RSA加密文件大于PublicKey [英] RSA Encryption File larger than PublicKey

问题描述

使用以下方法，我可以成功加密不大于256Bit的NSData-Object：

With the following method i can successfully encrypt a NSData-Object which is not bigger than the 256Bit:

OSStatus SecCertificateCopyPublicKey (
                                  SecCertificateRef certificate,
                                  SecKeyRef *key
                                  );

- (NSData *)encryptWithData:(NSData *)content {

OSStatus result = -1;

NSData *plainTextData = content;//[@"123456789" dataUsingEncoding:NSUTF8StringEncoding];
size_t plainTextLength = [plainTextData length];

SecTrustRef trustRef;
SecTrustResultType trustResult;

SecPolicyRef policy = SecPolicyCreateBasicX509();

NSData *certificateData = [self getPublicKey];

SecCertificateRef cert = NULL;
if( [certificateData length] ) {
    cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData);
    if( cert != NULL ) {
        CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
        NSString* summaryString = [[NSString alloc] initWithString:(__bridge NSString*)certSummary];
        NSLog(@"CERT SUMMARY: %@", summaryString);
        CFRelease(certSummary);
    } else {
        NSLog(@" *** ERROR *** trying to create the SSL certificate from data located, but failed");
    }
}

result = SecTrustCreateWithCertificates(cert, policy, &trustRef);

if (result != errSecSuccess) {
    NSLog(@"Trust create failed with code: %d",(int)result);
    return nil;
}

result = SecTrustEvaluate(trustRef, &trustResult);

if (result != errSecSuccess) {
    NSLog(@"Trust eval failed with code: %d",(int)result);

    CFRelease(trustRef);
    return nil;
}

SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef);

uint8_t *cipherTextBuf = NULL;


size_t keyBlockSize = SecKeyGetBlockSize(publicKey);
int maxInputSize = keyBlockSize - 11; //If using PKCS1 Padding, else keyBlockSize
size_t cipherTextLen = keyBlockSize;

if (plainTextLength > maxInputSize) {
    //Fail
    NSLog(@"Data size is larger than max permitted!");

    CFRelease(trustRef);
    CFRelease(publicKey);
    CFRelease(policy);

    return nil;
}

cipherTextBuf = malloc(sizeof(uint8_t)*keyBlockSize);
memset(cipherTextBuf,0,keyBlockSize);

//result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainTextBuf, plainTextLength, cipherTextBuf, &cipherTextLen);
result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, (const uint8_t *)[plainTextData bytes], plainTextLength, cipherTextBuf, &cipherTextLen);

NSData *cipherText = nil;
if (result == errSecSuccess) {

    cipherText = [NSData dataWithBytes:cipherTextBuf length:cipherTextLen];

} else {
    NSLog(@"Error detected: %d",(int)result);
}

free(cipherTextBuf);
cipherTextBuf = NULL;

CFRelease(trustRef);
CFRelease(publicKey);
CFRelease(policy);

return cipherText;
}

-(NSData *)getPublicKey
{
NSString *filePath = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"cer"];
NSData *myData = [NSData dataWithContentsOfFile:filePath];

return myData;
}

但是我如何加密大于256Bit的文件？！

But how would i encrypt a file which is larger than 256Bit?!

推荐答案

一般程序是非对称地（例如使用RSA）传输可用于加密/解密有效负载的对称密钥像AES这样的对称密码（与CBC一样的分组密码模式）。如果可能的话，你应该避免自己建立这样的加密。一个相当用户友好的库是 NaCl ，钠实施据称可以与iOS一起使用。

The general procedure is to asymmetrically (with RSA for example) transfer a symmetric key that can be used to encrypt/decrypt your payload with a symmetric cipher like AES (in combination with a block cipher mode like CBC). If possible you should avoid building such crypto yourself though. A rather user friendly library is NaCl for which the Sodium implementation purportedly can be used with iOS.

这篇关于RSA加密文件大于PublicKey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！