使用自定义URL方案在两个iOS应用程序之间安全地传输数据+;加密的URL查询字段
我将在这里列出我的代码,并希望您告诉我,我在两个应用程序之间传输机密用户数据的方法是否安全。我们公司非常重视安全问题,所以请帮我弄清楚我是否做对了 首先,我使用一个自定义URL方案让应用程序a启动应用程序B,并在两者之间传输一些数据。当通过URL启动时,应用程序B将检查应用程序a的身份,并且仅在应用程序a被授权发送此类数据的情况下使用传输的数据 我在应用程序a中获取密码和用户名,将它们编码为数据,加密数据,将NSData描述转换为字符串,然后在URL请求中发送。我创建了一个名为LaunchEkoApp的对象,它使用launchEkoAppWithUsername方法处理这个问题使用自定义URL方案在两个iOS应用程序之间安全地传输数据+;加密的URL查询字段,ios,objective-c,security,encryption,Ios,Objective C,Security,Encryption,我将在这里列出我的代码,并希望您告诉我,我在两个应用程序之间传输机密用户数据的方法是否安全。我们公司非常重视安全问题,所以请帮我弄清楚我是否做对了 首先,我使用一个自定义URL方案让应用程序a启动应用程序B,并在两者之间传输一些数据。当通过URL启动时,应用程序B将检查应用程序a的身份,并且仅在应用程序a被授权发送此类数据的情况下使用传输的数据 我在应用程序a中获取密码和用户名,将它们编码为数据,加密数据,将NSData描述转换为字符串,然后在URL请求中发送。我创建了一个名为LaunchEko
// This is called by my main class in App A
- (void)banishUserToOtherApp
{
LaunchEkoApp *launcher = [[LaunchEkoApp alloc] init];
[launcher launchEkoAppWithUsername:@"?!+=WhateverUsernameYouWant=+!?" password:@"123456"];
@autoreleasepool {
launcher = nil;
}
}
LaunchEkoApp对象中的相关代码如下:
#import "LaunchEkoApp.h"
#import "NSData+AESCrypt.h"// Encrypt data for transfer between apps
#import <UIKit/UIKit.h> // Used to launch URL
@implementation LaunchEkoApp
#pragma mark - Encrypt Methods
- (void) launchEkoAppWithUsername: (NSString*) username password:(NSString*) password{
NSData *uData = [[NSData alloc] initWithData:[[username dataUsingEncoding:NSUTF8StringEncoding] AES256EncryptWithKey:@"superSecretPassword"]];
NSData *pData = [[NSData alloc] initWithData:[[password dataUsingEncoding:NSUTF8StringEncoding] AES256EncryptWithKey:@"superSecretPassword"]];
NSString* customURL = [NSString stringWithFormat:@"ekoeko://?U=%@&C=%@", [self formatURLArgumentString:[[[uData.description stringByReplacingOccurrencesOfString:@"<" withString:@""] stringByReplacingOccurrencesOfString:@">" withString:@""] stringByReplacingOccurrencesOfString:@" " withString:@"_"]], [self formatURLArgumentString:[[[pData.description stringByReplacingOccurrencesOfString:@"<" withString:@""] stringByReplacingOccurrencesOfString:@">" withString:@""] stringByReplacingOccurrencesOfString:@" " withString:@"_"]]];
@autoreleasepool { // Release encripted data. Important!
uData = nil;
pData = nil;
}
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:customURL]];
}
#pragma mark - Decrypt Methods
-(NSString *) decryptStringFromDataDescription: (NSString *) description{
return [[NSString alloc] initWithData:[[[NSData data] getNSDataFromNSDataDescription:description] AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];
}
-(NSString *) decryptStringFromData: (NSData *) data{
return [[NSString alloc] initWithData:[data AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];
}
#pragma mark - Helper Methods
-(NSString*) formatURLArgumentString:(NSString*) theString{
NSMutableCharacterSet * URLQueryPartAllowedCharacterSet; // possibly defined in class extension ...
// ... and built in init or on first use
URLQueryPartAllowedCharacterSet = [[NSCharacterSet URLQueryAllowedCharacterSet] mutableCopy];
[URLQueryPartAllowedCharacterSet removeCharactersInString:@"&+=?"]; // %26, %3D, %3F
// then escape variables in the URL, such as values in the query and any fragment:
NSString * escapedValue = [theString stringByAddingPercentEncodingWithAllowedCharacters:URLQueryPartAllowedCharacterSet];
//[self.delegate logString: [NSString stringWithFormat:@"%@ --> %@", theString, escapedValue]];
return escapedValue;
}
@end
#导入“LaunchEkoApp.h”
#导入“NSData+AESCrypt.h”//Encrypt数据以在应用程序之间传输
#导入//用于启动URL
@实现启动应用程序
#pragma标记-加密方法
-(void)launchEkoAppWithUsername:(NSString*)用户名密码:(NSString*)密码{
NSData*uData=[[NSData alloc]initWithData:[[username dataUsingEncoding:NSUTF8StringEncoding]AES256EncryptWithKey:@“superSecretPassword”];
NSData*pData=[[NSData alloc]initWithData:[[password dataUsingEncoding:NSUTF8StringEncoding]AES256EncryptWithKey:@“superSecretPassword”];
NSString*customURL=[NSString stringWithFormat:@“ekoeko://?U=%@&C=%@],[self-FormatturArgumentString:[[[uData.description StringByReplacingOccurrences sofString:@”“with String:@”“]StringByReplacingOccurrencessofString:@”“with String:@”“with String:@”“with String:@”],[self-FormatturArgumentArgumentString:[[[pData.description StringByReplacingOccurReplacingOccurcessofString:@]]stringByReplacingOccurrencesOfString:@“with string:@”“]];
@自动释放池{//释放加密数据。重要!
uData=零;
pData=零;
}
[[UIApplication sharedApplication]openURL:[NSURL URLWithString:customURL]];
}
#pragma标记-解密方法
-(NSString*)decryptStringFromDataDescription:(NSString*)说明{
返回[[NSString alloc]initWithData:[[NSData data]getNSDataFromNSDataDescription:description]AES256DecryptWithKey:@“superSecretPassword”]编码:NSUTF8StringEncoding];
}
-(NSString*)解密StringFromData:(NSData*)数据{
返回[[NSString alloc]initWithData:[data AES256DecryptWithKey:@“superSecretPassword”]编码:NSUTF8StringEncoding];
}
#pragma-mark-Helper方法
-(NSString*)formatURLArgumentString:(NSString*)字符串{
NSMutableCharacterSet*URLQueryPartAllowedCharacterSet;//可能在类扩展中定义。。。
//…并内置于init或首次使用时
URLQueryPartAllowedCharacterSet=[[NSCharacterSet URLQueryAllowedCharacterSet]可变副本];
[URLQueryPartAllowedCharacterSet removeCharactersInString:@“&+=?”];//%26,%3D,%3F
//然后在URL中转义变量,例如查询中的值和任何片段:
NSString*escapedValue=[theString stringByAddingPercentEncodingWithAllowedCharacters:URLQueryPartAllowedCharacterSet];
//[self.delegate日志字符串:[NSString stringWithFormat:@“%@-->%@”,字符串,转义值];
返回转义值;
}
@结束
这里可以看到我用来加密用户名/密码字符串NSData的代码(请参阅AES256EncryptWithKey,不要担心,我会在生产中使用更好的加密密码):
//NSData+AESCrypt.m
#导入“NSData+AESCrypt.h”
#进口
静态字符编码表[64]=
{
‘A’、‘B’、‘C’、‘D’、‘E’、‘F’、‘G’、‘H’、‘I’、‘J’、‘K’、‘L’、‘M’、‘N’、‘O’、‘P’,
‘Q’、‘R’、‘S’、‘T’、‘U’、‘V’、‘W’、‘X’、‘Y’、‘Z’、‘a’、‘b’、‘c’、‘d’、‘e’、‘f’,
‘g’、‘h’、‘i’、‘j’、‘k’、‘l’、‘m’、‘n’、‘o’、‘p’、‘q’、‘r’、‘s’、‘t’、‘u’、‘v’,
‘w’、‘x’、‘y’、‘z’、‘0’、‘1’、‘2’、‘3’、‘4’、‘5’、‘6’、‘7’、‘8’、‘9’、‘加’、‘/’
};
@实现NSData(AESCrypt)
-(NSData*)AES256EncryptWithKey:(NSString*)密钥{
//AES256的“键”应为32字节,否则将填充为空
char keyPtr[kCCKeySizeAES256+1];//为终止符预留的空间(未使用)
bzero(keyPtr,sizeof(keyPtr));//用零填充(用于填充)
//获取关键数据
[key-getCString:keyPtr-maxLength:sizeof(keyPtr)编码:NSUTF8StringEncoding];
NSU整数数据长度=[自身长度];
//参见文档:对于分组密码,输出大小将始终小于或
//等于输入大小加上一个块的大小。
//这就是为什么我们需要在这里添加一个块的大小
size\u t bufferSize=dataLength+kccblocksizeaaes128;
void*buffer=malloc(bufferSize);
大小\u t numBytesEncrypted=0;
CCCryptorStatus cryptStatus=CCCrypt(kCCEncrypt,kCCAlgorithmAES128,kCCOptionPKCS7Padding,
keyPtr,kCCKeySizeAES256,
NULL/*初始化向量(可选)*/,,
[self bytes],数据长度,/*输入*/
缓冲区,缓冲区大小,/*输出*/
&(未加密);
@自动释放池{
键=零;
}
if(cryptStatus==kCCSuccess)
{
//返回的NSData拥有缓冲区的所有权,并在释放时释放缓冲区
返回[NSData DATAFTHBYTESNOCOPY:缓冲区长度:numBytesEncrypted];
}
释放(缓冲区);//释放缓冲区
返回零;
}
-(NSData*)AES256DecryptWithKey:(NSString*)密钥{
//AES256的“键”应为32字节,否则将填充为空
char keyPtr[kCCKeySizeAES256+1];//为终止符预留的空间(未使用)
bzero(keyPtr,sizeof(keyPtr));//用零填充(用于填充)
//获取关键数据
[key-getCString:keyPtr-maxLength:sizeof(keyPtr)编码:NSUTF8StringEncoding];
NSU整数数据长度=[自身长度];
//参见文档:对于分组密码,输出大小将始终小于或
// NSData+AESCrypt.m
#import "NSData+AESCrypt.h"
#import <CommonCrypto/CommonCryptor.h>
static char encodingTable[64] =
{
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
};
@implementation NSData (AESCrypt)
- (NSData *)AES256EncryptWithKey:(NSString *)key{
// 'key' should be 32 bytes for AES256, will be null-padded otherwise
char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused)
bzero( keyPtr, sizeof( keyPtr ) ); // fill with zeroes (for padding)
// fetch key data
[key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
//See the doc: For block ciphers, the output size will always be less than or
//equal to the input size plus the size of one block.
//That's why we need to add the size of one block here
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
NULL /* initialization vector (optional) */,
[self bytes], dataLength, /* input */
buffer, bufferSize, /* output */
&numBytesEncrypted );
@autoreleasepool {
key = nil;
}
if( cryptStatus == kCCSuccess )
{
//the returned NSData takes ownership of the buffer and will free it on deallocation
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free( buffer ); //free the buffer
return nil;
}
- (NSData *)AES256DecryptWithKey:(NSString *)key{
// 'key' should be 32 bytes for AES256, will be null-padded otherwise
char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
bzero( keyPtr, sizeof( keyPtr ) ); // fill with zeroes (for padding)
// fetch key data
[key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
//See the doc: For block ciphers, the output size will always be less than or
//equal to the input size plus the size of one block.
//That's why we need to add the size of one block here
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
NULL /* initialization vector (optional) */,
[self bytes], dataLength, /* input */
buffer, bufferSize, /* output */
&numBytesDecrypted );
@autoreleasepool {
key = nil;
}
if( cryptStatus == kCCSuccess )
{
//the returned NSData takes ownership of the buffer and will free it on deallocation
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free( buffer ); //free the buffer
return nil;
}
# pragma mark -
-(NSData*) getNSDataFromNSDataDescription:(NSString*) dataDescription{
const char *ptr = [dataDescription cStringUsingEncoding:NSUTF8StringEncoding];
NSMutableData *encryptedData = [NSMutableData data];
while (*ptr) {
unsigned char c1 = *ptr;
ptr++;
if (isalpha(c1))
c1 = (10 + c1 - 'a')<<4;
else if (isnumber(c1))
c1 = (c1 - '0')<<4;
else
continue;
if (!*ptr)
break; // Shouldn't occure -- bad input
unsigned char c2 = *ptr;
ptr++;
if (isalpha(c2))
c2 = 10 + c2 - 'a';
else if (isnumber(c2))
c2 = c2 - '0';
c1 = c1 | c2;
[encryptedData appendBytes:&c1 length:1];
}
return encryptedData;
}
#pragma mark -
+ (NSData *)dataWithBase64EncodedString:(NSString *)string
{
return [[NSData allocWithZone:nil] initWithBase64EncodedString:string];
}
- (id)initWithBase64EncodedString:(NSString *)string
{
NSMutableData *mutableData = nil;
if( string )
{
unsigned long ixtext = 0;
unsigned long lentext = 0;
unsigned char ch = 0;
unsigned char inbuf[4], outbuf[3];
short i = 0, ixinbuf = 0;
BOOL flignore = NO;
BOOL flendtext = NO;
NSData *base64Data = nil;
const unsigned char *base64Bytes = nil;
// Convert the string to ASCII data.
base64Data = [string dataUsingEncoding:NSASCIIStringEncoding];
base64Bytes = [base64Data bytes];
mutableData = [NSMutableData dataWithCapacity:base64Data.length];
lentext = base64Data.length;
while( YES )
{
if( ixtext >= lentext ) break;
ch = base64Bytes[ixtext++];
flignore = NO;
if( ( ch >= 'A' ) && ( ch <= 'Z' ) ) ch = ch - 'A';
else if( ( ch >= 'a' ) && ( ch <= 'z' ) ) ch = ch - 'a' + 26;
else if( ( ch >= '0' ) && ( ch <= '9' ) ) ch = ch - '0' + 52;
else if( ch == '+' ) ch = 62;
else if( ch == '=' ) flendtext = YES;
else if( ch == '/' ) ch = 63;
else flignore = YES;
if( ! flignore )
{
short ctcharsinbuf = 3;
BOOL flbreak = NO;
if( flendtext )
{
if( ! ixinbuf ) break;
if( ( ixinbuf == 1 ) || ( ixinbuf == 2 ) ) ctcharsinbuf = 1;
else ctcharsinbuf = 2;
ixinbuf = 3;
flbreak = YES;
}
inbuf [ixinbuf++] = ch;
if( ixinbuf == 4 )
{
ixinbuf = 0;
outbuf [0] = ( inbuf[0] << 2 ) | ( ( inbuf[1] & 0x30) >> 4 );
outbuf [1] = ( ( inbuf[1] & 0x0F ) << 4 ) | ( ( inbuf[2] & 0x3C ) >> 2 );
outbuf [2] = ( ( inbuf[2] & 0x03 ) << 6 ) | ( inbuf[3] & 0x3F );
for( i = 0; i < ctcharsinbuf; i++ )
[mutableData appendBytes:&outbuf[i] length:1];
}
if( flbreak ) break;
}
}
}
self = [self initWithData:mutableData];
return self;
}
#pragma mark -
- (NSString *)base64Encoding
{
return [self base64EncodingWithLineLength:0];
}
- (NSString *)base64EncodingWithLineLength:(NSUInteger)lineLength
{
const unsigned char *bytes = [self bytes];
NSMutableString *result = [NSMutableString stringWithCapacity:self.length];
unsigned long ixtext = 0;
unsigned long lentext = self.length;
long ctremaining = 0;
unsigned char inbuf[3], outbuf[4];
unsigned short i = 0;
unsigned short charsonline = 0, ctcopy = 0;
unsigned long ix = 0;
while( YES )
{
ctremaining = lentext - ixtext;
if( ctremaining <= 0 ) break;
for( i = 0; i < 3; i++ )
{
ix = ixtext + i;
if( ix < lentext ) inbuf[i] = bytes[ix];
else inbuf [i] = 0;
}
outbuf [0] = (inbuf [0] & 0xFC) >> 2;
outbuf [1] = ((inbuf [0] & 0x03) << 4) | ((inbuf [1] & 0xF0) >> 4);
outbuf [2] = ((inbuf [1] & 0x0F) << 2) | ((inbuf [2] & 0xC0) >> 6);
outbuf [3] = inbuf [2] & 0x3F;
ctcopy = 4;
switch( ctremaining )
{
case 1:
ctcopy = 2;
break;
case 2:
ctcopy = 3;
break;
}
for( i = 0; i < ctcopy; i++ )
[result appendFormat:@"%c", encodingTable[outbuf[i]]];
for( i = ctcopy; i < 4; i++ )
[result appendString:@"="];
ixtext += 3;
charsonline += 4;
if( lineLength > 0 )
{
if( charsonline >= lineLength )
{
charsonline = 0;
[result appendString:@"\n"];
}
}
}
return [NSString stringWithString:result];
}
#pragma mark -
- (BOOL)hasPrefixBytes:(const void *)prefix length:(NSUInteger)length
{
if( ! prefix || ! length || self.length < length ) return NO;
return ( memcmp( [self bytes], prefix, length ) == 0 );
}
- (BOOL)hasSuffixBytes:(const void *)suffix length:(NSUInteger)length
{
if( ! suffix || ! length || self.length < length ) return NO;
return ( memcmp( ((const char *)[self bytes] + (self.length - length)), suffix, length ) == 0 );
}
// This is the main class in App B
-(void) appLoadedThroughURLWithQuery: (NSString*) query{
// Populate sign in fields with that and try to login
if(_initialLoad || _activeViewController == theSignInVC){
LaunchEkoApp *launcher = [[LaunchEkoApp alloc] init];
[_signInVC autoLoginUserWithUsername:[launcher decryptStringFromDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringToIndex:[query rangeOfString:@"&"].location] stringByReplacingOccurrencesOfString:@"U=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]] password:[launcher decryptStringFromDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringFromIndex:[query rangeOfString:@"&"].location+1] stringByReplacingOccurrencesOfString:@"C=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]]];
@autoreleasepool {
launcher = nil;
}
}
// Get username/credential
//NSString *credential = [[NSString alloc] initWithData:[[self getNSDataFromNSDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringFromIndex:[query rangeOfString:@"&"].location+1] stringByReplacingOccurrencesOfString:@"C=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]] AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];;
//NSString *username = [[NSString alloc] initWithData:[[self getNSDataFromNSDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringToIndex:[query rangeOfString:@"&"].location] stringByReplacingOccurrencesOfString:@"U=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]] AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];
@autoreleasepool {
query = nil;
}
}