我正在研究一個靜態庫,它接受一個輸入字串,用私鑰加密它然后回傳它。(因為客戶端要求在移動端使用私鑰。)
我正在修改這篇文章和這篇文章中的代碼以使用私鑰,但結果字串總是回傳 nil。
測驗關鍵:
let privateTestingKey = "-----BEGIN RSA PRIVATE KEY-----MIICXwIBAAKBgQDPJfl0gC95kB3sS0SOfXW45UooiYjT3ZeHRDn/eG So09x7cXLVbRILxxXfaU 9b5Yw2wETMvuzhP8C5Qd5PQy5lkH5LjcqJjDTvOBuBxNOSY4rmlqdy/skqM4FHjTGdwI2nZiVkjqOFXM XZ94Ar pszJifbSPElR1pO4NfT76QIDAQABAoGBAJjtoRdoFyR4yA6NlsRXTRS ehwpRVGcc2TScrrvL/ejB2DFuFOgJyNvXE4fHWK4y9j FP2rsJbRnyFhbu0O/VRNPa5Llnejea 5ov/3wxFqiae7pn6bjmiW/xdy0ycLWo90wLX9QqYjKBHomnh15FIajmSuRaUlBaL6DiZt010tAkEA0zLTPiH35meyXim7I7 mMmAN68zGu3cYpqq8i/xlHvXjWrBDV5saxRDsm97ktFqiRpvIoV3n0ZoT 3xjKhGINwJBAPsXM9hWdmWUXmaaAnXZDmKbNltRSZaaz4BktGRUJM0grt7kMndfBgd2JENNzYTfLpOWMIfHXpW9T4pVCjg5TN8CQQDGZf91ZbmYUx HP5KSUY4R0pQhR/wEzSt2HfwDUPW5cOnEHsMUQBuUtoJfJrMYDfBVfjCqDiogh6pv2/jX4yJfAkEAqwsvQhwEI0Zi2DnpmyX1aq6Y5LQHERT8bVYsnHvFZgbxmNySlEai8MpGAaMqcW0naVpSTOw/PnnriSxM/efquQJBAM/3eRqzBHp/v3bRM npSgEOaeOmtNiz oNrJ09mUToyDTkuFOg7J9ojNkeviR4xqs9Hoos8lP3ho1uVcE3/tRQ=-----END RSA PRIVATE KEY-----"
RSA加密的代碼:
import Foundation
import Security
public class MPEncryption {
var publicKey: SecKey!
public init(publicKeyString: String) throws {
self.publicKey = try makePublicKey(from: publicKeyString)
}
private func makePublicKey(from keyString: String) throws -> SecKey {
let pubKeyData = Data(base64Encoded: sanitize(key: keyString))!
let query: [String: Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrKeyClass as String: kSecAttrKeyClassPrivate,
kSecAttrKeySizeInBits as String: 1024
]
var unmanagedError: Unmanaged<CFError>?
guard let pubKeyRef = SecKeyCreateWithData(pubKeyData as CFData, query as CFDictionary, &unmanagedError) else {
throw unmanagedError!.takeRetainedValue() as Error
}
return pubKeyRef
}
public func encrypt(value: String) throws -> String {
let valueData = value.data(using: .utf8)!
let bufferSize = SecKeyGetBlockSize(publicKey) - 11
let buffers = makeBuffers(fromData: valueData, bufferSize: bufferSize)
var encryptedData = Data()
for buffer in buffers {
var encryptionError: Unmanaged<CFError>?
guard let encryptedBuffer = SecKeyCreateEncryptedData(publicKey, .rsaEncryptionPKCS1, buffer as CFData, &encryptionError) as Data? else {
throw encryptionError!.takeRetainedValue() as Error
}
encryptedData.append(encryptedBuffer)
}
return encryptedData.base64EncodedString()
}
private func makeBuffers(fromData data: Data, bufferSize: Int) -> [Data] {
guard data.count > bufferSize else {
return [data]
}
var buffers: [Data] = []
for i in 0..<bufferSize {
let start = i * bufferSize
let lengthOffset = start bufferSize
let length = lengthOffset < data.count ? bufferSize : data.count - start
let bufferRange = Range<Data.Index>(NSMakeRange(start, length))!
buffers.append(data.subdata(in: bufferRange))
}
return buffers
}
private func sanitize(key: String) -> String {
let headerRange = key.range(of: "-----BEGIN RSA PRIVATE KEY-----")
let footerRange = key.range(of: "-----END RSA PRIVATE KEY-----")
var sanitizedKey = key
if let headerRange = headerRange, let footerRange = footerRange {
let keyRange = Range<String.Index>(uncheckedBounds: (lower: headerRange.upperBound, upper: footerRange.lowerBound))
sanitizedKey = String(key[keyRange])
}
return sanitizedKey
.trimmingCharacters(in: .whitespacesAndNewlines)
.components(separatedBy: "\n")
.joined()
}
}
我找不到問題,任何建議表示贊賞。
uj5u.com熱心網友回復:
呼叫該encrypt()方法時,我的機器上顯示以下錯誤訊息:
encrypt:RSA:PKCS1: algorithm not supported by the key <SecKeyRef algorithm id: 1, key type: RSAPrivateKey, ...>
這并不奇怪,因為代碼嘗試使用私鑰加密(在代碼中標記為公鑰,這是誤導!)。但是,私鑰僅用于簽名,而公鑰用于加密。
圖書館并沒有始終如一地實施私鑰加密。一些從私鑰中提取公鑰并使用公鑰加密,一些使用私鑰創建簽名,而另一些則根本不支持(就像這里的這個庫)。
在我看來,您的要求最有可能是創建簽名。從技術上講,加密和簽名的相似之處在于加密使用公鑰進行模冪運算,而簽名使用私鑰。此外,填充變體不同。但是,目的完全不同。加密是關于機密性的,而簽名是關于驗證真實性的。
所以你可以嘗試簽名而不是加密。為此,只需稍微更改代碼(但是,遲早也應該調整變數名稱):
guard let encryptedBuffer = SecKeyCreateSignature(publicKey, .rsaSignatureDigestPKCS1v15Raw, buffer as CFData, &encryptionError) as Data? else {
throw encryptionError!.takeRetainedValue() as Error
}
encryptedData現在包含簽名(并publicKey表示私鑰)。
請注意,訊息是直接rsaSignatureDigestPKCS1v15Raw簽名的,即沒有散列或考慮摘要 ID。由于未指定摘要 ID,因此這可能是正確的變體。
但是,請注意訊息長度是有限的(類似于加密)。符合標準的是散列和摘要 ID 的考慮,例如通過rsaSignatureMessagePKCS1v15SHA256SHA-256 實作。
轉載請註明出處,本文鏈接:https://www.uj5u.com/net/536928.html
標籤:ios迅速加密RSA