5.2 For ordinary request and return data, generate MD5 verification (add dynamic key to MD5) and check data integrity (simple tamper-proof, low security, advantages: fast).
5.3 For important data, RSA is used for digital signature to prevent tampering.
5.4 For sensitive data, such as user information (login, registration, etc. ), the client sends with RSA encryption, and the server returns with DES(AES) encryption.
Reason: The client sends using RSA encryption because RSA decryption needs to know the server private key, which is generally difficult to steal; If DES is used, the key can be obtained by cracking the client, and the security is low. The reason why DES is used in server return is that no matter whether DES or RSA is used, the key (or private key) is stored in the client, and there is a risk of being cracked. So you need to use dynamic keys. RSA's key generation is complicated, which is not suitable for dynamic keys. RSA's speed is slow, so DES is selected.
Post the relevant algorithm code (in fact, it may be easier to use some mature third-party libraries, but write it yourself, free of charge). Note that most of the encryption algorithms here refer to some existing mature algorithms, or use them directly.
1、MD5
//Because category was used, no parameters were passed in.
-(NSString *) stringFromMD5 {
if(self = = nil | |[self length]= = 0){
Return to nil
}
const char * value =[self utf8 string];
Unsigned character output buffer [cc _ MD5 _ digest _ length];
CC_MD5 (value, strlen (value), output buffer);
NSMutableString * output string =[[NSMutableString alloc]initwith capacity:CC _ MD5 _ DIGEST _ LENGTH * 2];
for(n integer count = 0; Count & LTCC _ MD5 _ digest _ lengthcount++) {
[output string append format:@ " % 02x ",output buffer[count]];
}
Return [outputString is automatically released];
}
2、Base64
+(ns string *)base 64 encodedata:(ns data *)obj data {
const unsigned char * objRawData =[obj data bytes];
char * objPointer
char * strResult
//Get the original data length and make sure that we do have the data.
int int length =[obj data length];
If (intLength == 0) returns nil.
//Set the result placeholder based on the string and the pointer inside the placeholder.
strResult =(char *)calloc((int length+2)/3)* 4,sizeof(char));
objPointer = strResult
//Traverse everything
while(int length & gt; 2) {// Continue until we are less than 24 people.
* obj pointer++ = _ base 64 encoding table[objRawData[0]& gt; & gt2];
* obj pointer++ = _ base 64 encodingtable[((objRawData[0]& amp; 0x 03)& lt; & lt4)+(objRawData[ 1]& gt; & gt4)];
* obj pointer++ = _ base 64 encodingtable[((objRawData[ 1]& amp; 0x0f)& lt; & lt2)+(objRawData[2]& gt; & gt6)];
* obj pointer ++ = _ base 64 encoding table[objRawData[2]& amp; 0x3f];
//We have just processed three octets (24 bits) of data.
objRawData+= 3;
int length-= 3;
}
//Now deal with the end of the matter
if (intLength! = 0) {
* obj pointer++ = _ base 64 encoding table[objRawData[0]& gt; & gt2];
if(int length & gt; 1) {
* obj pointer++ = _ base 64 encodingtable[((objRawData[0]& amp; 0x 03)& lt; & lt4)+(objRawData[ 1]& gt; & gt4)];
* obj pointer++ = _ base 64 encodingtable[(objRawData[ 1]& amp; 0x0f)& lt; & lt2];
* obj pointer++ = ' = ';
} Otherwise {
* obj pointer++ = _ base 64 encodingtable[(objRawData[0]& amp; 0x 03)& lt; & lt4];
* obj pointer++ = ' = ';
* obj pointer++ = ' = ';
}
}
//Terminate string-based results
* objPointer = ' \ 0
ns string * rst str =[ns string string withcstring:str result encoding:nsascii istringencoding];
Free (obj pointer);
Return rstStr
}
3、AES
-(ns data *)EncryptAES:(ns string *)key {
char keyPtr[kcckeysizees 256+ 1];
bzero(keyPtr,sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr)encoding:nsu TF 8 string encoding];
Nsu integer dataLength =[ own length];
size _ t buffer size = dataLength+kccblocksizeaes 128;
void * buffer = malloc(buffer size);
size _ t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,kCCAlgorithmAES 128,
kccoptionpkcs 7 padding | kCCOptionECBMode,
keyPtr,kCCBlockSizeAES 128,
Empty,
[self byte], data length,
Buffer, buffer size,
& ampnumBytesEncrypted);
if (cryptStatus == kCCSuccess) {
Return [nsdatadatawithbytesnocopy: buffer length: numbytes encrypted];
}
Free (buffer);
Return to nil
}
4、RSA
-(ns data *)encryptWithData:(ns data *)content {
Size _ t plain len =[ content length];
if(plain len & gt; maxPlainLen) {
NSLog(@ "content (%ld) is too long, and must be <% ld", plainLen, max plain len);
Return to nil
}
void * plain = malloc(plain len);
[Number of content bytes: normal.
Length: plain len];
size _ t cipher len = 128; //At present, the RSA key length is set to 128 bytes.
void * cipher = malloc(cipher len);
OS status return code = sec key encrypt(public key,kSecPaddingPKCS 1,plain,
Plain, password, and. cipher len);
NSData * result = nil
if (returnCode! = 0) {
NSLog(@"SecKeyEncrypt failed. Error code: %ld ",return code);
}
Otherwise {
Result = [NSData data bytes: password.
Length: cipher len];
}
Free (plain color);
Free (password);
Return the result;
}