iOS中AES对称加密(CBC模式)实现

前言:

在我们开发中免不了和服务器做一些数据交互,在交互过程中走得都是http请求,这类请求不像https那样的安全所以就会在交互过程中做一些数据加密解密的事情,现在主流的加密是AES对称加密和RSA非对称加密下面给大家讲解下AES加密,非对称加密会过几天跟新。

AES加密介绍:

  • AES加密是一种对称加密方式,他有基本的五种加密模式组成分别是:

1.电码本模式(Electronic Codebook Book (ECB));
2.密码分组链接模式(Cipher Block Chaining (CBC));
3.计算器模式(Counter (CTR));
4.密码反馈模式(Cipher FeedBack (CFB));
5.输出反馈模式(Output FeedBack (OFB))

  • 以上所说的这五种加密模式我们讲最常用的CBC模式,下面我说一下实现AES对称加密(CBC)的基本步骤;

1.要加密的密文转为NSData类型
2.使用AES对称加密(CBC)加密NSData
3.之后对加密过后的NSData进行编码(编码在下面我会说到)

AES加密代码实现:

  • 新建SecurityUtil继承NSObject
SecurityUtil.h实现:
  #pragma mark - AES加密
  //将string转成带密码的data
  + (NSString*)encryptAESData:(NSString*)string Withkey:(NSString * )key ivkey:(NSString * )ivkey;
  //将带密码的data转成string
  +(NSString*)decryptAESData:(NSString*)data Withkey:(NSString *)key ivkey:(NSString * )ivkey;
SecurityUtil.m实现(加密部分):
  #pragma mark - AES加密
  //将string转成带密码的data
  +(NSString*)encryptAESData:(NSString*)string Withkey:(NSString *)key ivkey:(NSString *)ivkey
  {
      //将nsstring转化为nsdata
      NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];
      //使用密码对nsdata进行加密
      NSData *encryptedData = [data AES128EncryptWithKey:key ivKey:ivkey];
      //加密之后编码
      return [self dataTohexString:encryptedData];;
  }
  #pragma mark - AES解密
  //将带密码的data转成string
  +(NSString*)decryptAESData:(NSString*)string Withkey:(NSString *)key ivkey:(NSString *)ivkey
  {
      //对数据进行解密
      NSData* result = [[self hexStringToData:string] AES128DecryptWithKey:key ivkey:ivkey];
      if (result && result.length > 0) {
          //加密之后进行编码
          return [[NSString alloc] initWithData:result  encoding:NSUTF8StringEncoding];
      }
         return nil;
  }
SecurityUtil.m实现(编码部分):
  #pragma mark - 16位编码 -加密
  + (NSString *)dataTohexString:(NSData*)data
  {
      Byte *bytes = (Byte *)[data bytes];
      NSString *hexStr=@"";
      for(int i=0;i<[data length];i++)
      {
          NSString *newHexStr = [NSString stringWithFormat:@"%x",bytes[i]&0xff];//16进制数
          if([newHexStr length]==1)
              hexStr = [NSString        stringWithFormat:@"%@0%@",hexStr,newHexStr];
          else
              hexStr = [NSString       stringWithFormat:@"%@%@",hexStr,newHexStr];
      }
      return hexStr;
  }
  #pragma mark - 16位编码 -解密
  + (NSData*)hexStringToData:(NSString*)hexString
  {
      int j=0;
      Byte bytes[hexString.length];  ///3ds key的Byte 数组, 128位
      for(int i=0;i<[hexString length];i++)
      {
          int int_ch;  /// 两位16进制数转化后的10进制数
          unichar hex_char1 = [hexString characterAtIndex:i]; ////两位16进制数中的第一位(高位*16)
          int int_ch1;
          if(hex_char1 >= '0' && hex_char1 <='9')
          int_ch1 = (hex_char1-48)*16;   //// 0 的Ascll - 48
          else if(hex_char1 >= 'A' && hex_char1 <='F')
              int_ch1 = (hex_char1-55)*16; //// A 的Ascll - 65
          else
              int_ch1 = (hex_char1-87)*16; //// a 的Ascll - 97
          i++;
          unichar hex_char2 = [hexString characterAtIndex:i]; ///两位16进制数中的第二位(低位)
          int int_ch2;
          if(hex_char2 >= '0' && hex_char2 <='9')
              int_ch2 = (hex_char2-48); //// 0 的Ascll - 48
          else if(hex_char1 >= 'A' && hex_char1 <='F')
              int_ch2 = hex_char2-55; //// A 的Ascll - 65
          else
              int_ch2 = hex_char2-87; //// a 的Ascll - 97   
          int_ch = int_ch1+int_ch2;
          //NSLog(@"int_ch=%x",int_ch);
          bytes[j] = int_ch;  ///将转化后的数放入Byte数组里
          j++;
      }
      //    NSData *newData = [[NSData alloc] initWithBytes:bytes length:j];
      NSData *newData = [[NSData alloc] initWithBytes:bytes length:j];
      //NSLog(@"newData=%@",newData);
      return newData;
  }
  • 新建一个NSData的扩展咋们把他命名为AES
NSData+AES.h实现:
  @class NSString;
  @interface NSData (Encryption)
  - (NSData *)AES128EncryptWithKey:(NSString *) key ivKey:(NSString *)ivkey;//加密
  - (NSData *)AES128DecryptWithKey:(NSString *) key ivkey:(NSString * )ivkey;//解密
NSData+AES.m实现:
  //(key和iv向量这里是16位的) 这里是CBC加密模式,安全性更高
  //加密
  - (NSData *)AES128EncryptWithKey:(NSString *) key ivKey:(NSString *)ivkey{
      char keyPtr[kCCKeySizeAES256+1];
      bzero(keyPtr, sizeof(keyPtr));
      [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
      NSUInteger dataLength = [self length];
      size_t bufferSize = dataLength + kCCBlockSizeAES128;
      void *buffer = malloc(bufferSize);
      size_t numBytesEncrypted = 0;
      CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128,
                                            kCCOptionPKCS7Padding ,
                                            keyPtr, kCCBlockSizeAES128,
                                            [ivkey UTF8String],
                                            [self bytes], dataLength,
                                            buffer, bufferSize,
                                            &numBytesEncrypted);
      if (cryptStatus == kCCSuccess) {
          return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
      }
      free(buffer);
      return nil;
  }
  //解密
  - (NSData *)AES128DecryptWithKey:(NSString *) key ivkey:(NSString *)ivkey {
      char keyPtr[kCCKeySizeAES256+1];
      bzero(keyPtr, sizeof(keyPtr));
      [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
      NSUInteger dataLength = [self length];
      size_t bufferSize = dataLength + kCCBlockSizeAES128;
      void *buffer = malloc(bufferSize);
      size_t numBytesDecrypted = 0;
      CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128,
                                            kCCOptionPKCS7Padding ,
                                            keyPtr, kCCBlockSizeAES128,
                                            [ivkey UTF8String],
                                            [self bytes], dataLength,
                                            buffer, bufferSize,
                                            &numBytesDecrypted);
      if (cryptStatus == kCCSuccess) {
          return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];        
      }
      free(buffer);
      return nil;
  }
  • 试验调用一下:
    NSString *originalString = @"加密这个字符串";
    NSString * secretStr = @"秘钥是这个";
    //CBC加密字符串
    NSString * encryptCBC = [SecurityUtil  encryptAESData: originalString Withkey:uuid ivkey: secretStr];
    //CBC解密字符串
    NSString * decryptCBC = [SecurityUtil  decryptAESData: encryptCBC Withkey:uuid ivkey: secretStr];
    
  • AES加密(CBC)全部实现我们已经做好了下面我讲一下编码;

    编码有很多种在我的项目中我们采用了16位编码,为什么说我要采用16位编码这又要讲到Base64编码,首先我先给大家看下这俩种编码后的密文是什么样子的。。

Base64编码:

BsDhzys9BkPbfuMUK4SDpSqh47FMMNltY6huj/lMwI77ibB61Wk9eBMMzQRmNgVvmnbTpWKNUdS2XXKgfwuEyGjJC7uUSkoTuV/TFN+BEFv3vlL0UKeY1Jt8plcJzrDKyDxK0oQOiM9THr5ZTFOsdDGfM3cmGWf7KRTQFwYE=

16位编码:

06C0E1CF2B3D0643DB7EE3142B8483A52AA1E3B14C33FA21365B58EA1BA3FE533023BEE26C1EB55A4F5E04C33341198D815BE69DB4E958A354752D975CA81FC2E1321A3242EEE5129284EE57F4C537E04416FDEF94BD1429E63526DF2995C273AC32B20F12B4A103A233D4C7AF965314EB1D0C67CCDDC98659FECA453405C181

大家也看到了俩种编码之后的密文明显的不同之处,Base64的唯一缺点就是其中有很多的特殊符号这种特殊符号在http传送过程中会发生改变导致密文解码解不了,所以我就采用了16位编码避免这种事情的发生。

推荐阅读更多精彩内容