我试图在目标c中加密/解密AES-128 GCM格式的字符串。 我到处寻找但似乎无法找到有效的解决方案。
I am trying to encrypt/decrypt a string in an AES-128 GCM format in objective c. I have looked everywhere but can't seem to find a working solution.
最满意答案
不久前我遇到了类似的问题,我能找到的最佳答案就是这个问题 。 总而言之,iOS有一些功能可以做你想要的,但它们是私有的。
因此,在Apple决定发布这些功能之前,我选择开发自己的库,目前存储在GitHub中并可在CocoaPods中使用 。
您描述的案例可以通过以下方式实现:
#import <CommonCrypto/CommonCrypto.h> #import "IAGAesGcm.h" // For the case you describe, the key length is 128 bits (16 bytes) u_char keyBytes[kCCKeySizeAES128] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10}; NSData *key = [NSData dataWithBytes:keyBytes length:sizeof(keyBytes)]; // GCM recommends a IV size of 96 bits (12 bytes), but you are free // to use other sizes u_char ivBytes[12] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C}; NSData *iv = [NSData dataWithBytes:ivBytes length:sizeof(ivBytes)]; NSData *aad = [@"AdditionalAuthenticatedData" dataUsingEncoding:NSUTF8StringEncoding]; // Authenticated Encryption Function NSData *expectedPlainData = [@"PlainData" dataUsingEncoding:NSUTF8StringEncoding]; // The returned ciphered data is a simple class with 2 properties: the actual encrypted data and the authentication tag. // The authentication tag can have multiple sizes and it is up to you to set one, in this case the size is 128 bits // (16 bytes) IAGCipheredData *cipheredData = [IAGAesGcm cipheredDataByAuthenticatedEncryptingPlainData:expectedPlainData withAdditionalAuthenticatedData:aad authenticationTagLength:IAGAuthenticationTagLength128 initializationVector:iv key:key error:nil]; // Authenticated Decryption Function NSData *plainData = [IAGAesGcm plainDataByAuthenticatedDecryptingCipheredData:cipheredData withAdditionalAuthenticatedData:aad initializationVector:iv key:key error:nil]; XCTAssertEqualObjects(expectedPlainData, plainData);希望这段代码有任何帮助。
为了结束(并且感谢zaph提到这个),我还没有对这段代码进行任何基准测试,所以假设它很慢 。 我打算用它来解密JWE字符串中的令牌,并且只是不时,我不推荐任何比这要求更多的东西。
问候。
Not so long ago I had a similar problem and the best answer I could find was this one. To sum up, iOS has some functions to do what you want but they are private.
So, until Apple decides to release these functions, I opted for developing my own library, currently stored in GitHub and available in CocoaPods.
The case you describe could be implemented this way:
#import <CommonCrypto/CommonCrypto.h> #import "IAGAesGcm.h" // For the case you describe, the key length is 128 bits (16 bytes) u_char keyBytes[kCCKeySizeAES128] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10}; NSData *key = [NSData dataWithBytes:keyBytes length:sizeof(keyBytes)]; // GCM recommends a IV size of 96 bits (12 bytes), but you are free // to use other sizes u_char ivBytes[12] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C}; NSData *iv = [NSData dataWithBytes:ivBytes length:sizeof(ivBytes)]; NSData *aad = [@"AdditionalAuthenticatedData" dataUsingEncoding:NSUTF8StringEncoding]; // Authenticated Encryption Function NSData *expectedPlainData = [@"PlainData" dataUsingEncoding:NSUTF8StringEncoding]; // The returned ciphered data is a simple class with 2 properties: the actual encrypted data and the authentication tag. // The authentication tag can have multiple sizes and it is up to you to set one, in this case the size is 128 bits // (16 bytes) IAGCipheredData *cipheredData = [IAGAesGcm cipheredDataByAuthenticatedEncryptingPlainData:expectedPlainData withAdditionalAuthenticatedData:aad authenticationTagLength:IAGAuthenticationTagLength128 initializationVector:iv key:key error:nil]; // Authenticated Decryption Function NSData *plainData = [IAGAesGcm plainDataByAuthenticatedDecryptingCipheredData:cipheredData withAdditionalAuthenticatedData:aad initializationVector:iv key:key error:nil]; XCTAssertEqualObjects(expectedPlainData, plainData);Hope this code is of any help.
To end (and thanks zaph for mentioning this), I have not performed any benchmarking of this code, so assume that it is slow. I intend to use it to decipher tokens in a JWE string and only from time to time, I do not recommend anything more requiring than that.
Regards.
更多推荐
发布评论