objective-c中使用公共pem的OpenSSL加密
我已经为我的iOS项目编译并构建了openssl 但在objective-c中,为这个命令行编写了一个等价的代码:objective-c中使用公共pem的OpenSSL加密,objective-c,ios,c,openssl,Objective C,Ios,C,Openssl,我已经为我的iOS项目编译并构建了openssl 但在objective-c中,为这个命令行编写了一个等价的代码: openssl rsautl -encrypt -inkey publicKey.pem -pubin -in textfile.txt -out encrypted.bin 我怎样才能做到这一点呢?嗨,我也遇到了同样的问题,最终我找到了我要寻找的东西。我需要像CodeInChaos说的那样是我的自签名证书。有了它,我的代码工作得很好。为此,我使用以下命令: openssl re
openssl rsautl -encrypt -inkey publicKey.pem -pubin -in textfile.txt -out encrypted.bin
我怎样才能做到这一点呢?嗨,我也遇到了同样的问题,最终我找到了我要寻找的东西。我需要像CodeInChaos说的那样是我的自签名证书。有了它,我的代码工作得很好。为此,我使用以下命令:
openssl req -x509 -out public_key.der -outform der -new -newkey rsa:1024 -keyout private_key.pem -days 3650
我发现这篇文章非常有用:
它回答了很多问题。不是英文的,但谷歌翻译得很好,所以这不是什么大问题
我用我找到的代码和我自己的代码做了这个小函数来加密数据。我的捆绑包中有我的公钥,我以base64编码的NSDaa返回消息以将其发送到服务器:
+ (NSString *)encryptWithPublicKeyMessage:(NSString *) message
{
NSLog(@"encrypting...");
NSData *inputData = [message dataUsingEncoding:NSUTF8StringEncoding];
const void *bytes = [inputData bytes];
int length = [inputData length];
uint8_t *plainText = malloc(length);
memcpy(plainText, bytes, length);
/* Open and parse the cert*/
NSData *certData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"der"]];
SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridge CFDataRef)certData);
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus status = SecTrustCreateWithCertificates(cert, policy, &trust);
/* You can ignore the SecTrustResultType, but you have to run SecTrustEvaluate
* before you can get the public key */
SecTrustResultType trustResult;
if (status == noErr) {
status = SecTrustEvaluate(trust, &trustResult);
}
/* Now grab the public key from the cert */
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
/* allocate a buffer to hold the cipher text */
size_t cipherBufferSize;
uint8_t *cipherBuffer;
cipherBufferSize = SecKeyGetBlockSize(publicKey);
cipherBuffer = malloc(cipherBufferSize);
/* encrypt!! */
SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainText, length, cipherBuffer, &cipherBufferSize);
NSData *d = [NSData dataWithBytes:cipherBuffer length:cipherBufferSize];
/* Free the Security Framework Five! */
CFRelease(cert);
CFRelease(policy);
CFRelease(trust);
CFRelease(publicKey);
free(cipherBuffer);
NSLog(@"encrypted");
return [d encodeBase64ForData];
}
我希望它能帮助我找到正确的代码需要一段时间,所以我解决了我的问题,下面是我的问题的函数,它可以加密NSString: 我修改了这个问题中的代码: (同样在我的代码末尾,我使用base64对消息进行编码)
我在前面的问题上看到了这个。问题是:我无法创建DER证书,因为公钥不是由我生成的,因此我实际上无法使用pem文件。因此,这是一个问题,正如我所知,对于iOS SDK,您无法使用未签名的证书进行加密。您可以很好地使用openssl框架,但我没有看到网络上有人将其与iOS结合使用。好chance@Jpellat:您可以在iOS上使用openssl。我认为有许多应用程序使用自定义编译的静态openssl库。所以需要更多的答案!
#pragma mark Encryption using OpenSSL
+ (NSString *)EncryptMessage:(NSString *)message {
NSString *path = [[NSBundle mainBundle] pathForResource:@"pubkey" ofType:@"pem"];
FILE *pubkey = fopen([path cStringUsingEncoding:1], "r");
if (pubkey == NULL) {
NSLog(@"duh: %@", [path stringByAppendingString:@" not found"]);
return NULL;
}
RSA *rsa = PEM_read_RSA_PUBKEY(pubkey, NULL, NULL, NULL);
if (rsa == NULL) {
NSLog(@"Error reading RSA public key.");
return NULL;
}
const char *msgInChar = [message UTF8String];
unsigned char *encrypted = (unsigned char *) malloc(512); //I'm not so sure about this size
int bufferSize = RSA_public_encrypt(strlen(msgInChar), (unsigned char *)msgInChar, encrypted, rsa, RSA_PKCS1_PADDING);
if (bufferSize == -1) {
NSLog(@"Encryption failed");
return NULL;
}
NSData *data = [NSData dataWithBytes:(const void *)encrypted length:512]; //I'm not so sure about this length
NSString *result = [QSStrings encodeBase64WithData:data];
free(rsa);
fclose(pubkey);
free(encrypted);
return result;