DBTransitEncryption 0.1.7

您想要将以下类似的代码添加到Podfile中：`pod 'DBTransitEncryption', '~> 0.1'`

target 'MyApp' do
  pod 'DBTransitEncryption', '~> 0.1'
end

然后在您的终端内或从CocoaPods.app中运行`pod install`。

为了测试运行，可以运行以下命令：

pod try DBTransitEncryption

DBTransitEncryption 0.1.7

由
David Benko
davidwbenko

概览

Transport Layer Security为实现Objective-C中数据负载的加密提供安全措施。通过提供交易对称密钥的简单方法来保护数据安全。密钥实时生成，每条消息都将有新的密钥。

简化版 AES使用随机密钥加密数据，RSA加密密钥并两者都提供。

它做了什么？

DBTransitEncryption将为传输中的数据提供类似于TLS握手协议的安全措施。

生成AES对称密钥
使用AES密钥加密数据负载
使用X.509 RSA公钥加密AES密钥
返回AES加密的负载和RSA加密的对称密钥

安装

手动安装

将项目链接到Security.framework
将DBTransitEncryption文件夹添加到您的项目中
导入头文件（`#import "DBTransitEncryption.h"`）

生成X.509 RSA密钥对

运行以下命令以生成用于测试的个人密钥对。
您关心的文件是public_key.der和private_key.p12

openssl req -x509 -out public_key.der -outform der -new -newkey rsa:1024 -keyout private_key.pem -days 3650
openssl x509 -inform der -outform pem -in public_key.der -out public_key.pem
openssl pkcs12 -export -in public_key.pem -inkey private_key.pem -out private_key.p12

加密

使用捆绑X.509公钥（.der）

    NSString *keyPath = [[NSBundle mainBundle] pathForResource:@"public_key"
                                                        ofType:@"der"];

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKey:keyPath];

使用内存中X.509公钥（推荐）

    NSString *publicKey = @"MIICs ... kT0=\n"; // Base64 encoded key
    NSData *data = [[NSData alloc] initWithBase64EncodedString:publicKey options:NSDataBase64DecodingIgnoreUnknownCharacters];

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKeyData:data];

加密NSString

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKey:keyPath];
    NSError *err = nil;
    NSData *key = nil;  // AES Key, Encrypted with RSA public key
    NSData *iv = nil;   // Randomly Generated IV

    NSData *encryptedPayload = [encryptor encryptString:@"Hello World Text"
                                      rsaEncryptedKey:&key
                                                   iv:&iv
                                                error:&err];

加密NSData

    NSString *string = @"Hello World Text";
    NSData *dataToEncrypt = [string dataUsingEncoding:kStringEncoding];

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKey:keyPath];
    NSError *err = nil;
    NSData *key = nil;  // AES Key, Encrypted with RSA public key
    NSData *iv = nil;   // Randomly Generated IV

    NSData *encryptedPayload = [encryptor encryptData:dataToEncrypt
                                      rsaEncryptedKey:&key
                                                   iv:&iv
                                                error:&err];

解密

使用捆绑PKCS#12 RSA私钥（.p12）

    NSString *publicKeyPath = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"der"];
    NSString *privateKeyPath = [[NSBundle mainBundle] pathForResource:@"private_key" ofType:@"p12"];
    NSString *privateKeyPassword = @"Password for .p12 file"

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKey:publicKeyPath];
    [encryptor setPrivateKey:privateKeyPath withPassphrase:privateKeyPassword];

解密NSData

    NSData *aesEncryptedData; //some encrypted data
    NSData *rsaEncryptedKey; // some encrypted key
    NSData *iv = nil; // some iv

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKey:publicKeyPath];
    [encryptor setPrivateKey:privateKeyPath withPassphrase:@".p12 password"];
    NSError *err = nil;

    NSData *decryptedPayload = [encryptor decryptData:dataToEncrypt
                                      rsaEncryptedKey:key
                                                   iv:iv
                                                error:&err];

公共属性

DBTransitEncryptor 几个公共属性允许您修改加密算法，以适应您项目的需求。

@property (nonatomic, assign) NSUInteger rsaKeySize;                        // RSA key size in bits
@property (nonatomic, assign) SecPadding rsaPadding;                        // RSA padding
@property (nonatomic, assign) CCAlgorithm encryptorAlgorithm;               // Data payload encryption algorithm
@property (nonatomic, assign) CCOptions encryptorAlgorithmOptions;          // Options (padding) for data payload encryptor
@property (nonatomic, assign) NSUInteger encryptorAlgorithmKeySize;         // Size of generated symmetric key
@property (nonatomic, assign) NSUInteger encryptorAlgorithmBlockSize;       // Block size of data payload encryption algorithm
@property (nonatomic, assign) NSUInteger encryptorAlgorithmIVSize;          // Size of generated initialization vector
@property (nonatomic, assign) NSStringEncoding encryptorStringEncoding;     // String encoding for encrypted/decrypted strings
@property (readwrite, copy) IVMixerBlock ivMixer;                           // Block to mix IV with key or data
@property (readwrite, copy) IVSeparatorBlock ivSeparator;                   // Block to separate IV from key or data

IV 混合块

DBTransitEncryption 允许您定义自定义块来混合和分离初始化向量（IV）与密钥和/或加密数据。

ivMixer 提供在数据加密后立即访问数据、密钥和 IV 的方法，但在密钥加密之前。这允许在 RSA 加密之前将 IV 与密钥混合，以进一步增强 IV 的安全性。

ivSeparator 与 ivMixer 相反。应该以一种能够逆转混合算法并返回 IV 的方式实现 ivSeparator。**ivSeparator 仅在解密时需要**。

IV 混合示例

    DBTransitEncryptor *encryptor = [[DBTransitEncryptor alloc]initWithX509PublicKeyData:pubkeyb64data];

    // Prepends the iv to the key before the key is encrypted

    [encryptor setIvMixer:^(NSData **data,NSData **key, NSData *iv){
        NSMutableData *mutableKey = [iv mutableCopy];
        [mutableKey appendBytes:[*key bytes] length:[*key length]];
        *key = mutableKey;
    }];

    // Extracts the iv from the key before decryption

    [encryptor setIvSeparator:^NSData *(NSData **data, NSData **key){
        NSInteger ivSize = 16;
        NSMutableData *mutableKey = [*key mutableCopy];
        NSRange range = NSMakeRange(0, ivSize);
        NSData *iv = [mutableKey subdataWithRange:range];
        [mutableKey replaceBytesInRange:range withBytes:NULL length:0];
        *key = mutableKey;
        return iv;
    }];

许可证

MIT 许可证 (MIT)

特此授予任何获得此软件及其相关文档副本（以下简称“软件”）的人无限制地使用、复制、修改、合并、发布、分发、许可和/或出售软件副本的权利，并允许向软件提供者分发软件的人执行上述操作，前提是受以下条件的约束