加密8个字节的字符串/base64编码/最大长度20个字节 [英] Encrypt 8 byte string / base64 encode / max length 20 bytes

问题描述

在objective-c中加密和base64编码最大大小为20字节的UTF字符串的最佳方法/方法是什么?由于8字节的块大小，我倾向于Blowfish.

What is the best method/approach to encrypt and base64 encode a UTF String that has a max size of 20 bytes in objective-c? I'm leaning towards Blowfish because of the 8 byte block size.

请提供一些示例代码?谢谢.

Please provide some sample code? Thanks.

推荐答案

是.

DES，3DES和Blowfish的块大小为8字节，因此加密的输出为8字节，Base64编码的8字节将为12字节.

DES, 3DES and Blowfish have block sizes of 8-bytes so the encrypted output will be 8 bytes, Base64 encoding 8-bytes will result in 12 bytes.

AES的块大小为16，因此8字节+填充将为16字节的数据. Base64编码的16个字节将导致24个字节，因此AES无法正常工作.

AES has a block size of 16 so 8-bytes + padding will be 16-bytes of data. Base64 encoding 16-bytes will result in 24-bytes so AES will not work.

还有其他问题，例如CBC模式和iv，好的方案将使用随机iv并将其与加密消息一起传输.可以使用Base64中的其余位来传输部分iv.但这已经超越了问题.

There are other issues such as CBC mode and an iv, a good scheme would use a random iv and transport it with the encrypted message. One could use the remaining bits in the Base64 to transmit a partial iv. But this is getting past the question.

AES是当前首选的对称加密算法.不再建议将DES用于新工作，并且具有一些已知的弱密钥.也不建议使用河豚，但很多人都喜欢河豚，它可能比DES要好.

AES is the current preferred symmetric encryption algorithm. DES is not longer recommended for new work and has some known weak keys. Blowfish is also not recommended but a lot of people like it and it may be better than DES.

下面是一个示例，该示例使用带有64位密钥且没有iv的8字节数据.通过将Blowfish常数替换为3DES和24字节密钥，可以使用3DES.这不是推荐的解决方案，一个好的解决方案需要考虑使用情况，所需的安全性，数据值以及潜在的攻击者，例如iv和key.

Here is an example using 8-byte data with a 64-bit key and no iv. 3DES can be used by substitution of the Blowfish constants for 3DES and a 24-byte key. This is not a recommended solution, a good solution needs to consider usage, desired security, data value and potential attackers among other things such as iv and key.

+ (NSData *)doCipher:(NSData *)dataIn
                  iv:(NSData *)iv
                 key:(NSData *)symmetricKey
             context:(CCOperation)encryptOrDecrypt
               error:(NSError **)error
{
    CCCryptorStatus ccStatus   = kCCSuccess;
    size_t          cryptBytes = 0;    // Number of bytes moved to buffer.
    NSMutableData  *dataOut    = [NSMutableData dataWithLength:dataIn.length];

    ccStatus = CCCrypt( encryptOrDecrypt,
                       kCCAlgorithmBlowfish,
                       0,
                       symmetricKey.bytes,
                       kCCKeySizeMinBlowfish,
                       nil,
                       dataIn.bytes, dataIn.length,
                       dataOut.mutableBytes, dataOut.length,
                       &cryptBytes);

    if (ccStatus == kCCSuccess) {
        dataOut.length = cryptBytes;
    }
    else {
        if (error) {
            *error = [NSError errorWithDomain:@"kEncryptionError"
                                         code:ccStatus
                                     userInfo:nil];
        }
        dataOut = nil;
    }

    return dataOut;
}

测试: 我将上述方法放到了名为Test的类中.

Test: I dropped the above method into a class names Test.

uint8_t keyBytes[] = {0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18};
NSData *key = [NSData dataWithBytes:keyBytes length:8];
uint8_t dateBytes[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08};
NSData *data = [NSData dataWithBytes:dateBytes length:8];
NSLog(@"data:   %@", data);

NSError *error;
NSData *encryptData = [Test doCipher:data iv:nil key:key context:kCCEncrypt error:&error];
NSString *encryptString = [encryptData base64EncodedStringWithOptions:0];
NSLog(@"encryptData:   %@", encryptData);
NSLog(@"encryptString: %@", encryptString);

NSData *decryptData = [Test doCipher:encryptData iv:nil key:key context:kCCDecrypt error:&error];
NSLog(@"decryptData:   %@", decryptData);

输出:

data:          01020304 05060708
encryptData:   9e8ec0a8 71ab9d10
encryptString: no7AqHGrnRA=
decryptData    01020304 05060708

这篇关于加密8个字节的字符串/base64编码/最大长度20个字节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！