, generally can take minutes as a unit, so that the server uses the same time, the current time and a minute before and after the verification, This allows the login account ciphertext timeliness enough to verify the landing and the clutch is difficult to use. PS: More encryption is still difficult 100% to prevent the leakage of information, so in the landing on the birth of QQ landing this authentication method. When the user set up a mobile phone as the local machine, the server will record the corresponding ID, when landing elsewhere, the first will upload the account name, the server according to the account to find the corresponding machine, and send the inquiry information, whether to allow the landing, if the refusal, the login will not be able to execute, agreed, the server to the lander to send permission And then perform the login operation.

2. Using MD5 can search function, such as Baidu search engine, and so on, the above data is not counted, how to accurately search for the desired data, you can encrypt the data, using this similar fingerprint features, quickly find the user want content and display.

Another feature that 3.MD5 can do is copyright. such as video, when the author posted on the internet, others downloaded, and then change the information re-release, how we identify who is the real publisher, can be identified by MD5. The author uploaded to the Internet, the original will not be sent out, all released to the user to download and watch the video after the website processing, MD5 features guarantee, any point different will encrypt the different MD5 strings, therefore, others download upload again, compared to the encryption after the MD5 can be clearly recognized copyright.

There is irreversible encryption, and certainly there is the use of reversible encryption. Symmetric encryption-----------------the traditional encryption method uses plaintext--secret key-cipher, cipher-key--plaintext to encrypt and decrypt the data. This encryption method requires a high key, and to ensure that it does not leak, once the leak will be cracked encrypted, and need to be replaced periodically, the older the key is less secure. Its most commonly used encryption algorithm is: DES, 3DES, AES, of course, there are other ways, but do not repeat. Des and 3DES algorithms are similar, but DES encryption strength is too low, so there are three keys to three times des algorithm, this way, leaking a two keys without effect. AES, for example, is the most common encryption method on Apple's side, such as the use of AES to encrypt the keychain. There are two ways to encrypt a symmetric encryption algorithm: ECB and CBC, one video data can be very large, one time encryption is not realistic, so the data will be split, a piece of separate encryption, which is the ECB's encryption form. And CBC, is based on the ECB to add a vector, chain encryption, only the first data encryption to encrypt the second data, and the encryption of the first data will become the second data encryption key, timely partial data leakage or cracked, still cracked all the data, Because I don't know what part of the chain it is in.

  

-(NSString *) encryptstring: (NSString *)stringKeyString: (NSString *) KeyString IV: (NSDATA *) IV {//set Secret keyNSData *keydata =[keystring datausingencoding:nsutf8stringencoding];    uint8_t Ckey[self.keysize]; Bzero (Ckey,sizeof(Ckey));        [KeyData Getbytes:ckey length:self.keySize]; //Set IVuint8_t Civ[self.blocksize];    Bzero (CIv, self.blocksize); intoption =0; if(iv) {[IV getbytes:civ Length:self.blockSize]; Option=kccoptionpkcs7padding; } Else{option= Kccoptionpkcs7padding |Kccoptionecbmode; }        //Setting the output bufferNSData *data = [stringdatausingencoding:nsutf8stringencoding]; size_t buffersize= [Data length] +self.blocksize; void*buffer =malloc (buffersize); //Start Encryptionsize_t encryptedsize =0; //Cccrypt Apple symmetric encryption core algorithm    /** Parameter Description 1. Encrypt or decrypt Kccencrypt Kccdecrypt 2. Encryption method: Aes,des,blowfish, etc. all symmetric encryption 3.ECB or CBC E cb:kccoptionpkcs7padding |     Kccoptionecbmode cbc:kccoptionpkcs7padding 4. Encrypted key 5. Key length 6. Vector 7. Encrypted data 8. Data size 9. Ciphertext memory Address 10. Ciphertext memory buffer size 11. Encryption Result Size*/cccryptorstatus Cryptstatus=Cccrypt (Kccencrypt, Self.algorithm,                                          option, Ckey, Self.keysize,                                          cIv, [data bytes], [Data length], buffer, Buffersi Ze,&encryptedsize); NSData*result =Nil; if(Cryptstatus = =kccsuccess) {Result=[NSData Datawithbytesnocopy:buffer length:encryptedsize]; } Else{free (buffer); NSLog (@"[ERROR] encryption failed | Status code:%d", Cryptstatus); }        return[Result base64encodedstringwithoptions:0];}

ECB cryptographic Terminal test command, encrypt: $ openssl enc-des-ecb-k 616263-nosalt-in msg1.txt-out Msg1.bin; Decrypt: $ OpenSSL enc-des-ecb-k 616263-no Salt-in msg1.bin-out msg1.txt-d. CBC Terminal Test command, encryption: $ openssl enc-des-cbc-k 616263-iv 0000000000000000-nosalt-in a.txt-out msg1.bin Decrypt: $ openssl enc-des- Cbc-k 616263-iv 0000000000000000-nosalt-in msg1.bin-out msg4.txt-d, File View command $ xxd msg1.bin

The corresponding face of symmetric encryption is definitely non-symmetric encryption (RSA). This encryption takes two keys, a public/private key. With public key encryption, private key decryption or private key encryption, public key decryption. Its advantage is very safe, is the use of a large number of multiplication operations to obtain a cryptographic result, no key with the current means of basic cannot decrypt. And then again because of the consequences of its secure encryption, encryption is very slow and basic big data does not want to use RSA encryption. Its encryption principle is: 1. Find two "very large" prime numbers, p&q, then N = p*q,m= (P-1) * (N-1), the public key is to find an integer e and M coprime, that is, except 1, no other convention number, this number can be very simple, because it is generally used publicly. Private key: Find an integer D, which divides e*d by M by 1, then encrypts: (plaintext ^e)%N until ciphertext, decryption: (ciphertext ^d)%N get plaintext. General digital signature can be used RSA, for example, the payment needs to use RSA, the principle is that the "payment amount" using hash to get "hash cipher", then the "Hash cipher" using RSA public key encryption to get "digital signature", and finally the digital signature and "payment amount" sent to the server. The server will "pay the amount" encrypted to "hash ciphertext", and use the private key to decrypt the "digital signature" to get "hash ciphertext", the two "hash cipher" to compare, correct confirmation of payment, so that the amount can be prevented from tampering.

#pragmaMark-Encrypt & Decrypt Data-(NSData *) EncryptData: (NSData *) plaindata {osstatus Sanitycheck=NOERR; size_t cipherbuffersize=0; size_t keybuffersize=0; Nsassert (Plaindata! = Nil,@"clear Text data is empty"); Nsassert (Publickeyref! = Nil,@"the public key is empty"); NSData*cipher =Nil; uint8_t*cipherbuffer =NULL; //Calculate buffer SizeCipherbuffersize =seckeygetblocksize (PUBLICKEYREF); Keybuffersize=[plaindata length]; if(Ktypeofwrappadding = =Ksecpaddingnone) {Nsassert (keybuffersize<= Cipherbuffersize,@"encrypted content is too large"); } Else{Nsassert (keybuffersize<= (Cipherbuffersize- One),@"encrypted content is too large"); }        //Allocating buffersCipherbuffer = malloc (Cipherbuffersize *sizeof(uint8_t)); memset ((void*) Cipherbuffer,0x0, cipherbuffersize); //using public key cryptographySanitycheck =Seckeyencrypt (Publickeyref, ktypeofwrappadding, (Constuint8_t *) [plaindata bytes], keybuffersize, Cipherbuffer, &cipherbuffersize); Nsassert (Sanitycheck= = NOERR,@"encryption error, Osstatus = =%d", Sanitycheck); //Generate ciphertext Datacipher = [NSData datawithbytes: (Const void*) Cipherbuffer Length: (Nsuinteger) cipherbuffersize]; if(Cipherbuffer) free (cipherbuffer); returncipher;}

iOS Learning-Data encryption

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.