iOS 开发学习成长之路知识总结#iOS#HeminWon

[拿走直接用] iOS加密:AES+Base64

2016-12-08  本文已影响5687人  iOS_BigYiza

掘金主页欢迎关注和提问,以后也会不定期回答简书上的提问

本篇文章记录了iOS中对字符串进行AES加密+Base64编码的过程,考虑到加密对象和使用场景,理所当然的将加密过程丢到了NSString的类别中,即下面说到的NSString+AES

一、对AES认识有以下几点(针对开发中涉及到的,其他的也没有深入研究了):使用上总结起来就是——“保持一致”

特别要注意的:如果你想使用密钥偏移量IV 那你的加密模式必须为CBC,不能使用别的模式了,具体关于加密参数,文章最后附上构造方法的参数文档。

对AES的认识可以通过类似 http://www.seacha.com/tools/aes.html 的在线加密网站,从UI上简单看看构成。

AES01.png

二、在学习使用的时候看到网上一般有两种Base64编码方式:

Demo中两种编码方式都给大家写了,根据个人喜好选择。GTMBase64库可以用CocoaPods导入。

下面是代码:

创建NSString的AES类别

#import <Foundation/Foundation.h>

@interface NSString (AES)

/**< 加密方法 */
- (NSString*)aci_encryptWithAES;

/**< 解密方法 */
- (NSString*)aci_decryptWithAES;

@end

.m文件 加密解密需要导入这两个头文件(其实只导入第二个就够了)

#import <CommonCrypto/CommonDigest.h>
#import <CommonCrypto/CommonCryptor.h>

使用GTMBase64的话需要导入#import "GTMBase64.h"

定义加密的Key和向量IV

static NSString *const PSW_AES_KEY = @"TESTPASSWORD";
static NSString *const AES_IV_PARAMETER = @"AES00IVPARAMETER";

@implementation NSString (AES)

- (NSString*)aci_encryptWithAES {

    NSData *data = [self dataUsingEncoding:NSUTF8StringEncoding];
    NSData *AESData = [self AES128operation:kCCEncrypt
                                       data:data
                                        key:PSW_AES_KEY
                                         iv:AES_IV_PARAMETER];
    NSString *baseStr_GTM = [self encodeBase64Data:AESData];
    NSString *baseStr = [AESData base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength];
    
    NSLog(@"*****************\nGTMBase:%@\n*****************", baseStr_GTM);
    NSLog(@"*****************\niOSCode:%@\n*****************", baseStr);
    return baseStr_GTM;
}

- (NSString*)aci_decryptWithAES {

    NSData *data = [self dataUsingEncoding:NSUTF8StringEncoding];
    NSData *baseData_GTM = [self decodeBase64Data:data];
    NSData *baseData = [[NSData alloc]initWithBase64EncodedString:self options:0];
    
    NSData *AESData_GTM = [self AES128operation:kCCDecrypt
                                         data:baseData_GTM
                                          key:PSW_AES_KEY
                                           iv:AES_IV_PARAMETER];
    NSData *AESData = [self AES128operation:kCCDecrypt
                                         data:baseData
                                          key:PSW_AES_KEY
                                           iv:AES_IV_PARAMETER];
    
    NSString *decStr_GTM = [[NSString alloc] initWithData:AESData_GTM encoding:NSUTF8StringEncoding];
    NSString *decStr = [[NSString alloc] initWithData:AESData encoding:NSUTF8StringEncoding];
    
    NSLog(@"*****************\nGTMBase:%@\n*****************", decStr_GTM);
    NSLog(@"*****************\niOSCode:%@\n*****************", decStr);
    
    return decStr;
}

AES加解密算法

/**
 *  AES加解密算法
 *
 *  @param operation kCCEncrypt(加密)kCCDecrypt(解密)
 *  @param data      待操作Data数据
 *  @param key       key
 *  @param iv        向量
 *
 *  @return
 */
- (NSData *)AES128operation:(CCOperation)operation data:(NSData *)data key:(NSString *)key iv:(NSString *)iv {

    char keyPtr[kCCKeySizeAES128 + 1];  //kCCKeySizeAES128是加密位数 可以替换成256位的
    bzero(keyPtr, sizeof(keyPtr));
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
    
    // IV
    char ivPtr[kCCBlockSizeAES128 + 1];
    bzero(ivPtr, sizeof(ivPtr));
    [iv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding];
    
    size_t bufferSize = [data length] + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);
    size_t numBytesEncrypted = 0;
    
    // 设置加密参数
    //(根据需求选择什么加密位数128or256,PKCS7Padding补码方式之类的_(:з」∠)_,详细的看下面吧)
    CCCryptorStatus cryptorStatus = CCCrypt(operation, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                            keyPtr, kCCKeySizeAES128,
                                            ivPtr,
                                            [data bytes], [data length],
                                            buffer, bufferSize,
                                            &numBytesEncrypted);
    
    if(cryptorStatus == kCCSuccess) {
        NSLog(@"Success");
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
        
    } else {
        NSLog(@"Error");
    }
    
    free(buffer);
    return nil;
}

GTMBase64编码

/**< GTMBase64编码 */
- (NSString*)encodeBase64Data:(NSData *)data {
    data = [GTMBase64 encodeData:data];
    NSString *base64String = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
    return base64String;
}

/**< GTMBase64解码 */
- (NSData*)decodeBase64Data:(NSData *)data {
    data = [GTMBase64 decodeData:data];
    return data;
}

完成!你就可以去跑,去跳,去做一个漂亮的倒挂金钩了~

Demo下载地址:https://github.com/iOSAppleBea/AES_1

附:CCCryptorStatus构造

关于加密参数CCCryptorStatus,构造他可以使用CCCrypt CCCryptorCreateWithMode CCCryptorCreate等好多种方法,构造时对参数的使用还是比较麻烦的,看文档对英语渣来说很辛苦,大概说一下看过CCCrypt后了解的几点

苹果文档
/*!
    @function   CCCrypt
    @abstract   Stateless, one-shot encrypt or decrypt operation.
                This basically performs a sequence of CCCrytorCreate(),
                CCCryptorUpdate(), CCCryptorFinal(), and CCCryptorRelease().
    
    @param      alg             Defines the encryption algorithm.
    
    
    @param      op              Defines the basic operation: kCCEncrypt or kCCDecrypt.
    
    @param      options         A word of flags defining options. See discussion
                                for the CCOptions type.
    
    @param      key             Raw key material, length keyLength bytes. 
                                加解密的密钥
    
    @param      keyLength       Length of key material. Must be appropriate 
                                for the select algorithm. Some algorithms may 
                                provide for varying key lengths.
                                参数解释详见苹果文档中的一个Key Size的枚举
                                enum {
                                                kCCKeySizeAES128          = 16,
                                                kCCKeySizeAES192          = 24,
                                                kCCKeySizeAES256          = 32,
                                                kCCKeySizeDES             = 8,
                                                kCCKeySize3DES            = 24,
                                                kCCKeySizeMinCAST         = 5,
                                                kCCKeySizeMaxCAST         = 16,
                                                kCCKeySizeMinRC4          = 1,
                                                kCCKeySizeMaxRC4          = 512,
                                                kCCKeySizeMinRC2          = 1,
                                                kCCKeySizeMaxRC2          = 128,
                                                kCCKeySizeMinBlowfish     = 8,
                                                kCCKeySizeMaxBlowfish     = 56,
                                            };
    
    @param      iv              Initialization vector, optional. Used for 
                                Cipher Block Chaining (CBC) mode. If present, 
                                must be the same length as the selected 
                                algorithm's block size. If CBC mode is
                                selected (by the absence of any mode bits in 
                                the options flags) and no IV is present, a 
                                NULL (all zeroes) IV will be used. This is 
                                ignored if ECB mode is used or if a stream 
                                cipher algorithm is selected. 
                                向量:大概意思说,此属性可选,但只能用于CBC模式。
                                如果出现那么他的长度必须和算法的block size保持一致。
                                如果是因为默认选择的CBC模式而且向量没有定义,那么向量会被定义为NULL。
                                如果选择了ECB模式或是其他的流密码算法,之前所说的逻辑都不成立。
    
    @param      dataIn          Data to encrypt or decrypt, length dataInLength 
                                bytes. 
    
    @param      dataInLength    Length of data to encrypt or decrypt.
    
    @param      dataOut         Result is written here. Allocated by caller. 
                                Encryption and decryption can be performed
                                "in-place", with the same buffer used for 
                                input and output. 
    
    @param      dataOutAvailable The size of the dataOut buffer in bytes.  
    
    @param      dataOutMoved    On successful return, the number of bytes
                    written to dataOut. If kCCBufferTooSmall is
                returned as a result of insufficient buffer
                space being provided, the required buffer space
                is returned here. 
        
    @result     kCCBufferTooSmall indicates insufficent space in the dataOut
                                buffer. In this case, the *dataOutMoved 
                                parameter will indicate the size of the buffer
                                needed to complete the operation. The 
                                operation can be retried with minimal runtime 
                                penalty. 
                kCCAlignmentError indicates that dataInLength was not properly 
                                aligned. This can only be returned for block 
                                ciphers, and then only when decrypting or when 
                                encrypting with block with padding disabled. 
                kCCDecodeError  Indicates improperly formatted ciphertext or
                                a "wrong key" error; occurs only during decrypt
                                operations. 
 */
    
CCCryptorStatus CCCrypt(
    CCOperation op,         /* kCCEncrypt, etc. */编码 or 解码
    CCAlgorithm alg,        /* kCCAlgorithmAES128, etc. */
    CCOptions options,      /* kCCOptionPKCS7Padding, etc. */
    const void *key,
    size_t keyLength,
    const void *iv,         /* optional initialization vector */
    const void *dataIn,     /* optional per op and alg */
    size_t dataInLength,
    void *dataOut,          /* data RETURNED here */
    size_t dataOutAvailable,
    size_t *dataOutMoved)

Demo下载地址:https://github.com/iOSAppleBea/AES_1

上一篇下一篇

猜你喜欢

热点阅读