RSA algorithm is an asymmetric encryption algorithm, which is often used for encrypting data transmission. If the number digest algorithm is combined, it can also be used for file signing.
This article discusses how to use RSA to transfer encrypted data in iOS.
RSA Fundamentals
RSA encrypts the data using the "key pair". Before encrypting and decrypting data, you need to be a public key and private key.
- Public key: Used to encrypt data. Used for public, typically stored in data providers, such as iOS clients.
- Private key: Used to decrypt data. Must be kept secret and private key leaks can create security issues.
The Security.framework in iOS provides support for the RSA algorithm. This method requires the key pair to be processed, the certificate is generated according to public key, and the secret key of the P12 format is generated by private key.
In addition to Secruty.framework, the OpenSSL library can be compiled into an iOS project, which provides a more flexible way to use it.
This article uses the security.framework approach to RSA.
1#!/usr/bin/ENV Bash2Echo"generating RSA key pair ..."3Echo"1024x768 RSA Key:private_key.pem"4OpenSSL Genrsa- outPrivate_key.pem1024x7685 6Echo"Create certification require FILE:RSACERTREQ.CSR"7OpenSSL req-New-key Private_key.pem- outRSACERTREQ.CSR8 9Echo"Create certification using X509:RSACERT.CRT"TenOpenSSL x509-req-days3650-inchRsacertreq.csr-signkey Private_key.pem- outRSACERT.CRT One AEcho"Create public_key.der for IOS" -OpenSSL X509-outform der-inchRSACERT.CRT- outPublic_key.der - theEcho"Create private_key.p12 for IOS. Please remember your password. The password is used in IOS." -OpenSSL Pkcs12-export- outPrivate_key.p12-inkey Private_key.pem-inchRSACERT.CRT - -Echo"Create Rsa_public_key.pem for Java" +OpenSSL RSA-inchPRIVATE_KEY.PEM- outRSA_PUBLIC_KEY.PEM-Pubout -Echo"Create Pkcs8_private_key.pem for Java" +OpenSSL Pkcs8-topk8-inchPRIVATE_KEY.PEM- outPKCS8_PRIVATE_KEY.PEM-Nocrypt A atEcho"finished."
Tips:
- When the certificate is created, Terminal prompts for the certificate information. Enter the corresponding information according to the wizard OK.
- When you create a P12 key, you are prompted for a password, which must be remembered and then used.
- If there is a problem with the above instructions, please refer to the latest OpenSSL official documentation, whichever is official. Before searching for instructions on the Internet, after being caught in a lap, they would still be chewing on official documents. Each instruction document will have a few sample at the end, refer to sample.
How iOS loads Use certificates
The code relies on the BASE64 encoding library, and if you use Cocoapods, you can say the following dependencies added to Podfile:
encrypt data, Decrypt Data
Introduce RSA files first
1 #import "ViewController.h"2 #import "RSA.h"3 4 @interfaceViewcontroller ()5 6 @end7 8 @implementationViewcontroller9 Ten- (void) Viewdidload { One [Super Viewdidload]; A //additional setup after loading the view, typically from a nib. - - //get the data for the public key the //the public key is used by the iOS client, and after we hit the public key, we only need to process the data according to the public key. -NSString *publickey =@"-----BEGIN Public KEY-----migfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqcunx8j0nz1jviyfzhgga/2+4/ duqqn15ijwvmwwxpfzdph1ag3ulh3sfpplgfesupbzuokd6ww70lsqkgbd74jcz5gobxn40wxgtxfp5stbcqqm5ubtbza9wwhcjw+ Jpqowh17rvpoduj0qpphodrdeehwxrjcntzvb7ibs0si7widaqab-----END Public KEY-----"; - //get the private key that is used to decrypt the data, never divulge it, or the data is unsafe -NSString *privatekey =@"-----BEGIN PRIVATE KEY-----miicdgibadanbgkqhkig9w0baqefaascamawggjcageaaogbak41fwnq1nwo8jj/ogcbr/ b7j91sqo3xmknzwzzbgl/n2mhvobdsufdj8+mwb95k48flsiqppzbvqtjaqbt3vinzpkagfc3jrbeznd8/ mxntxcozlqg1vnr3baekpd6m9a7chxuu+ k51sprcmkegnf154fbeumke3o8hsggzsylvagmbaaecgybfk9ijhitm8qrguc3cjotz6klblr0khqknddqe/ e62auzllt4oqgd2wqino1cnyqcyvlqa/mqoyjqsrnsmvwf/qcj8mk0xumvdo0fhggrg6x4euimoztsp2ngqdwnk9fgytxps6+ pk4quoxgofzaqzazflbrwcw3/zfyav6pf24qjbani5mulelxb5sqj3gt2b929uqnwv2qygc8buz9z/voxtgihamyqsq1fsqbfnqs7dtam7k/ pbjksqdkfkr/hhtxscqqdnx3m1nrk5ms4oedcrnq1qmv7ntjq0mh+ xqczivyfy3cyazzs70tnubrcikcqckihqdz8502wrpslnkaj7yby9akeankbtfbwlfcdf5ncosrg/u2luxvgq9rw8tzmldz/ aenezxfwo5ecn0od88drgaslsra04pzdgj3wu/jawowwohwjagnyopgxipqd2alpkuzlbozbn792x82zrum2j6h50pqh+bqlv3foxavzdvet+ ngywadnuimaxcn4fky+hqs7y6qjahyjbsaxmwekp3+v5rpkoij3uf55wl9o8ecax9e/hzqeehczjg+ h9dhj6fwsfuiycoo32hqowwxvkogaptlwpga==-----END PRIVATE KEY-----"; + - //Create a string +NSString *teststr =@"Small Warm Heart"; A //Create a string that stores the public key atNSString *Encpublickey; - //Create a string that stores the private key -NSString *Encprivatekey; - //using RSA for Cryptographic processing - //parameter 1: Content that needs to be encrypted - //parameter 2: Public key string inEncpublickey =[RSA encryptstring:teststr Publickey:publickey]; -NSLog (@"Public =%@", Encpublickey); to //Decryption Processing + //first parameter: Provided by Java background - //second parameter: private key string theNSString *result =@"p/hm1svjm9suupy66rrf37+ehynkpvncxbsczfkznrakvfpcix/tzm9gflras+bxlnd+geoezdz2zm+nzdtxpgv1pyqy03hown1mq2+ Wbkkqdveedyj4tvxwgtc3pmaa3dwdry+wqinqj9wx4jfuqfkycqbmi0w86uydjfpenwe=";//after encryption, you need to send the encrypted content to the background, and the background will return a corresponding string *Encprivatekey =[RSA Decryptstring:result Privatekey:privatekey]; $NSLog (@"private =%@", Encprivatekey);Panax Notoginseng -}
Decoding data on the server side (Java)
Decoding in Java requires the PKCS8 private key generated using the following instructions:
Gen Shell wrote the OpenSSL pkcs8-topk8-in private_key.pem-out pkcs8_private_key.pem-nocrypt
Specific decoding steps:
- Load PKCS8 private key:
- Read private key file
- Remove the "-----begin private Key-----" and "-----begin private Key-----" from the private key tail
- Remove a line break from private key
- BASE64 decoding of processed data
- Generates a private key using the decoded data.
- Decrypt data:
- BASE64 Decoding of data
- Use RSA decrypt data.
Summarize
This encrypted transmission will be used in the online banking app. Although the net bank will use the whole station HTTPS scheme, but in the secure login this block will use another certificate to encrypt the login information, so that the double-layer to ensure data security.
Based on RSA encryption and decryption algorithm, it can also be used in digital signature scenarios. I'll be free later. How to use the RSA algorithm to implement the digital signature of the file.
UI Public Key Cryptography