【问题标题】:Public key encryption with IOS and decryption with C#IOS公钥加密和C#解密
【发布时间】:2014-03-17 08:55:48
【问题描述】:

我试图在 IOS 中加密一个字符串,然后在 C# 中解密它。

我已经能够仅使用 C# 加密和解密字符串,但 IOS 端似乎不正确。

在 C# 中,我使用它来解密字符串:

private static RSACryptoServiceProvider _rsa;
private const int PROVIDER_RSA_FULL = 1;
private const string CONTAINER_NAME = "KeyContainer";
private const string PROVIDER_NAME = "Microsoft Strong Cryptographic Provider";

private static void _AssignParameter()
{
    CspParameters cspParams;
    cspParams = new CspParameters(PROVIDER_RSA_FULL, PROVIDER_NAME, CONTAINER_NAME);
    cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
    CryptoKeyAccessRule rule = new CryptoKeyAccessRule("everyone", CryptoKeyRights.FullControl, AccessControlType.Allow);
    cspParams.CryptoKeySecurity = new CryptoKeySecurity();
    cspParams.CryptoKeySecurity.SetAccessRule(rule);

    _rsa = new RSACryptoServiceProvider(cspParams);
    _rsa.PersistKeyInCsp = false;
}

private static void decrypt(byte[] data, byte[] PrivateKey)
{
    _AssignParameter();
    _rsa.ImportCspBlob(PrivateKey);
    _rsa.Decrypt(data, false);
}

上面的C#代码只是一个sn-p,并不是完整的代码。

看起来很简单,这是我用于IOS的,

        //get nsdata from mod and exp
        NSString *mod = publicKeyObjects[0];
        NSData *pubKeyModData= [mod dataUsingEncoding:NSUTF8StringEncoding]; //172 bytes
        NSString *exp = publicKeyObjects[1];
        NSData *pubKeyExpData= [exp dataUsingEncoding:NSUTF8StringEncoding];

        //create nsdata key with mod and exp
        NSMutableArray *publicKeyArray = [[NSMutableArray alloc] init];
        [publicKeyArray addObject:pubKeyModData];
        [publicKeyArray addObject:pubKeyExpData];
        NSData *publicKeyData = [publicKeyArray berData];

        //add the key to the keychain and create a ref
        NSData* peerTag = [@"KeyContainer" dataUsingEncoding:NSUTF8StringEncoding];
        NSMutableDictionary *publicKey = [[NSMutableDictionary alloc] init];
        [publicKey setObject:(__bridge id) kSecClassKey forKey:(__bridge id)kSecClass];
        [publicKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
        [publicKey setObject:peerTag forKey:(__bridge id)kSecAttrApplicationTag];
        SecItemDelete((__bridge CFDictionaryRef)publicKey);

        CFTypeRef persistKey = nil;

        // Add persistent version of the key to system keychain
        [publicKey setObject:publicKeyData forKey:(__bridge id)kSecValueData];
        [publicKey setObject:(__bridge id) kSecAttrKeyClassPublic forKey:(__bridge id)kSecAttrKeyClass];
        [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnPersistentRef];
        OSStatus secStatus = SecItemAdd((__bridge CFDictionaryRef)publicKey, &persistKey);
        if (persistKey != nil)
            CFRelease(persistKey);

        // Now fetch the SecKeyRef version of the key
        SecKeyRef keyRef = nil;

        [publicKey removeObjectForKey:(__bridge id)kSecValueData];
        [publicKey removeObjectForKey:(__bridge id)kSecReturnPersistentRef];
        [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef];
        [publicKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
        secStatus = SecItemCopyMatching((__bridge CFDictionaryRef)publicKey,(CFTypeRef *)&keyRef);


        NSData* stringData = [@"string to encrypt" dataUsingEncoding:NSUTF8StringEncoding];
        NSData* encryptedString = [self encrypt:passwordData usingKey:keyRef];


-(NSData *)encrypt:(NSData *)Bytes usingKey:(SecKeyRef)key
{
    size_t cipherBufferSize = SecKeyGetBlockSize(key); //returns 172
    uint8_t *cipherBuffer = NULL;
    cipherBuffer = malloc(cipherBufferSize * sizeof(uint8_t));
    memset((void *)cipherBuffer, 0x0, cipherBufferSize);
    OSStatus status = SecKeyEncrypt(key, kSecPaddingNone,
                                    (const uint8_t *)[Bytes bytes],
                                    [Bytes length], cipherBuffer,
                                    &cipherBufferSize);
    if (status == noErr)
    {
        NSData *encryptedBytes = [[NSData alloc]
                                   initWithBytes:(const void *)cipherBuffer
                                   length:cipherBufferSize];
        if (cipherBuffer)
        {
            free(cipherBuffer);
        }
        NSLog(@"Encrypted text (%d bytes): %@", [encryptedBytes length], [encryptedBytes description]);
        return encryptedBytes;
    }
    else
    {
        NSLog(@"encrypt:usingKey: Error: %d", (int)status);
        return nil;
    }
}

所以一旦我尝试解密我得到的 C# 代码中的数据:

The data to be decrypted exceeds the maximum for this modulus of 128 bytes.

我用谷歌搜索了这个错误,发现它与 keysize 有关系,但是我用 IOS 导入模数后的 keysize 是 172 字节。

但我只是用_rsa.ToXmlString(false); 导出公钥

编辑

我想我修正了自己的错误,

    //get nsdata from mod and exp
    NSString *mod = publicKeyObjects[0];
    NSData *pubKeyModData= [mod dataUsingEncoding:NSUTF8StringEncoding];
    NSString *exp = publicKeyObjects[1];
    NSData *pubKeyExpData= [exp dataUsingEncoding:NSUTF8StringEncoding];

这是直接用 utf8 转换 base64 字符串,它应该使用:

NSData *pubKeyModData = [[NSData alloc] initWithBase64EncodedString:mod options:0];
NSData *pubKeyExpData = [[NSData alloc] initWithBase64EncodedString:exp options:0];

现在我收到另一个错误Bad Data

有人可以在这里指出我正确的方向吗?我也为所有代码道歉。我只是不知道问题出在哪里。

【问题讨论】:

    标签: c# ios public-key-encryption


    【解决方案1】:

    回答了我自己的问题,

    //get nsdata from mod and exp
    NSString *mod = publicKeyObjects[0];
    NSData *pubKeyModData= [mod dataUsingEncoding:NSUTF8StringEncoding];
    NSString *exp = publicKeyObjects[1];
    NSData *pubKeyExpData= [exp dataUsingEncoding:NSUTF8StringEncoding];
    

    变成了这样:

    //get nsdata from mod and exp
    NSString *mod = publicKeyObjects[0];
    NSData *pubKeyModData = [[NSData alloc] initWithBase64EncodedString:mod options:0];
    NSString *exp = publicKeyObjects[1];
    NSData *pubKeyExpData = [[NSData alloc] initWithBase64EncodedString:exp options:0];
    

    那么这个

    OSStatus status = SecKeyEncrypt(key, kSecPaddingNone,
                                    (const uint8_t *)[Bytes bytes],
                                    [Bytes length], cipherBuffer,
                                    &cipherBufferSize);
    

    成为:

    OSStatus status = SecKeyEncrypt(key, kSecPaddingPKCS1,
                                    (const uint8_t *)[Bytes bytes],
                                    [Bytes length], cipherBuffer,
                                    &cipherBufferSize);
    

    简单的配置修复。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-05-06
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-04-23
      • 2017-07-02
      • 2018-12-10
      • 2017-11-25
      相关资源
      最近更新 更多