所以我对你的stackoverflow天才的问题是:如果有一种方式(本机,库,框架,无论..)到加密数据与AES (最好128,但也可以是256) GCM模式?
So my question for you stackoverflow geniuses is: if there a way (native, library, framework, whatever..) to encrypt data with AES (preferably 128 but could be 256 too) using a strong Authenticated encryption algorithm, let's say GCM mode?
问题很简单,我已经做了一些研究,只找到一个似乎支持它的库( RNCryptor ),但似乎也使用密码密码而不是密钥(例如您提供密码,图书馆是密钥),而且我不喜欢这么多,我更喜欢自己管理我的密钥。
Question is short, I have done some research and I only found one library that seems to support it ( RNCryptor ) but it also seems to use password to crypt instead of keys (like you provide a password and the library made the key) and I don't like that a lot, I prefer to manage my keys myself.
我也看看 CommonCryptor.h ,我发现这行,这似乎是我的GCM在commoncryptor源代码中唯一的引用(但我可能是错的,实际上我可能是错误的) :
I also look at CommonCryptor.h and I found that line, which seems to me the only reference of GCM in commoncryptor source code (but I could be wrong, actually I am probably wrong) :
case kCCModeGCM: if((ref->symMode[direction].gcm = getCipherMode(cipher, mode, direction).gcm) == NULL) return kCCUnimplemented;感谢提前!
推荐答案感谢owlstead建议我进一步深入研究RNCryptor并找到解决方案。
Thanks to owlstead suggest I take a look deeper into RNCryptor and found a solution.
首先,是正确的,iOS不提供GCM,但在iOS中使用它。 ref there: iOS Security feb 2014
First of all after lots of googling it's seems that Zaph were right and iOS doesn't provide GCM but use it in iOS. ref there: iOS Security feb 2014
其次,RNCryptor不使用GCM,而是在CBC模式(密码块链接)中使用AES256,这是很好的,然后使用HMAC + SHA1进行验证。这符合我的要求。
Second, RNCryptor doesn't use GCM but use AES256 in CBC mode (Cipher Block Chaining), which is fine, and then authenticate with HMAC+SHA1. This fits my requirements.
要使用密钥加密并跳过密码导出部分,RNCryptor提供此功能:
To encrypt with a key and to skip the password derivation part, RNCryptor provide this function:
NSData *encryptedData = [RNEncryptor encryptData:yourData withSettings:kRNCryptorAES256Settings encryptionKey:encryptionKey HMACKey:HMACKey error:&error];,然后用此
NSData *decryptedData = [RNDecryptor decryptData:encryptedData withEncryptionKey:encryptionKey HMACKey:HMACKey error:&decryptionError];RNCryptor还提供密钥的随机生成方法。
RNCryptor also provide random generation methods for keys.
注意:使用AES256时请小心,密钥计划可能较弱: Schneier文章,但没有戏剧和AES256有其他观点是专业: Colin Percival的文章
Note: take care when using AES256, the key schedule can be weak: Schneier article but no drama and there are other point of view on AES256 that are pros: Colin Percival article
更多推荐
是否可以在iOS上使用AES128与GCM模式?
发布评论