xml地图|网站地图|网站标签 [设为首页] [加入收藏]

皇家娱乐登录Android端与JavaWeb传输加密,数据加密

来源:http://www.ccidsi.com 作者:呼叫中心培训课程 人气:194 发布时间:2020-04-28
摘要:年前忙着赶项目,也没时间更新,现在终止,因为是贷款类项目,涉及到客商的银行卡,居民身份证等消息,不可幸免的接纳到了加密相关本领,这里就来聊聊陆风X8SA与AES加密吧 一、

年前忙着赶项目,也没时间更新,现在终止,因为是贷款类项目,涉及到客商的银行卡,居民身份证等消息,不可幸免的接纳到了加密相关本领,这里就来聊聊陆风X8SA与AES加密吧

一、加密介绍


  本文接受对称式加密算法DES和非对称式加密算法RubiconSA结合做多少传输加密的艺术。
  先说一下对称式加密 DES:对称式加密即接收单钥密码加密的办法,信息的加密和解密使用同叁个秘钥,这种方式也可以称作单秘钥加密。所谓对称正是指加密和解密使用的是同八个秘钥!
  常用的相反相成加密有:DES、IDEA、RC2、RC4、SKIPJACK、RC5、AES算法等。
  与对称加密算法不一样,非对称加密算法需求几个密钥:公开密钥(publickey)和个体密钥 (privatekey)。公开密钥与私家密钥是部分,借使用公开密钥对数码实行加密,唯有用相应的个体密钥手艺解密;要是用个人密钥对数码进行加密,那么只有用相应的公开密钥手艺解密。因为加密和平解决密使用的是三个不等的密钥,所以这种算法叫作非对称加密算法。
  PAJEROSA 公钥加密算法是一九七六年由罗恩 Rivest、Adi Shamirh和LenAdleman在(U.S.A.加州洛杉矶分校大学)开垦的。库罗德SA取名来自开垦他们三者的名字。EscortSA是眼前最有影响力的公钥加密算法,它亦可对抗到如今截止已知的享有密码攻击,已被ISO推荐为公钥数据加密标准。 福睿斯SA算法基于叁个拾贰分粗略的数论事实:将多个大素数相乘十二分轻巧,但当场想要对其乘积实行因式分解却极其困难,因而可以将乘积公开作为加密密钥。


       当涉及到客商音信啊等比较隐衷的数额,应该对客户承受,对数据加密保障数据安全。除了选取https保障数据安全外,我们还使用了XC60SA AES 混合加密。 

1. 有关对称加密与非对称加密的分别:

二、RSA密钥生成


  RAV4SA密钥采取OpenSSL公约举办转换,本文仅轻易生成公钥和私钥,如有其余需求能够经过CA证书举办密钥的转移

        非对称加密,即加密和平解决密用的秘钥分裂,公钥用来加密,私钥用来解密,假若两岸都亟需收发数据,那么须求客商端和服务端都分别生成一对秘钥,将公钥传给对方用于对数据加密。该加密方法相比安全,很难破解,然而加密解密要求时刻较长,非常对于质量非常糟糕的CPU,耗费时间更长。该加密方法用的超多的算法是讴歌RDXSA算法。

参照在此以前写的稿子(1.3-1.4-1.5)

奥德赛SA(非对称加密,公钥加密,私钥解密,涉及数字签名等,速度相对异常慢)AES(对称加密,公、私钥相近,速度相对一点也不慢,如DES、RC5、RC6)

相对安全的HTTPS就同一时候利用了对称加密及非对称加密.

1、OpenSSL安装

http://slproweb.com/products/Win32OpenSSL.html
 请自行接纳三11个人六12人举办下载安装

        对称加密,即加密和平解决密只须要三个秘钥就可以。该加密方法总括速度异常的快,耗费时间少之甚少,然而对于八个劳务需求四个key,平常供给通过接口传递,轻便被截取。该加密方法用的相当多的算法是AES算法。

2. RSA 加、解密

加密流程:

``

一种是根据服务端提供给你的.cer或.der证书(不管是.cer还是.der其实只是一个公钥的载体)进行加密,根据.p12文件进行解密;另一种就是根据服务端直接提供给你的公、私钥进行加、解密;我们使用的是证书加、解密,所以只做此演示.1. 服务端会给你生成一个cer或者der证书,直接拖进项目即可.2. 根据证书路径生成公钥3. 使用生成的公钥对文件(文件的生成:是字典->json字符串->UTF8)进行加密,将加密后生成的NSData转成base64码传给服务端即可;

``这里先来探视PRADOSA加密相关类SX福特ExplorerSAEncryptor

其中 SXRSAEncryptor.h``

#import <Foundation/Foundation.h>@interface SXRSAEncryptor : NSObject/** * 加密方法 * * @param str 需要加密的字符串 * @param path '.der'格式的公钥文件路径 */  (NSString *)encryptString:(NSString *)str publicKeyWithContentsOfFile:(NSString *)path;/** * 解密方法 * * @param str 需要解密的字符串 * @param path '.p12'格式的私钥文件路径 * @param password 私钥文件密码 */  (NSString *)decryptString:(NSString *)str privateKeyWithContentsOfFile:(NSString *)path password:(NSString *)password;/** * 加密方法 * * @param str 需要加密的字符串 * @param pubKey 公钥字符串 */  (NSString *)encryptString:(NSString *)str publicKey:(NSString *)pubKey;/** * 解密方法 * * @param str 需要解密的字符串 * @param privKey 私钥字符串 */  (NSString *)decryptString:(NSString *)str privateKey:(NSString *)privKey;@end

SXRSAEncryptor.m

#import "SXRSAEncryptor.h"#import <Security/Security.h>@implementation SXRSAEncryptorstatic NSString *base64_encode_data(NSData *data){data = [data base64EncodedDataWithOptions:0];NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];return ret;}static NSData *base64_decode(NSString *str){NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];return data;}#pragma mark - 使用'.der'公钥文件加密//加密  (NSString *)encryptString:(NSString *)str publicKeyWithContentsOfFile:(NSString *)path{ if (!str || !path) return nil; return [self encryptString:str publicKeyRef:[self getPublicKeyRefWithContentsOfFile:path]];}//获取公钥  (SecKeyRef)getPublicKeyRefWithContentsOfFile:(NSString *)filePath{ NSData *certData = [NSData dataWithContentsOfFile:filePath]; if (!certData) { return nil; } SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)certData); SecKeyRef key = NULL; SecTrustRef trust = NULL; SecPolicyRef policy = NULL; if (cert != NULL) { policy = SecPolicyCreateBasicX509(); if  { if (SecTrustCreateWithCertificates((CFTypeRef)cert, policy, &trust) == noErr) { SecTrustResultType result; if (SecTrustEvaluate(trust, &result) == noErr) { key = SecTrustCopyPublicKey; } } } } if  CFRelease; if  CFRelease; if  CFRelease; return key;}  (NSString *)encryptString:(NSString *)str publicKeyRef:(SecKeyRef)publicKeyRef{ if(![str dataUsingEncoding:NSUTF8StringEncoding]){ return nil; } if(!publicKeyRef){ return nil; } NSData *data = [self encryptData:[str dataUsingEncoding:NSUTF8StringEncoding] withKeyRef:publicKeyRef]; NSString *ret = base64_encode_data; return ret;}#pragma mark - 使用'.12'私钥文件解密//解密  (NSString *)decryptString:(NSString *)str privateKeyWithContentsOfFile:(NSString *)path password:(NSString *)password{ if (!str || !path) return nil; if (!password) password = @""; return [self decryptString:str privateKeyRef:[self getPrivateKeyRefWithContentsOfFile:path password:password]];}//获取私钥  (SecKeyRef)getPrivateKeyRefWithContentsOfFile:(NSString *)filePath password:(NSString*)password{ NSData *p12Data = [NSData dataWithContentsOfFile:filePath]; if  { return nil; } SecKeyRef privateKeyRef = NULL; NSMutableDictionary * options = [[NSMutableDictionary alloc] init]; [options setObject: password forKey:(__bridge id)kSecImportExportPassphrase]; CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) p12Data, (__bridge CFDictionaryRef)options, &items); if (securityError == noErr && CFArrayGetCount > 0) { CFDictionaryRef identityDict = CFArrayGetValueAtIndex; SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity); securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef); if (securityError != noErr) { privateKeyRef = NULL; } } CFRelease; return privateKeyRef;}  (NSString *)decryptString:(NSString *)str privateKeyRef:(SecKeyRef)privKeyRef{ NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters]; if (!privKeyRef) { return nil; } data = [self decryptData:data withKeyRef:privKeyRef]; NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; return ret;}#pragma mark - 使用公钥字符串加密/* START: Encryption with RSA public key *///使用公钥字符串加密  (NSString *)encryptString:(NSString *)str publicKey:(NSString *)pubKey{ NSData *data = [self encryptData:[str dataUsingEncoding:NSUTF8StringEncoding] publicKey:pubKey]; NSString *ret = base64_encode_data; return ret;}  encryptData:data publicKey:(NSString *)pubKey{ if(!data || !pubKey){ return nil; } SecKeyRef keyRef = [self addPublicKey:pubKey]; if{ return nil; } return [self encryptData:data withKeyRef:keyRef];}  (SecKeyRef)addPublicKey:(NSString *)key{ NSRange spos = [key rangeOfString:@"-----BEGIN PUBLIC KEY-----"]; NSRange epos = [key rangeOfString:@"-----END PUBLIC KEY-----"]; if(spos.location != NSNotFound && epos.location != NSNotFound){ NSUInteger s = spos.location   spos.length; NSUInteger e = epos.location; NSRange range = NSMakeRange; key = [key substringWithRange:range]; } key = [key stringByReplacingOccurrencesOfString:@"r" withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"n" withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"t" withString:@""]; key = [key stringByReplacingOccurrencesOfString:@" " withString:@""]; // This will be base64 encoded, decode it. NSData *data = base64_decode; data = [self stripPublicKeyHeader:data]; if{ return nil; } //a tag to read/write keychain storage NSString *tag = @"RSAUtil_PubKey"; NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]]; // Delete any old lingering key with the same tag NSMutableDictionary *publicKey = [[NSMutableDictionary alloc] init]; [publicKey setObject:(__bridge id) kSecClassKey forKey:(__bridge id)kSecClass]; [publicKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType]; [publicKey setObject:d_tag forKey:(__bridge id)kSecAttrApplicationTag]; SecItemDelete((__bridge CFDictionaryRef)publicKey); // Add persistent version of the key to system keychain [publicKey setObject:data forKey:(__bridge id)kSecValueData]; [publicKey setObject:(__bridge id) kSecAttrKeyClassPublic forKey:(__bridge id)kSecAttrKeyClass]; [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnPersistentRef]; CFTypeRef persistKey = nil; OSStatus status = SecItemAdd((__bridge CFDictionaryRef)publicKey, &persistKey); if (persistKey != nil){ CFRelease(persistKey); } if ((status != noErr) && (status != errSecDuplicateItem)) { return nil; } [publicKey removeObjectForKey:(__bridge id)kSecValueData]; [publicKey removeObjectForKey:(__bridge id)kSecReturnPersistentRef]; [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef]; [publicKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType]; // Now fetch the SecKeyRef version of the key SecKeyRef keyRef = nil; status = SecItemCopyMatching((__bridge CFDictionaryRef)publicKey, (CFTypeRef *)&keyRef); if(status != noErr){ return nil; } return keyRef;}  stripPublicKeyHeader:d_key{ // Skip ASN.1 public key header if (d_key == nil) return; unsigned long len = [d_key length]; if  return; unsigned char *c_key = (unsigned char *)[d_key bytes]; unsigned int idx = 0; if (c_key[idx  ] != 0x30) return; if (c_key[idx] > 0x80) idx  = c_key[idx] - 0x80   1; else idx  ; // PKCS #1 rsaEncryption szOID_RSA_RSA static unsigned char seqiod[] = { 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,0x01, 0x05, 0x00 }; if (memcmp(&c_key[idx], seqiod, 15)) return; idx  = 15; if (c_key[idx  ] != 0x03) return; if (c_key[idx] > 0x80) idx  = c_key[idx] - 0x80   1; else idx  ; if (c_key[idx  ] != '\0') return; // Now make a new NSData from this buffer return ([NSData dataWithBytes:&c_key[idx] length:len - idx]);}  encryptData:data withKeyRef:(SecKeyRef) keyRef{ const uint8_t *srcbuf = (const uint8_t *)[data bytes]; size_t srclen = data.length; size_t block_size = SecKeyGetBlockSize * sizeof; void *outbuf = malloc(block_size); size_t src_block_size = block_size - 11; NSMutableData *ret = [[NSMutableData alloc] init]; for(int idx=0; idx<srclen; idx =src_block_size){ //NSLog(@"%d/%d block_size: %d", idx, srclen, block_size); size_t data_len = srclen - idx; if(data_len > src_block_size){ data_len = src_block_size; } size_t outlen = block_size; OSStatus status = noErr; status = SecKeyEncrypt(keyRef, kSecPaddingPKCS1, srcbuf   idx, data_len, outbuf, &outlen ); if (status != 0) { NSLog(@"SecKeyEncrypt fail. Error Code: %d", status); ret = nil; break; }else{ [ret appendBytes:outbuf length:outlen]; } } free; CFRelease; return ret; } /* END: Encryption with RSA public key */#pragma mark - 使用私钥字符串解密/* START: Decryption with RSA private key *///使用私钥字符串解密  (NSString *)decryptString:(NSString *)str privateKey:(NSString *)privKey{ if  return nil; NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters]; data = [self decryptData:data privateKey:privKey]; NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; return ret;}  decryptData:data privateKey:(NSString *)privKey{ if(!data || !privKey){ return nil; } SecKeyRef keyRef = [self addPrivateKey:privKey]; if{ return nil; } return [self decryptData:data withKeyRef:keyRef];}  (SecKeyRef)addPrivateKey:(NSString *)key{ NSRange spos = [key rangeOfString:@"-----BEGIN RSA PRIVATE KEY-----"]; NSRange epos = [key rangeOfString:@"-----END RSA PRIVATE KEY-----"]; if(spos.location != NSNotFound && epos.location != NSNotFound){ NSUInteger s = spos.location   spos.length; NSUInteger e = epos.location; NSRange range = NSMakeRange; key = [key substringWithRange:range]; } key = [key stringByReplacingOccurrencesOfString:@"r" withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"n" withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"t" withString:@""]; key = [key stringByReplacingOccurrencesOfString:@" " withString:@""]; // This will be base64 encoded, decode it. NSData *data = base64_decode; data = [self stripPrivateKeyHeader:data]; if{ return nil; } //a tag to read/write keychain storage NSString *tag = @"RSAUtil_PrivKey"; NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]]; // Delete any old lingering key with the same tag NSMutableDictionary *privateKey = [[NSMutableDictionary alloc] init]; [privateKey setObject:(__bridge id) kSecClassKey forKey:(__bridge id)kSecClass]; [privateKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType]; [privateKey setObject:d_tag forKey:(__bridge id)kSecAttrApplicationTag]; SecItemDelete((__bridge CFDictionaryRef)privateKey); // Add persistent version of the key to system keychain [privateKey setObject:data forKey:(__bridge id)kSecValueData]; [privateKey setObject:(__bridge id) kSecAttrKeyClassPrivate forKey:(__bridge id)kSecAttrKeyClass]; [privateKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnPersistentRef]; CFTypeRef persistKey = nil; OSStatus status = SecItemAdd((__bridge CFDictionaryRef)privateKey, &persistKey); if (persistKey != nil){ CFRelease(persistKey); } if ((status != noErr) && (status != errSecDuplicateItem)) { return nil; } [privateKey removeObjectForKey:(__bridge id)kSecValueData]; [privateKey removeObjectForKey:(__bridge id)kSecReturnPersistentRef]; [privateKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef]; [privateKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType]; // Now fetch the SecKeyRef version of the key SecKeyRef keyRef = nil; status = SecItemCopyMatching((__bridge CFDictionaryRef)privateKey, (CFTypeRef *)&keyRef); if(status != noErr){ return nil; } return keyRef;}  stripPrivateKeyHeader:d_key{ // Skip ASN.1 private key header if (d_key == nil) return; unsigned long len = [d_key length]; if  return; unsigned char *c_key = (unsigned char *)[d_key bytes]; unsigned int idx = 22; //magic byte at offset 22 if (0x04 != c_key[idx  ]) return nil; //calculate length of the key unsigned int c_len = c_key[idx  ]; int det = c_len & 0x80; if  { c_len = c_len & 0x7f; } else { int byteCount = c_len & 0x7f; if (byteCount   idx > len) { //rsa length field longer than buffer return nil; } unsigned int accum = 0; unsigned char *ptr = &c_key[idx]; idx  = byteCount; while (byteCount) { accum = (accum << 8)   *ptr; ptr  ; byteCount--; } c_len = accum; } // Now make a new NSData from this buffer return [d_key subdataWithRange:NSMakeRange(idx, c_len)]; }  decryptData:data withKeyRef:(SecKeyRef) keyRef{ const uint8_t *srcbuf = (const uint8_t *)[data bytes]; size_t srclen = data.length; size_t block_size = SecKeyGetBlockSize * sizeof; UInt8 *outbuf = malloc(block_size); size_t src_block_size = block_size; NSMutableData *ret = [[NSMutableData alloc] init]; for(int idx=0; idx<srclen; idx =src_block_size){ //NSLog(@"%d/%d block_size: %d", idx, srclen, block_size); size_t data_len = srclen - idx; if(data_len > src_block_size){ data_len = src_block_size; } size_t outlen = block_size; OSStatus status = noErr; status = SecKeyDecrypt(keyRef, kSecPaddingNone, srcbuf   idx, data_len, outbuf, &outlen ); if (status != 0) { NSLog(@"SecKeyEncrypt fail. Error Code: %d", status); ret = nil; break; }else{ //the actual decrypted data is in the middle, locate it! int idxFirstZero = -1; int idxNextZero = outlen; for ( int i = 0; i < outlen; i   ) { if ( outbuf[i] == 0 ) { if ( idxFirstZero < 0 ) { idxFirstZero = i; } else { idxNextZero = i; break; } } } [ret appendBytes:&outbuf[idxFirstZero 1] length:idxNextZero-idxFirstZero-1]; } } free; CFRelease; return ret;}@end

``从上边的.h和.m文件能够看出,这里提供了上述二种加解密的不二秘技,请依据实际需要选取.

2、张开工作空间

  张开OpenSSL安装目录下的bin,运营OpenSSL.exe步入OpenSSL专业空间

        综上,平常须要将多头结合,利用厚生,先由劳动端生成一对公钥、私钥(HighlanderSA 加密方法)将公钥给客商端,私钥留给自个儿,对于android 应用程式 公钥存在 .so 文件,不便于走漏风声。然后顾客端 生成AES 的key  ,该key 用于之后服务端和顾客端数据通讯的加密解密,服务端对key 和别的消息透过加密发送给服务端,服务端存款和储蓄该key用于日后跟该客商端加密解密数据。

本文由68399皇家赌场发布于呼叫中心培训课程,转载请注明出处:皇家娱乐登录Android端与JavaWeb传输加密,数据加密

关键词: 68399皇家赌场 iOS Android开发 Android... RSA

最火资讯