.NET中的CryptoStream不会从目标C解密加密文件 [英] CryptoStream in .NET does not decrypt encrypted file from objective-C
问题描述
我正在 .NET和Objective-C应用程序之间实现兼容的二进制文件加密/解密。我正在 Objective-C 侧使用 RNCryptor 包。据我所知,我可以加密/解密字符串,但文件加密令我感到困扰。问题是,当我读取文件并加密其数据并将其写入文件时,它不会在 .NET应用程序中解密。如果我计算Base64字符串的加密数据,并解密在.NET中 - 从Base64字符串创建字节数组和解密与文件相同的登录,它解密。
在 Objective C和.NET 中加密数据到文件之间有任何区别CryptoStream ? p>
还是我缺少一些基本的东西?
在目标C中加密文件的代码是: -
RNEncryptor * encryptor = [[RNEncryptor alloc] initWithSettings:kRNCryptorAES256Settings
密码:密码
处理程序:^(RNCryptor * cryptor,NSData * data){
@autoreleasepool
{
NSLog(@6l out of out data%d ,[数据长度]);
[encodedText appendString:[data base64EncodingWithLineLength:0]];
[outputStream write:data.bytes maxLength:data.length];
dispatch_semaphore_signal(semaphore);
data = nil;
if(cryptor.isFinished)
{
[outputStream close];
NSLog(@我的encryptedText%@,encodedText);
encryptionError = cryptor.error;
//调用我的代理,我完成解密
}
}
}];
encryptor.filesize = [attrs fileSize];
while(inputStream.hasBytesAvailable)
{
@autoreleasepool
{
uint8_t buf [blockSize];
NSUInteger bytesRead = [inputStream read:buf maxLength:blockSize];
if(bytesRead> 0)
{
NSData * data = [NSData dataWithBytes:buf length:bytesRead];
}
total = total + bytesRead;
[encryptor addData:data];
dispatch_semaphore_wait(信号量,DISPATCH_TIME_FOREVER);
}
}
}
[inputStream close];
[encryptor finish];
dispatch_semaphore_wait(信号量,DISPATCH_TIME_FOREVER);
}
解密
[encodedText appendString:[data base64EncodingWithLineLength:0]];
始终有效,但文件不解密。
更新:
RNEncryptor实际上是一个高级加密api,用于做aes正确,而它有一个adhoc密文格式,它是typcial构造。要匹配您的dotnet代码与adhoc格式,您将不得不使用 RNCryptor keyForPassword:salt:settings:与 RNCryptorKeyDerivationSettings 匹配您的Rfc2898DeriveBytes。例如:
{
.keySize = kCCKeySizeAES256,
.saltSize = 16,
.PBKDFAlgorithm = kCCPBKDF2,
.PRF = kCCPRFHmacAlgSHA1,
.rounds = 1000
}
并使用 RNCryptorEngine 进行aes加密,并布局与您的adhoc .net格式相匹配的密文。
| IV(16字节)|密码盐(16字节)|密文|
这是假设明文已经是正确的格式
|消息长度(8字节)|某些类型的const标签(8字节)|消息| sha256消息散列(32字节)|
您可能只想使用iOS的内置 CCCryptor 直接在这一点而不是RNCryptor,如果你需要明文格式(我猜你做的)。
咨询: strong>
为了遇到这个问题的其他人的利益,海报的.net密文结构存在安全问题,不要使用它。 p>
以前的答案:
RNCryptor进行身份验证加密。
它应该实际上与我的代码兼容:
现代的对称身份验证加密示例string(C#)
然后解密,使用RNEncryptor生成的内容,使用:
var plainText = AESThanHmac.SimpleDecryptWithPassword(encryptedMessage,password,nonSecretPayloadLength:2);
nonSecretPayloadLength 为2,它将跳过 RNEncryptor标题的版本/选项。
I am implementing compatible binary file encryption/decryption between .NET and Objective-C apps. I am using RNCryptor package on Objective-C side. As far as I reached, I am able to encrypt/decrypt strings, but file encryption is troubling me. The problem is, when I read file and encrypt its data and write it to a file, it doesn't decrypt in .NET app. If I calculate Base64 string of encrpted data and decrypt that in .NET - creating byte array from Base64 string and decrypt with same login as of file, it decrypts.
Is there any difference between writing encrypted data to file in Objective C and .NETCryptoStream?
Or am I missing something basic? Code for encrypting file in objective C is :-
RNEncryptor *encryptor = [[RNEncryptor alloc] initWithSettings:kRNCryptorAES256Settings
password:password
handler:^(RNCryptor *cryptor, NSData *data) {
@autoreleasepool
{
NSLog(@"6length of out data %d",[data length]);
[encodedText appendString:[data base64EncodingWithLineLength:0]];
[outputStream write:data.bytes maxLength:data.length];
dispatch_semaphore_signal(semaphore);
data = nil;
if (cryptor.isFinished)
{
[outputStream close];
NSLog(@"my encryptedText %@",encodedText);
encryptionError = cryptor.error;
// call my delegate that I'm finished with decrypting
}
}
}];
encryptor.filesize=[attrs fileSize];
while (inputStream.hasBytesAvailable)
{
@autoreleasepool
{
uint8_t buf[blockSize];
NSUInteger bytesRead = [inputStream read:buf maxLength:blockSize];
if (bytesRead > 0)
{
NSData *data = [NSData dataWithBytes:buf length:bytesRead];
}
total = total + bytesRead;
[encryptor addData:data];
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
}
}
}
[inputStream close];
[encryptor finish];
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
}
Decrypting
[encodedText appendString:[data base64EncodingWithLineLength:0]];
always works but file doesn't decrypt.
Update:
RNEncryptor actually is a high level encryption api for doing aes right, while it has an adhoc ciphertext format it is the typcial construction. To match your dotnet code with it's on adhoc format, you will have to use RNCryptor keyForPassword:salt:settings: with RNCryptorKeyDerivationSettings matching your Rfc2898DeriveBytes. Such as:
{
.keySize = kCCKeySizeAES256,
.saltSize = 16,
.PBKDFAlgorithm = kCCPBKDF2,
.PRF = kCCPRFHmacAlgSHA1,
.rounds = 1000
}
And use RNCryptorEngine for your aes encryption, and layout the ciphertext matching your adhoc .net format.
| IV (16 bytes) | Password Salt (16 bytes) | Ciphertext |
This is assuming the plaintext is already in the right format too
| message length (8 bytes) | const tag of some sort (8 bytes) | message | sha256 hash of message (32 bytes) |
You may just want to use iOS's built-in CCCryptor directly at this point rather than RNCryptor if you need to make the plaintext format too (i'm guessing you do).
Advisory:
for the benefit of others who come across this question, there are security issues with the with the poster's .net ciphertext construction, don't use it.
Previous Answer:
RNCryptor does authenticated encryption.
It should actually be compatible with my code from: Modern Examples of Symmetric Authenticated Encryption of a string (C#)
Then to decrypt, what was produced with RNEncryptor, use:
var plainText = AESThanHmac.SimpleDecryptWithPassword(encryptedMessage, password, nonSecretPayloadLength: 2);
The nonSecretPayloadLength is to 2, so that it will skip the RNEncryptor Header's version/option.
这篇关于.NET中的CryptoStream不会从目标C解密加密文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
