大于公钥的RSAencryption文件
用下面的方法,我可以成功地encryption一个不大于256Bit的NSData对象:
OSStatus SecCertificateCopyPublicKey ( SecCertificateRef certificate, SecKeyRef *key ); - (NSData *)encryptWithData:(NSData *)content { OSStatus result = -1; NSData *plainTextData = content;//[@"123456789" dataUsingEncoding:NSUTF8StringEncoding]; size_t plainTextLength = [plainTextData length]; SecTrustRef trustRef; SecTrustResultType trustResult; SecPolicyRef policy = SecPolicyCreateBasicX509(); NSData *certificateData = [self getPublicKey]; SecCertificateRef cert = NULL; if( [certificateData length] ) { cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); if( cert != NULL ) { CFStringRef certSummary = SecCertificateCopySubjectSummary(cert); NSString* summaryString = [[NSString alloc] initWithString:(__bridge NSString*)certSummary]; NSLog(@"CERT SUMMARY: %@", summaryString); CFRelease(certSummary); } else { NSLog(@" *** ERROR *** trying to create the SSL certificate from data located, but failed"); } } result = SecTrustCreateWithCertificates(cert, policy, &trustRef); if (result != errSecSuccess) { NSLog(@"Trust create failed with code: %d",(int)result); return nil; } result = SecTrustEvaluate(trustRef, &trustResult); if (result != errSecSuccess) { NSLog(@"Trust eval failed with code: %d",(int)result); CFRelease(trustRef); return nil; } SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef); uint8_t *cipherTextBuf = NULL; size_t keyBlockSize = SecKeyGetBlockSize(publicKey); int maxInputSize = keyBlockSize - 11; //If using PKCS1 Padding, else keyBlockSize size_t cipherTextLen = keyBlockSize; if (plainTextLength > maxInputSize) { //Fail NSLog(@"Data size is larger than max permitted!"); CFRelease(trustRef); CFRelease(publicKey); CFRelease(policy); return nil; } cipherTextBuf = malloc(sizeof(uint8_t)*keyBlockSize); memset(cipherTextBuf,0,keyBlockSize); //result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainTextBuf, plainTextLength, cipherTextBuf, &cipherTextLen); result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, (const uint8_t *)[plainTextData bytes], plainTextLength, cipherTextBuf, &cipherTextLen); NSData *cipherText = nil; if (result == errSecSuccess) { cipherText = [NSData dataWithBytes:cipherTextBuf length:cipherTextLen]; } else { NSLog(@"Error detected: %d",(int)result); } free(cipherTextBuf); cipherTextBuf = NULL; CFRelease(trustRef); CFRelease(publicKey); CFRelease(policy); return cipherText; } -(NSData *)getPublicKey { NSString *filePath = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"cer"]; NSData *myData = [NSData dataWithContentsOfFile:filePath]; return myData; } 但是,我将如何encryption大于256Bit的文件?!
一般的过程是非对称的(例如用RSA)传送一个对称密钥,可以用对称密码(如AES)(与CBC等分组密码模式相结合)来encryption/解密你的有效载荷。 如果可能的话,你应该避免自己构build这样的encryption。 一个相当用户友好的图书馆是氯化钠 钠的据称,可以用于iOS的使用。