本篇文章將涉及以下幾個操作:
1劳景、iOS端使用RSA公鑰加密,iOS端使用RSA私鑰解密柄沮。
2回梧、iOS端使用RSA私鑰加簽,iOS端使用RSA公鑰驗簽祖搓。
3狱意、iOS端使用RSA公鑰加密,Java端使用RSA私鑰解密拯欧。
4详囤、iOS端使用RSA私鑰加簽,Java端使用RSA公鑰驗簽镐作。
首先藏姐,RSA公鑰私鑰對,我是由Java端生成的该贾。拿到測試的密鑰之后羔杨,我在iOS端使用時,添加私鑰失敗杨蛋,報錯是-50兜材。我后來查了一下資料,得知逞力,Java的文件密鑰格式是PKCS8曙寡,而iOS需要使用PKCS1格式。這就需要進(jìn)行一次轉(zhuǎn)換掏击,操作步驟如下:
1卵皂、打開一個文本編輯器(我使用的是Sublime),將Java端給到的私鑰拷貝進(jìn)來砚亭,并在首行添加"-----BEGIN PRIVATE KEY-----"灯变,在末行添加"-----END PRIVATE KEY-----",完成后的效果是這樣的:
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIYKYkvsosqWTaweZPkY6UjD1wWoSHB+FNoaquoNGfWN8JEOH2ml76ZpuIK+y3qMfkxsJUxUZqpwvKu3MJMBYSyPsYsa9ifROektzGvbDgN//+QYsekafw6v3R+fhIr4+S7k9f3hfZa0DyiylqCZzP/5jRYygdCXm1GzbptZRdrVAgMBAAECgYARlts/S1Yxb3fR1ks5xOMYAVr+Cw82c9UYqdczz3RQnMeswUWt/3BrTgRAY/kfo8APF0HtukWeqByaC/f70nqFxbN4DnLiGsHQRKbFt2dPFV+333M7UIDYgb7Y5fmHmArFZ4ezY+WC24sSsu4+A836d0mfGjSIa03TUH8XI6X5IQJBAMfjcGC2l+TKQLQWODeJEAH2q8SoPsN6BzYUNlPMMJcVoyeqxzy/X/YcLqgdrZD+WrX8g6Y3+RkaRJ/CScDW+RMCQQCrqu0vkEZooNzpbX+o2NJAZL9gzgxXnDe9rH53OjYjbQdD7cacYZ1ZRxehL8/3itPIUy4tZpQbA5e5WL4bBQF3AkAyu914DqA658LIcqNOJTG07eDnBzT29HAEH9kyJ69liY5hsQzktEYs9zY4YV/+XzCy5Cad97L31hz4151UnruVAkBr0zSfh3NyDHg1dj2VBHsrTxyV5VYDQXARhuL4aGvQ3I6PsC3r07RNe0XwTGPIDD7xuK1sft3QCfWmyYK+3eoJAkEAnRxTqRFDbHLejtgLvgjIL52IAURRrliRbN9iyy4t1YqyfOHC7EF/Np11DoVGiBQZrbnPtI7OnNalfIf/l1cTKg==
-----END PRIVATE KEY-----
2捅膘、將這個文本存為pkcs8.pem添祸,放在桌面。
3寻仗、打開終端刃泌,執(zhí)行如下命令:
openssl rsa -in pkcs8.pem -out pkcs1.pem
完成后效果如下:
pkcs8轉(zhuǎn)換
使用cat命令可以看到轉(zhuǎn)換后的內(nèi)容,我們需要把這個內(nèi)容拷貝出來,這是我們需要的私鑰耙替。
接下來就是iOS端的加密與解密代碼:
- (void)testEncryptAndDecrypt
{
NSString *string = [NSString stringWithFormat:@"name=wql&age=12&userId=10000&nickname=Kayle"];
//加密時密鑰不需要轉(zhuǎn)換
NSString *publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ24IhJQ54nOYQjl49j9lmwUaJJs9RMoyOwfcEmyXrzKE50XyT3IUxYmfB65Zo4PTHb5OndJQnoJfabvHZVeNKj+9Tmi2BXMnQh3BEN2a6HRXBnkySUbLMf9stHrcoOvDsJrZ0PLA1oIZHEoLyKZD/NFqwA0Xng+Rjtf/o14FvIQIDAQAB";
NSString *privateKey = @"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAInbgiElDnic5hCOXj2P2WbBRokmz1EyjI7B9wSbJevMoTnRfJPchTFiZ8Hrlmjg9Mdvk6d0lCegl9pu8dlV40qP71OaLYFcydCHcEQ3ZrodFcGeTJJRssx/2y0etyg68OwmtnQ8sDWghkcSgvIpkP80WrADReeD5GO1/+jXgW8hAgMBAAECgYBCkMCT+o2zRad9ZREyTqxeBoNlpFzEy1C9egEpszSrWEKdZX7u8rNJtkd9hqE5AS6QwlqcqBkFzXClo56aH/PAjIF/2dAhAhrdvNABrxB2h/PdUkTL5XCck1TNy04jzUgxULW/7BScQ0K68A7LNu7282ZzhIG0tYF0aCBObsLE8QJBANuC/iQIoT4aOrhMDwcHeRajgQrB7TekAw1BmOoXOGqzVOHl08b6Gv/NaYXM9QUwK84thpobjApl9+RTZ83jSm0CQQCgxdX9JVibTSRxKjj3XtxiqHnA6n+9zmiZAcgsV2Uo7bMnqsUPJ0CkgAZ4JA5DIDrni1wDM1O9NCRPH7SiKAcFAkBhaVkUbov3fjZOsNn+WY+fv0E1n+eASJVeHZ0ZTOKpXxmtAYuggj7XA7XvPYwCGGVoIoXX/59+wc9nEKhBErtlAkBbJk7gKuBFjELw9eM+PEXumV4OBeVOk0uyE9SNby8nOTytbKA0qyh3Gy6PxsFfRVKgG96a4erEBl/fjDY5CUCRAkEAkZh2Gl1QEnEO2SR/hNnKI60KpGWzt0JNva2EvUZV8eChK8LUqLktggM3M6BOV0jSxpP6YKM+X3eZeFpgvUO4iA==";
NSLog(@"加密前:%@",string);
//加密
NSString *encryptString = [RSAEncryptor encryptString:string publicKey:publicKey];
NSLog(@"加密后:%@",encryptString);
//本地解密
NSString *decryptString = [RSAEncryptor decryptString:encryptString privateKey:privateKey];
NSLog(@"解密后:%@",decryptString);
NSMutableDictionary *param = [NSMutableDictionary dictionary];
[param setObject:encryptString forKey:@"data"];
//后端解密
[self requestWithParam:param withUrlString:@"[http://localhost:8080/api/v1.0/testAPI4](http://localhost:8080/api/v1.0/testAPI4)"];
}
iOS端的簽名與驗簽:
- (void)testSignAndVerify{
NSString *origin = @"1234567890";
//簽名時 私鑰需要是pkcs1格式亚侠,轉(zhuǎn)換一下才可以使用
NSString *privateKey = @"MIICXAIBAAKBgQCGCmJL7KLKlk2sHmT5GOlIw9cFqEhwfhTaGqrqDRn1jfCRDh9ppe+mabiCvst6jH5MbCVMVGaqcLyrtzCTAWEsj7GLGvYn0TnpLcxr2w4Df//kGLHpGn8Or90fn4SK+Pku5PX94X2WtA8ospagmcz/+Y0WMoHQl5tRs26bWUXa1QIDAQABAoGAEZbbP0tWMW930dZLOcTjGAFa/gsPNnPVGKnXM890UJzHrMFFrf9wa04EQGP5H6PADxdB7bpFnqgcmgv3+9J6hcWzeA5y4hrB0ESmxbdnTxVft99zO1CA2IG+2OX5h5gKxWeHs2PlgtuLErLuPgPN+ndJnxo0iGtN01B/FyOl+SECQQDH43BgtpfkykC0Fjg3iRAB9qvEqD7Degc2FDZTzDCXFaMnqsc8v1/2HC6oHa2Q/lq1/IOmN/kZGkSfwknA1vkTAkEAq6rtL5BGaKDc6W1/qNjSQGS/YM4MV5w3vax+dzo2I20HQ+3GnGGdWUcXoS/P94rTyFMuLWaUGwOXuVi+GwUBdwJAMrvdeA6gOufCyHKjTiUxtO3g5wc09vRwBB/ZMievZYmOYbEM5LRGLPc2OGFf/l8wsuQmnfey99Yc+NedVJ67lQJAa9M0n4dzcgx4NXY9lQR7K08cleVWA0FwEYbi+Ghr0NyOj7At69O0TXtF8ExjyAw+8bitbH7d0An1psmCvt3qCQJBAJ0cU6kRQ2xy3o7YC74IyC+diAFEUa5YkWzfYssuLdWKsnzhwuxBfzaddQ6FRogUGa25z7SOzpzWpXyH/5dXEyo=";
//對數(shù)據(jù)進(jìn)行加密
NSString *sign = [RSAEncryptor sign:origin withPriKey:privateKey];
NSLog(@"簽名:%@",sign);
//后臺驗簽
[self requestWithParam:@{@"sign":sign==nil?@"":sign} withUrlString:@"[http://localhost:8080/api/v1.0/testAPI3](http://localhost:8080/api/v1.0/testAPI3)"];
//本地驗簽
NSString *publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGCmJL7KLKlk2sHmT5GOlIw9cFqEhwfhTaGqrqDRn1jfCRDh9ppe+mabiCvst6jH5MbCVMVGaqcLyrtzCTAWEsj7GLGvYn0TnpLcxr2w4Df//kGLHpGn8Or90fn4SK+Pku5PX94X2WtA8ospagmcz/+Y0WMoHQl5tRs26bWUXa1QIDAQAB";
BOOL success = [RSAEncryptor verify:origin signature:sign withPublivKey:publicKey];
NSLog(@"是否驗證成功:%@",success?@"YES":@"NO");
}
核心代碼在RSAEncryptor文件中。
然后是Java端驗簽:
@RequestMapping(value = "api/v1.0/testAPI3", method = RequestMethod.GET)
public Object queryThree(@RequestParam(value = "sign",required = true)String signStr){
String string = "1234567890";
boolean success = RSAUtil.verifyIdentify(string,signStr);
System.out.println("驗證成功俗扇?======="+(success?"YES":"NO"));
return success;
}
Java端解密:
@RequestMapping(value = "api/v1.0/testAPI4", method = RequestMethod.GET)
public Object queryFour(@RequestParam(value = "data",required = true)String dataString){
String decryptData = RSAUtil.decrypt(dataString);
System.out.println("解密結(jié)果:"+decryptData);
return decryptData;
}
核心代碼在RSAUtil中硝烂。
接下來是iOS端本地效果:
iOS本地效果
Java端的驗簽與解密效果:
Java端效果
可以看到我們的簽名與驗簽是通過了,解密的數(shù)據(jù)Java端也是成功拿到了铜幽。
代碼在這里(含Java的核心代碼)
加油~
