RSA asymmetric encryption, using OpenSSL to generate certificates, iOS encryption, Java decryption

Recently changed a job, work for about one months. It's almost two months without a blog update. In the new company itself wrote a more generic iOS that can be architected for a medium-sized application that is not considered a framework structure and has been put into use. Ha ha

Tell me something about the title of the article.

Many of the high security requirements of the application to use encryption, encryption and back-end communication data, so as to prevent the interception of data packets by others, directly to the pretext of parameter data exposure. My last company is to do peer-Internet finance, the use of a variety of encryption, symmetrical and asymmetric. Recently the new company's app is also intent on using encryption, thinking about the most mature solution is to use RSA asymmetric encryption. Do not introduce asymmetric encryption is going on, do not know the Google or Bing itself. Generate public Key Certificate I'm using the OpenSSL solution, yes, the old Luo donated several times, burst the heart blood leak of OpenSSL.

Let's start with the certificate generation, I'm using a Mac with OpenSSL on it, and of course I've deleted it, and I've installed a newer version with homebrew. And looked down on Linux and brought it on openssl,windows.

1. Terminal input OpenSSL, enter the OpenSSL status

2. Generate a 1024-bit private key:genrsa-out Rsa_private_key.pem

3. Use the private key to generate Java-supported PKCS8 types of private keys: Pkcs8-topk8-inform pem-in rsa_private_key.pem -outform pem-nocrypt-out pkcs8 _private_key.pem

4. Generate a Java-supported PKCS8 binary type private key: Pkcs8-topk8-inform pem-in rsa_private_key.pem -outform der-nocrypt-out pkcs8< /c5>_private_key.der

5. Generate public key: Rsa-in rsa_private_key.pem-pubout-out Rsa_public_key.pem

6. Generate the DER certificate supported by iOS with both the certificate request and the self-signed root certificate

6.1. Create a certificate request: Req-new-out cert.csr-key Rsa_private_key.pem (In the meantime will be required to fill in the National regional Company information, such as fill in or carefully fill in does not affect the use of certificates)

6.2. Create X509 Self-signed certificate (iOS support X509, 3,650 days validity): x509-req-in cert.csr-out rsa_public_key.der-outform Der-signkey rsa_private_ Key.pem-days 3650

After completing the above steps, you should generate 6 files in your directory, where PEM files are of text type and can be viewed using a text editor or a cat command. Der is a binary file, can't see.

The above are all over, it is recommended to open the GitHub link, a person who does not know the written, contains the Java side and iOS implementation. Https://github.com/BabyDuncan/RSA_OC_JAVA

But there are two points to be aware of:

1.java the part that uses the public key should use the Pkcs8_private_key.der file generated in the 4th step above , so don't be dizzy.

2.OC cannot find the Der type file in the bundle, you need to change the suffix of the above 6.2 generated rsa_public_key.der file to. cer.

You can use it normally after you have completed the above operation.

In a word: If you want to use the Pkcs8_private_key.pem file in Java, please put the code yourself, that is the code (as to which paragraph, you find) to replace the paragraph below

1            byte[] Privatekeydata =Files.readallbytes (2Paths.get ("/users/ald1/documents/workspace/aaa/src/pkcs8_private_key.pem"));3             byte[] Decodedkeydata = Base64.decodebase64 (NewString (privatekeydata)4. ReplaceAll ("-----\\w+ PRIVATE KEY-----", "")5. replace ("\ n", "" "));6Keyfactory keyfactory = keyfactory.getinstance ("RSA");7Encodedkeyspec Privatekeyspec =NewPkcs8encodedkeyspec (Decodedkeydata);

Of course, the path of the file is self-reinforcing.

With a few links to research the results, it may not be very relevant, look good

OpenSSL's official website help: http://openssl.org/docs/manmaster/apps/rsa.html

Get the public key private key for iOS: http://codego.net/455876/

Certificate conversion: https://www.sslshopper.com/ssl-converter.html

Feel free to see how it helps. Article: http://blog.csdn.net/as3luyuan123/article/details/16105435

http://witcheryne.iteye.com/blog/2171850

Http://blog.chinaunix.net/uid-26729093-id-4449165.html

All right, here we go.

RSA asymmetric encryption, using OpenSSL to generate certificates, iOS encryption, Java decryption