iOS应用程序数据加密与公钥/私钥 [英] iOS App Data Encryption with Public / Private Keys

问题描述

我是这个主题的新手，并且感谢任何有关如何为iOS应用程序实施公共/私人密钥加密的帮助/方向。看起来安全框架会做我需要的，但我想确保我有最好的建议。

I am new to the subject, and would appreciate any help / direction on how to implement public / private key encryption for iOS Applications. Looks like the Security Framework will do what I need but I want to make sure I have the best advise.

基本上，用户A和用户B要安全地通信。用户A将具有用户B公钥，并使用该密钥加密消息。用户B然后获取消息并用私钥解密。

Basically, User A and User B want to communicate securely. User A will have User B public key, and use that to encrypt the message. User B then gets the message and decrypts it with the private key.

所以我猜问题是：

1. 生成公钥/私钥的最佳方式是什么？这是OpenSSL吗？

1. What is the best way to generate the public / private keys. Would that be OpenSSL?

如果是OpenSSL，是否有办法在iOS设备中执行此操作，或者我需要依赖于服务器/私人/公共密钥的外部代码？

If it is OpenSSL, is there a way to do that within the iOS device, or do I need to rely on a server / outside generation for the private / public keys?

如果在iOS设备之外生成私钥/公钥是唯一的选择，这是一个简单的事情iOS设备通过HTTP请求密钥文件，像普通的下载？

If generating the private / public keys outside iOS device is the only option, is this a simple matter of making the iOS device request the key files through HTTP, like a normal download?

终于有用户拥有公钥和私钥，有没有一个简单的教程/示例如何使用RSA加密和解密消息（RSA是选项btw）？

When finally users have the publica and private keys, is there a simple tutorial / example showing how to encrypt and decrypt the message using RSA (Is RSA the option btw)?

推荐答案

1. 如果可能，请避免使用OpenSSL，在OSX / iOS上使用Apple加密方法。


2. 在服务器端，OpenSSL可能是您最好的选择。 li>
   
3. 您可以使用 https 来安全地转移密钥。


4. 以下链接提供了很好的示例代码：

1. Avoid OpenSSL if possible, use the Apple crypto methods on OSX/iOS.
2. On the server side OpenSSL may be your best bet.
3. You can use https to transfer keys safely.
4. The following links provide good example code:

生成密钥使用 SecKeyGeneratePair（）有关示例代码，请参阅 SO问题。

To generate the keys use SecKeyGeneratePair() See SO Question for example code.

要获取运输密钥，请使用 SecItemCopyMatching（）请参阅 SO答案，例如代码。

To get the keys for transport use SecItemCopyMatching () See SO Answer for example code.

例如，执行RSA加密的代码见这个 SO答案

For example code to perform RSA encryption see this SO Answer

注意：

私有/公共密钥在同一台计算机上一起生成。公钥可以轻松，公开地共享，但问题是认证公钥。 https 是转移密钥的可行方法。

The private/public key are generated together on the same machine. The public key can be easily and openly shared but the issue is to authenticate the public key. https is a viable way to transfer the keys.

一般来说，数据不使用公共密钥/私钥进行加密/解密。这是由于几个原因：它非常慢，它的数据大小有限（受密钥大小限制）。一般情况下，使用AES和随机密钥等对称方法对数据进行加密，密钥用公钥加密，用私钥发送和解密。然后该密钥用于解密AES加密的实际数据。

Generally data is not encrypted/decrypted with pubic/private keys. This is for a couple of reasons: it is very slow, it has a limited data size (limited by the key size). Generally the data is encrypted with symmetric methods such as AES and a random key and the key is encrypted with the public key, sent and decrypted with the private key. Then the that key is used to decrypt the AES encrypted actual data.

OpenSSL不再由Apple提供，您需要获取您喜欢的源代码，并自行构建。说明不提供OpenSSL的原因是，当Apple提供当前版本并且开发人员使用不兼容的旧版本的应用程序时，次要版本不会向后兼容，并且创建问题。

OpenSSL is no longer provided by Apple, you would need to get a version of the source you like and build it yourself. The stated reason for not providing OpenSSL is that minor versions are not backward compatible and that created issues when Apple supplies the current version and developers have apps using an incompatible older version.

对于教程：Google。

For a tutorial: Google it.

这篇关于iOS应用程序数据加密与公钥/私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！