试图弄清RNCryptor [英] Trying To Make Sense of RNCryptor

问题描述

我正在一个项目上，我们需要加密一些用户凭据(用户名，密码，userId等)以传递到我们的服务器.我们已决定使用AES256来实现此目的.在这个问题上进行一些研究，很难避免注意到那里的一个项目，RNCryptor声称是这个问题的易于使用的解决方案.

因此，我将框架包含在我的项目中，并很快意识到它并没有我想像的那么直接.我希望找到一种解决方案，该解决方案可以简单地-( 1 )派生一个我想用( 2 )将密钥和我的字符串传递到相应的RNCryptor方法中，( 3 )从所述方法取回我的加密字符串.

这太好了，以至于不能成立.

RNCryptor的现实是它具有这样的方法:

[RNEncryptor encryptData:someData 
            withSettings:kRNCryptorAES256Settings
                password:someString
                   error:&someError];

由于术语，这令人困惑.

什么是密码?

这从来没有解释过.密码是什么?这是我要加密的用户密码，我要用来加密的密码 key 还是登录到我的计算机的密码( sarcasm ).

加密数据?

这是我要加密的用户凭证的UTF8编码字符串吗?这是我的最佳猜测，但同样，在RNCryptor Github的文档"中没有解释.

解决方案

password用于生成加密密钥，它是用于加密数据的NSString. encryptData是要加密的数据，并且是NSData.

加密处理数据，即8位字节的数组.您需要将任何内容转换为NSData.对于NSString，可以使用以下方法:

NSData *dataToBeEncrypted = [myString dataUsingEncoding:NSUTF8StringEncoding];

和

NSString *myString = [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding];

此外，它还需要一个加密密钥，RNCryptor会使用一个NSString并从中导出一个加密密钥.

当然有选项，尽管RNCryptor在内部处理了大多数这些句柄，但仍有一些可供开发人员使用.

有两个具有更多选项的主要版本，您最好使用密码版本.

一个使用NSString密码的人:

+ (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings password:(NSString *)password error:(NSError **)error;

一秒钟拿一个NSData加密密钥和一个NSData身份验证密钥.

+ (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings encryptionKey:(NSData *)encryptionKey HMACKey:(NSData *)HMACKey error:(NSError **)error;

RNCryptor是您的最佳选择，它处理从密码派生的密钥，随机IV，对加密数据进行身份验证和填充.

I am working on a project and we need to encrypt some user credentials (username, password, userId, ect.) to pass to our server. We have decided to use AES256 in order to achieve this. Doing some research on this subject it was hard to avoid noticing a project out there, RNCryptor that claims to be an easy-to-use solution to this problem.

So I included the framework into my project and soon realized it was not as straight forward as I thought. I was hoping for a solution to where I could encrypt my credential strings by simply - (1) derive a key that I would like to encrypt my stringed credentials with, (2) pass the key and my string into the appropriate RNCryptor's method, (3) retrieve my encrypted string back from said method.

This would be too good to be true however.

The reality of RNCryptor is that it has methods like this:

[RNEncryptor encryptData:someData 
            withSettings:kRNCryptorAES256Settings
                password:someString
                   error:&someError];

This is confusing because of the terminology.

WHAT IS PASSWORD?

This is never explained. A password for what? Is this for a user password I want to encrypt, the password key that I want to encrypt with, or the password to login to my computer (sarcasm).

ENCRYPT DATA?

Is this a UTF8 encoded string of what the user credentials that I want to encrypt? That is my best guess but again, not explained in the RNCryptor Github "documentation".

解决方案

password is used to generate the encryption key, it is an NSString the data is encrypted with. encryptData is the data to encrypt and is an NSData.

Encryption works with data, that an array of 8-bit bytes. You need to convert whatever you have to an NSData. For an NSString there is the method:

NSData *dataToBeEncrypted = [myString dataUsingEncoding:NSUTF8StringEncoding];

and

NSString *myString = [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding];

Additionally it requires an encryption key, RNCryptor takes an NSString and derives an encryption key from it.

There are of course options and while most of these handles internally by RNCryptor there still some available to the developer using it.

There two main versions with more options, you are probably best off using the password version.

One taking a NSString password:

+ (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings password:(NSString *)password error:(NSError **)error;

A second taking an NSData encryption key as well as a NSData authentication key.

+ (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings encryptionKey:(NSData *)encryptionKey HMACKey:(NSData *)HMACKey error:(NSError **)error;

RNCryptor is you best choice, it handles key derivation from a password, a random IV, authentication of the encrypted data and padding.

这篇关于试图弄清RNCryptor的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！