当前位置: 动力学知识库 > 问答 > 编程问答 >

ios - RSA Encryption File larger than PublicKey

问题描述:

With the following method i can successfully encrypt a NSData-Object which is not bigger than the 256Bit:

OSStatus SecCertificateCopyPublicKey (

SecCertificateRef certificate,

SecKeyRef *key

);

- (NSData *)encryptWithData:(NSData *)content {

OSStatus result = -1;

NSData *plainTextData = content;//[@"123456789" dataUsingEncoding:NSUTF8StringEncoding];

size_t plainTextLength = [plainTextData length];

SecTrustRef trustRef;

SecTrustResultType trustResult;

SecPolicyRef policy = SecPolicyCreateBasicX509();

NSData *certificateData = [self getPublicKey];

SecCertificateRef cert = NULL;

if( [certificateData length] ) {

cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData);

if( cert != NULL ) {

CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);

NSString* summaryString = [[NSString alloc] initWithString:(__bridge NSString*)certSummary];

NSLog(@"CERT SUMMARY: %@", summaryString);

CFRelease(certSummary);

} else {

NSLog(@" *** ERROR *** trying to create the SSL certificate from data located, but failed");

}

}

result = SecTrustCreateWithCertificates(cert, policy, &trustRef);

if (result != errSecSuccess) {

NSLog(@"Trust create failed with code: %d",(int)result);

return nil;

}

result = SecTrustEvaluate(trustRef, &trustResult);

if (result != errSecSuccess) {

NSLog(@"Trust eval failed with code: %d",(int)result);

CFRelease(trustRef);

return nil;

}

SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef);

uint8_t *cipherTextBuf = NULL;

size_t keyBlockSize = SecKeyGetBlockSize(publicKey);

int maxInputSize = keyBlockSize - 11; //If using PKCS1 Padding, else keyBlockSize

size_t cipherTextLen = keyBlockSize;

if (plainTextLength > maxInputSize) {

//Fail

NSLog(@"Data size is larger than max permitted!");

CFRelease(trustRef);

CFRelease(publicKey);

CFRelease(policy);

return nil;

}

cipherTextBuf = malloc(sizeof(uint8_t)*keyBlockSize);

memset(cipherTextBuf,0,keyBlockSize);

//result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainTextBuf, plainTextLength, cipherTextBuf, &cipherTextLen);

result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, (const uint8_t *)[plainTextData bytes], plainTextLength, cipherTextBuf, &cipherTextLen);

NSData *cipherText = nil;

if (result == errSecSuccess) {

cipherText = [NSData dataWithBytes:cipherTextBuf length:cipherTextLen];

} else {

NSLog(@"Error detected: %d",(int)result);

}

free(cipherTextBuf);

cipherTextBuf = NULL;

CFRelease(trustRef);

CFRelease(publicKey);

CFRelease(policy);

return cipherText;

}

-(NSData *)getPublicKey

{

NSString *filePath = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"cer"];

NSData *myData = [NSData dataWithContentsOfFile:filePath];

return myData;

}

But how would i encrypt a file which is larger than 256Bit?!

网友答案:

The general procedure is to asymmetrically (with RSA for example) transfer a symmetric key that can be used to encrypt/decrypt your payload with a symmetric cipher like AES (in combination with a block cipher mode like CBC). If possible you should avoid building such crypto yourself though. A rather user friendly library is NaCl for which the Sodium implementation purportedly can be used with iOS.

分享给朋友:
您可能感兴趣的文章:
随机阅读: