在Mac上进行公钥加密/解密的示例代码? [英] Sample code for public key encryption/decryption on Mac?

问题描述

在哪里可以找到一些用于Mac OS X上公钥加密和解密的简单示例代码?我为Apple的证书，密钥和信任服务编程指南"展示了如何在iOS上执行此操作而感到沮丧，但是所需的API(SecKeyEncrypt，SecKeyDecrypt)显然在Mac OS X上不可用.一种在"CryptoSample"中执行此操作的方法，但它看起来并不清晰或简单，并且示例项目太旧了，无法使用当前版本的Xcode打开.

Where can I find some simple sample code for public key encryption and decryption on Mac OS X? I'm frustrated that Apple's "Certificate, Key, and Trust Services Programming Guide" shows how to do this stuff on iOS, but the needed APIs (SecKeyEncrypt, SecKeyDecrypt) are apparently not available on Mac OS X. There's probably a way to do it in "CryptoSample", but it doesn't look clear or simple, and the sample project is too old to open with the current version of Xcode.

推荐答案

在Mac OS发行版之间，Security Framework API经常更改.最佳方法取决于您定位的版本:

The Security Framework APIs change rather frequently between Mac OS releases. The best approach depends on what version you target:

1. 如果您的代码仅需要在10.7和更高版本上运行，则可以使用 Security Transforms ，这是一种用于加密转换的新的高级公共API. Security Transforms编程指南具有有用(且很简单！)的示例代码:

1. If your code only needs to run on 10.7 and above, you can use Security Transforms, a new high-level public API for cryptography transformations. The Security Transforms Programming Guide has useful (and simple!) example code:

http://developer.apple .com/library/mac/#documentation/Security/Conceptual/SecTransformPG/SecurityTransformsBasics/SecurityTransformsBasics.html

您将要使用SecEncryptTransformCreate或SecDecryptTransformCreate创建转换，使用SecTransformSetAttribute设置其输入并使用SecTransformExecute执行.

You'll want to create a transform using SecEncryptTransformCreate or SecDecryptTransformCreate, set its input using SecTransformSetAttribute and execute it with SecTransformExecute.

如果需要支持Mac OS 10.6或更低版本，则必须使用低级且相当吓人的CDSA API. CryptoSample的cdsaEncrypt是一个简洁的示例.

If you need to support Mac OS 10.6 or below, you must use the low-level and rather scary CDSA APIs. CryptoSample's cdsaEncrypt is a concise example.

http://developer.apple.com/library /mac/#samplecode/CryptoSample/Listings/libCdsaCrypt_libCdsaCrypt_cpp.html

分别使用SecKeyGetCSPHandle和SecKeyGetCSSMKey可以从SecKeyRef中获得CSSM_CSP_HANDLE和CSSM_KEY.

You can get a CSSM_CSP_HANDLE and a CSSM_KEY from a SecKeyRef by using SecKeyGetCSPHandle and SecKeyGetCSSMKey, respectively.

要了解有关CDSA的更多信息，可以从Open Group获得完整规范(免费，但需要注册):

To learn more about CDSA, the full specification is available from the Open Group (free, but requires registration):

https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid = 11287

祝你好运！

如果私钥被创建为可导出，则可以将其导出为不受保护的格式，然后直接使用openssl.这将原始密钥数据直接放置在应用程序的地址空间中，因此无法实现钥匙串"的主要目的之一.不要这样做.

If the private key was created exportable, you can export it in an unprotected format and use openssl directly. This puts the raw key data directly in the address space of your application, so it defeats one of the primary purposes of the Keychain. Don't do this.

最后，您可以搞乱私有函数. Mac OS 10.6和10.7包括但不公开声明SecKeyEncrypt和SecKeyDecrypt，并具有与iOS上相同的参数.快速的肮脏解决方案是简单地声明和使用它们(弱链接，通常有一些警告).在计划分发给其他人的代码中，这样做可能不是一个好主意.

Finally, you can mess around with private functions. Mac OS 10.6 and 10.7 include, but do not publicly declare, SecKeyEncrypt and SecKeyDecrypt, with the same arguments as on iOS. The quick'n'dirty solution is to simply declare and use them (weakly linked, with the usual caveats). This is probably a bad idea to do in code that you plan to distribute to others.

这篇关于在Mac上进行公钥加密/解密的示例代码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！