iOS Swift Diffie-Hellman 密钥交换来加密和解密消息?使用安全飞地 [英] iOS Swift Diffie-Hellman key exchange to encrypt and decrypt messages? using Secure Enclave
问题描述
如何使用 Diffie-Hellman 密钥交换来加密和解密消息?
How can i use the Diffie-Hellman key exchange to encrypt and decrypt messages?
我能够生成共享密钥(对于 bob 和 alice)但是 SecKeyCopyKeyExchangeResult 返回给我一个数据...我怎样才能让 SecKey 与 SecKeyCreateDecryptedData 一起使用 和 SecKeyCreateEncryptedData ?
I'am able to generate the shared keys (for both bob and alice) but SecKeyCopyKeyExchangeResult returns me a Data...how can i get SecKey to use with SecKeyCreateDecryptedData and SecKeyCreateEncryptedData ?
所以我认为我应该以某种方式从共享数据中提取 SecKey,以便我可以进行对称加密/解密.
So i think i should extract the SecKey somehow from the shared data so i can make symettrical encryption/decryption.
目前的代码是:
let bob_shared_secret: NSData = generateSharedKey_ecdh(publicKey: alicePublicKey, privateKey: bobPrivateKey)!
let alice_shared_secret: NSData = generateSharedKey_ecdh(publicKey: bobPublicKey, privateKey: alicePrivateKey)!
print("equals? \(bob_shared_secret == alice_shared_secret)!") //true
let clearText = "Hello From Alice"
let algorithm: SecKeyAlgorithm = .eciesEncryptionCofactorVariableIVX963SHA256AESGCM
let cipherTextData: Data? = SecKeyCreateEncryptedData(alicePublicKey, algorithm,
clearTextData as CFData,
&error) as Data?
let clearTextData = SecKeyCreateDecryptedData(???? as SecKey, //what to put here??
algorithm,
cipherTextData as CFData,
&error) as Data?
private func generateSharedKey_ecdh(publicKey: SecKey, privateKey: SecKey) -> NSData?
{
var error: Unmanaged<CFError>?
let keyPairAttr:[String : Any] = [
kSecAttrKeySizeInBits as String: 256, //retro compatibility
kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom, //Elliptic curve algorithm.
kSecPrivateKeyAttrs as String: [kSecAttrIsPermanent as String: false],
kSecPublicKeyAttrs as String:[kSecAttrIsPermanent as String: false],
SecKeyKeyExchangeParameter.requestedSize.rawValue as String: 256
]
let algorithm:SecKeyAlgorithm = SecKeyAlgorithm.ecdhKeyExchangeStandardX963SHA256
let shared:CFData? = SecKeyCopyKeyExchangeResult(privateKey, algorithm, publicKey, keyPairAttr as CFDictionary, &error)
return shared
}
密钥对生成...密钥对是我创建的一个包含密钥的类
Key Pair generation... keypair it's a class i created to contain keys
class KeyPair {
var publicKey: SecKey
var privateKey: SecKey
init(publicKey: SecKey, privateKey: SecKey) {
self.publicKey = publicKey
self.privateKey = privateKey
}
}
private func generateKeyPair() -> KeyPair? {
let attributes: [String: Any] = [kSecAttrKeySizeInBits as String: 256,
kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
kSecPrivateKeyAttrs as String: [kSecAttrIsPermanent as String: false],
kSecPublicKeyAttrs as String:[kSecAttrIsPermanent as String: false]]
var error: Unmanaged<CFError>?
if let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error),
let publicKey = SecKeyCopyPublicKey(privateKey){
return KeyPair(publicKey: publicKey, privateKey: privateKey)
}
return nil
}
推荐答案
SecKeyCreateEncryptedData 和 SecKeyCreateDecryptedData 用于非对称加密(使用 ECIES 或 RSA)
SecKeyCreateEncryptedData and SecKeyCreateDecryptedData is for asymetric encryption (using ECIES or RSA)
要执行对称加密/解密操作,您应该使用 CommonCrypto 或它的纯 Swift 替代方案,例如 CryptoSwift 和 AES 算法.
To perform a symetric encryption / decryption operation you should use CommonCrypto or a pure Swift alternative of it like CryptoSwift and an AES algorithm.
这篇关于iOS Swift Diffie-Hellman 密钥交换来加密和解密消息?使用安全飞地的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
