終端演示
OpenSSL
以DES為例,列舉
DES-ecb加密“message.txt”
message.txt內(nèi)容如下:
helloworld
helloworld
helloworld
helloworld
helloworld
helloworld
$ openssl enc -des-ecb -K 616263 -nosalt -in message.txt -out msg.bin
-enc 代表對稱加密算法
-aes 表示算法弹囚;
-ecb 表示模式
-K 616263 表示密鑰, 等同于小寫的“abc”,為什么等于abc厨相,ASCII碼
-nosalt 不加鹽
-out 輸出
-msg.bin 輸出的文件名字
DES加密“message1.txt”
message.txt內(nèi)容如下:
helloworld
helloworld
helloworld
helloworle
helloworld
helloworld
$ openssl enc -des-ecb -K 616263 -nosalt -in message.txt -out msg1.bin
利用命令xxd可以查看
$ xxd msg1.bin
圖2
觀察圖2,我們可以看到加密之后有哪些不同的地方鸥鹉。
DES-cbc加密“message.txt”
message.txt 蛮穿,message1.txt 內(nèi)容不變
message.txt生成msg3.bin:
$ openssl enc -des-cbc -iv 123456789 -K 616263 -nosalt -in message.txt -out msg3.bin
和ecb相比,多了一個(gè)參數(shù)iv
-iv 12345678 表示一個(gè)向量
現(xiàn)代密碼學(xué)里面毁渗,都會和幾何有關(guān)践磅,幾何里面的變化,都是有規(guī)律灸异,結(jié)果又是多變的府适。
message1.txt生成msg4.bin:
$ openssl enc -des-cbc -iv 123456789 -K 616263 -nosalt -in message1.txt -out msg4.bin
圖3
觀察圖3,我們可以看到改變的數(shù)據(jù)之后绎狭,全部發(fā)生了變化细溅。
這就是cbc,所有的加密都依賴于前面數(shù)據(jù),一個(gè)地方改變儡嘶,后續(xù)的所有數(shù)據(jù)都變了。
代碼演示
(注:蘋果給我們提供的對稱加密算法有很多恍风,在此僅以AES蹦狂,DES為例)
蘋果官方給出的枚舉
enum {
/* AES */
kCCBlockSizeAES128 = 16,
/* DES */
kCCBlockSizeDES = 8,
/* 3DES */
kCCBlockSize3DES = 8,
/* CAST */
kCCBlockSizeCAST = 8,
kCCBlockSizeRC2 = 8,
kCCBlockSizeBlowfish = 8,
};
EncryptionTools.h文件:
#import <Foundation/Foundation.h>
#import <CommonCrypto/CommonCrypto.h>
/**
* 終端測試指令
*
* DES(ECB)加密
* $ echo -n hello | openssl enc -des-ecb -K 616263 -nosalt | base64
*
* DES(CBC)加密
* $ echo -n hello | openssl enc -des-cbc -iv 0102030405060708 -K 616263 -nosalt | base64
*
* AES(ECB)加密
* $ echo -n hello | openssl enc -aes-128-ecb -K 616263 -nosalt | base64
*
* AES(CBC)加密
* $ echo -n hello | openssl enc -aes-128-cbc -iv 0102030405060708 -K 616263 -nosalt | base64
*
* DES(ECB)解密
* $ echo -n HQr0Oij2kbo= | base64 -D | openssl enc -des-ecb -K 616263 -nosalt -d
*
* DES(CBC)解密
* $ echo -n alvrvb3Gz88= | base64 -D | openssl enc -des-cbc -iv 0102030405060708 -K 616263 -nosalt -d
*
* AES(ECB)解密
* $ echo -n d1QG4T2tivoi0Kiu3NEmZQ== | base64 -D | openssl enc -aes-128-ecb -K 616263 -nosalt -d
*
* AES(CBC)解密
* $ echo -n u3W/N816uzFpcg6pZ+kbdg== | base64 -D | openssl enc -aes-128-cbc -iv 0102030405060708 -K 616263 -nosalt -d
*
* 提示:
* 1> 加密過程是先加密,再base64編碼
* 2> 解密過程是先base64解碼朋贬,再解密
*/
@interface EncryptionTools : NSObject
+ (instancetype)sharedEncryptionTools;
/**
@constant kCCAlgorithmAES 高級加密標(biāo)準(zhǔn)凯楔,128位(默認(rèn))
@constant kCCAlgorithmDES 數(shù)據(jù)加密標(biāo)準(zhǔn)
*/
@property (nonatomic, assign) uint32_t algorithm;
/**
* 加密字符串并返回base64編碼字符串
*
* @param string 要加密的字符串
* @param keyString 加密密鑰
* @param iv 初始化向量(8個(gè)字節(jié))
*
* @return 返回加密后的base64編碼字符串
*/
- (NSString *)encryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv;
/**
* 解密字符串
*
* @param string 加密并base64編碼后的字符串
* @param keyString 解密密鑰
* @param iv 初始化向量(8個(gè)字節(jié))
*
* @return 返回解密后的字符串
*/
- (NSString *)decryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv;
@end
EncryptionTools.m文件:
#import "EncryptionTools.h"
@interface EncryptionTools()
@property (nonatomic, assign) int keySize;
@property (nonatomic, assign) int blockSize;
@end
@implementation EncryptionTools
+ (instancetype)sharedEncryptionTools {
static EncryptionTools *instance;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
instance = [[self alloc] init];
instance.algorithm = kCCAlgorithmAES;
});
return instance;
}
- (void)setAlgorithm:(uint32_t)algorithm {
_algorithm = algorithm;
switch (algorithm) {
case kCCAlgorithmAES:
self.keySize = kCCKeySizeAES128;
self.blockSize = kCCBlockSizeAES128;
break;
case kCCAlgorithmDES:
self.keySize = kCCKeySizeDES;
self.blockSize = kCCBlockSizeDES;
break;
default:
break;
}
}
- (NSString *)encryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv {
// 設(shè)置秘鑰
NSData *keyData = [keyString dataUsingEncoding:NSUTF8StringEncoding];
uint8_t cKey[self.keySize];
bzero(cKey, sizeof(cKey));
[keyData getBytes:cKey length:self.keySize];
// 設(shè)置iv
uint8_t cIv[self.blockSize];
bzero(cIv, self.blockSize);
int option = 0;
if (iv) {
[iv getBytes:cIv length:self.blockSize];
option = kCCOptionPKCS7Padding;
} else {
option = kCCOptionPKCS7Padding | kCCOptionECBMode;
}
// 設(shè)置輸出緩沖區(qū)
NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];
size_t bufferSize = [data length] + self.blockSize;
void *buffer = malloc(bufferSize);
// 開始加密
size_t encryptedSize = 0;
//加密解密都是它 -- CCCrypt
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,
self.algorithm,
option,
cKey,
self.keySize,
cIv,
[data bytes],
[data length],
buffer,
bufferSize,
&encryptedSize);
NSData *result = nil;
if (cryptStatus == kCCSuccess) {
result = [NSData dataWithBytesNoCopy:buffer length:encryptedSize];
} else {
free(buffer);
NSLog(@"[錯誤] 加密失敗|狀態(tài)編碼: %d", cryptStatus);
}
return [result base64EncodedStringWithOptions:0];
}
- (NSString *)decryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv {
// 設(shè)置秘鑰
NSData *keyData = [keyString dataUsingEncoding:NSUTF8StringEncoding];
uint8_t cKey[self.keySize];
bzero(cKey, sizeof(cKey));
[keyData getBytes:cKey length:self.keySize];
// 設(shè)置iv
uint8_t cIv[self.blockSize];
bzero(cIv, self.blockSize);
int option = 0;
if (iv) {
[iv getBytes:cIv length:self.blockSize];
option = kCCOptionPKCS7Padding;
} else {
option = kCCOptionPKCS7Padding | kCCOptionECBMode;
}
// 設(shè)置輸出緩沖區(qū)
NSData *data = [[NSData alloc] initWithBase64EncodedString:string options:0];
size_t bufferSize = [data length] + self.blockSize;
void *buffer = malloc(bufferSize);
// 開始解密
size_t decryptedSize = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt,
self.algorithm,
option,
cKey,
self.keySize,
cIv,
[data bytes],
[data length],
buffer,
bufferSize,
&decryptedSize);
NSData *result = nil;
if (cryptStatus == kCCSuccess) {
result = [NSData dataWithBytesNoCopy:buffer length:decryptedSize];
} else {
free(buffer);
NSLog(@"[錯誤] 解密失敗|狀態(tài)編碼: %d", cryptStatus);
}
return [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];
}
@end
演示例子:
/**
AES-ECB
*/
NSString *key = @"abc";//終端演示的時(shí)候,616263
NSString *encStrA = [[EncryptionTools sharedEncryptionTools]encryptString:@"hello" keyString:key iv:nil];//ECB沒有向量锦募,所以iv傳nil
NSLog(@"AES-ECB加密的結(jié)果:%@",encStrA);
NSLog(@"AES-ECB解密的結(jié)果:%@",[[EncryptionTools sharedEncryptionTools] decryptString:encStrA keyString:key iv:nil]);
/**
AES-CBC
*/
uint8_t iv[8] = {1,2,3,4,5,6,7,8};
NSData *ivData = [NSData dataWithBytes:iv length:sizeof(iv)];
NSString *encStrB = [[EncryptionTools sharedEncryptionTools] encryptString:@"hello" keyString:@"abc" iv:ivData];
NSLog(@"AES-CBC加密的結(jié)果:%@",encStrB);
NSLog(@"AES-CBC解密的結(jié)果:%@",[[EncryptionTools sharedEncryptionTools] decryptString:encStrB keyString:@"abc" iv:ivData]);
重點(diǎn)摆屯!
最最重要的一點(diǎn),其中最重要的函數(shù)就是CCCrypt函數(shù):
iOS--CCCrypt函數(shù)
