.NET中的CryptoStream不会从目标C解密加密文件 [英] CryptoStream in .NET does not decrypt encrypted file from objective-C
问题描述
我正在 .NET和Objective-C应用程序
之间实现兼容的二进制文件加密/解密。我正在 Objective-C
侧使用 RNCryptor
包。据我所知,我可以加密/解密
字符串,但文件加密令我感到困扰。问题是,当我读取文件并加密其数据并将其写入文件时,它不会在 .NET应用程序
中解密。如果我计算Base64字符串的加密数据,并解密在.NET中 - 从Base64字符串创建字节数组和解密与文件相同的登录,它解密。
在 Objective C和.NET
中加密数据到文件之间有任何区别CryptoStream ?
p>
还是我缺少一些基本的东西?
在目标C中加密文件的代码是: -
RNEncryptor * encryptor = [[RNEncryptor alloc] initWithSettings:kRNCryptorAES256Settings
密码:密码
处理程序:^(RNCryptor * cryptor,NSData * data){
@autoreleasepool
{
NSLog(@6l out of out data%d ,[数据长度]);
[encodedText appendString:[data base64EncodingWithLineLength:0]];
[outputStream write:data.bytes maxLength:data.length];
dispatch_semaphore_signal(semaphore);
data = nil;
if(cryptor.isFinished)
{
[outputStream close];
NSLog(@我的encryptedText%@,encodedText);
encryptionError = cryptor.error;
//调用我的代理,我完成解密
}
}
}];
encryptor.filesize = [attrs fileSize];
while(inputStream.hasBytesAvailable)
{
@autoreleasepool
{
uint8_t buf [blockSize];
NSUInteger bytesRead = [inputStream read:buf maxLength:blockSize];
if(bytesRead> 0)
{
NSData * data = [NSData dataWithBytes:buf length:bytesRead];
}
total = total + bytesRead;
[encryptor addData:data];
dispatch_semaphore_wait(信号量,DISPATCH_TIME_FOREVER);
}
}
}
[inputStream close];
[encryptor finish];
dispatch_semaphore_wait(信号量,DISPATCH_TIME_FOREVER);
}
解密
[encodedText appendString:[data base64EncodingWithLineLength:0]];
始终有效,但文件不解密。
更新:
RNEncryptor实际上是一个高级加密api,用于做aes正确,而它有一个adhoc密文格式,它是typcial构造。要匹配您的dotnet代码与adhoc格式,您将不得不使用 RNCryptor keyForPassword:salt:settings:
与 RNCryptorKeyDerivationSettings
匹配您的Rfc2898DeriveBytes。例如:
{
.keySize = kCCKeySizeAES256,
.saltSize = 16,
.PBKDFAlgorithm = kCCPBKDF2,
.PRF = kCCPRFHmacAlgSHA1,
.rounds = 1000
}
并使用 RNCryptorEngine
进行aes加密,并布局与您的adhoc .net格式相匹配的密文。
| IV(16字节)|密码盐(16字节)|密文|
这是假设明文已经是正确的格式
|消息长度(8字节)|某些类型的const标签(8字节)|消息| sha256消息散列(32字节)|
您可能只想使用iOS的内置 CCCryptor
直接在这一点而不是RNCryptor,如果你需要明文格式(我猜你做的)。
咨询: strong>
为了遇到这个问题的其他人的利益,海报的.net密文结构存在安全问题,不要使用它。 p>
以前的答案:
RNCryptor进行身份验证加密。
它应该实际上与我的代码兼容:
现代的对称身份验证加密示例string(C#)
然后解密,使用RNEncryptor生成的内容,使用:
var plainText = AESThanHmac.SimpleDecryptWithPassword(encryptedMessage,password,nonSecretPayloadLength:2);
nonSecretPayloadLength
为2,它将跳过 RNEncryptor标题的版本/选项。
I am implementing compatible binary file encryption/decryption between .NET and Objective-C apps
. I am using RNCryptor
package on Objective-C
side. As far as I reached, I am able to encrypt/decrypt
strings, but file encryption is troubling me. The problem is, when I read file and encrypt its data and write it to a file, it doesn't decrypt in .NET app
. If I calculate Base64 string of encrpted data and decrypt that in .NET - creating byte array from Base64 string and decrypt with same login as of file, it decrypts.
Is there any difference between writing encrypted data to file in Objective C and .NET
CryptoStream?
Or am I missing something basic? Code for encrypting file in objective C is :-
RNEncryptor *encryptor = [[RNEncryptor alloc] initWithSettings:kRNCryptorAES256Settings
password:password
handler:^(RNCryptor *cryptor, NSData *data) {
@autoreleasepool
{
NSLog(@"6length of out data %d",[data length]);
[encodedText appendString:[data base64EncodingWithLineLength:0]];
[outputStream write:data.bytes maxLength:data.length];
dispatch_semaphore_signal(semaphore);
data = nil;
if (cryptor.isFinished)
{
[outputStream close];
NSLog(@"my encryptedText %@",encodedText);
encryptionError = cryptor.error;
// call my delegate that I'm finished with decrypting
}
}
}];
encryptor.filesize=[attrs fileSize];
while (inputStream.hasBytesAvailable)
{
@autoreleasepool
{
uint8_t buf[blockSize];
NSUInteger bytesRead = [inputStream read:buf maxLength:blockSize];
if (bytesRead > 0)
{
NSData *data = [NSData dataWithBytes:buf length:bytesRead];
}
total = total + bytesRead;
[encryptor addData:data];
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
}
}
}
[inputStream close];
[encryptor finish];
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
}
Decrypting
[encodedText appendString:[data base64EncodingWithLineLength:0]];
always works but file doesn't decrypt.
Update:
RNEncryptor actually is a high level encryption api for doing aes right, while it has an adhoc ciphertext format it is the typcial construction. To match your dotnet code with it's on adhoc format, you will have to use RNCryptor keyForPassword:salt:settings:
with RNCryptorKeyDerivationSettings
matching your Rfc2898DeriveBytes. Such as:
{
.keySize = kCCKeySizeAES256,
.saltSize = 16,
.PBKDFAlgorithm = kCCPBKDF2,
.PRF = kCCPRFHmacAlgSHA1,
.rounds = 1000
}
And use RNCryptorEngine
for your aes encryption, and layout the ciphertext matching your adhoc .net format.
| IV (16 bytes) | Password Salt (16 bytes) | Ciphertext |
This is assuming the plaintext is already in the right format too
| message length (8 bytes) | const tag of some sort (8 bytes) | message | sha256 hash of message (32 bytes) |
You may just want to use iOS's built-in CCCryptor
directly at this point rather than RNCryptor if you need to make the plaintext format too (i'm guessing you do).
Advisory:
for the benefit of others who come across this question, there are security issues with the with the poster's .net ciphertext construction, don't use it.
Previous Answer:
RNCryptor does authenticated encryption.
It should actually be compatible with my code from: Modern Examples of Symmetric Authenticated Encryption of a string (C#)
Then to decrypt, what was produced with RNEncryptor, use:
var plainText = AESThanHmac.SimpleDecryptWithPassword(encryptedMessage, password, nonSecretPayloadLength: 2);
The nonSecretPayloadLength
is to 2, so that it will skip the RNEncryptor Header's version/option.
这篇关于.NET中的CryptoStream不会从目标C解密加密文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!