Impatient children's shoes look directly here Demo
after running can go online encrypted site verification
AES (Advanced Encryption Standard) Advanced Encryption Standard, also known as Rijndael encryption method, is a block encryption standard adopted by the US federal government. This standard is used to replace the original DES
Five AES encryption mode
There are five AES encryption mode (the CBC, an ECB, CTR, OCF3, the CFB)
1. Electronic Codebook Mode (Electronic Codebook Book (an ECB)
2. Cipher Block Chaining mode (the Cipher Block Chaining (the CBC))
3. calculator mode (Counter (CTR))
4. Cipher feedback mode (the Cipher feedBack (the CFB))
5. The output feedback mode (output feedBack (OFB))
IOS is generally used in ECB and CBC two kinds.
This pattern code ECB-
ECB is the simplest block cipher encryption mode, encryption block size before encryption (AES 128-bit encryption block is fixed) divided into blocks, after each use the same key individually encrypted, so the same encrypted plaintext block generated according to the same the ciphertext.
Cipher Block Chaining mode CBC-
CBC mode for each ciphertext block to be encrypted before encryption will first ciphertext block before a password and then use the encryption XOR encryption. The first plaintext block and the initialization vector data blocks called exclusive or.
OK, the simplest theoretical understanding, and we will look at the most important iOS dry goods: encryption and decryption functions CCCrypt
CCCrypt - encryption and decryption functions
CCCryptorStatus CCCrypt(
CCOperation op, /* kCCEncrypt, etc. */
CCAlgorithm alg, /* kCCAlgorithmAES128, etc. */ CCOptions options, /* kCCOptionPKCS7Padding, etc. */ const void *key, size_t keyLength, const void *iv, /* optional initialization vector */ const void *dataIn, /* optional per op and alg */ size_t dataInLength, void *dataOut, /* data RETURNED here */ size_t dataOutAvailable, size_t *dataOutMoved) Important parameters:
- CCOperation op: encryption kCCEncrypt, decryption kCCDecrypt
- CCAlgorithm alg: encryption, where the same kCCAlgorithmAES128 and kCCAlgorithmAES, AES 128-bit encryption block is fixed, different (of course, the number of rounds encryption process often different lengths AES128,192,256 said encryption of encryption keys only, here not explained)
- Options CCOptions:
kCCOptionPKCS7Padding: fill mode
kCCOptionECBMode: ECB mode - size_t keyLength: The following parameters are seeing a lot of blog whether it is 128 or 256, they are written kCCBlockSizeAES128 here, this is not right, but it is still out of this encryption 128 encryption
enum {
kCCKeySizeAES128 = 16,
kCCKeySizeAES192 = 24,
kCCKeySizeAES256 = 32,
kCCKeySizeDES = 8, kCCKeySize3DES = 24, kCCKeySizeMinCAST = 5, kCCKeySizeMaxCAST = 16, kCCKeySizeMinRC4 = 1, kCCKeySizeMaxRC4 = 512, kCCKeySizeMinRC2 = 1, kCCKeySizeMaxRC2 = 128, kCCKeySizeMinBlowfish = 8, kCCKeySizeMaxBlowfish = 56, }; - iv: offset vector, CBC mode requires, does not pass 16-bit default 0, ECB need not
About CCCrypt the key and keyLength
AES block size of 128 bits, the length is 16 characters need IV (ECB mode without IV), a key according to the specified key character bits 16,24,32 respectively, over the length of the key and the IV is taken, less than at the end of filling '\ 0' make up
The relationship between the key and keyLength, now regarded figured it out, we passed the key is the key, keyLength is to determine the key length, that is the real difference aes128,192,256, if the key is passed 32 bit, 256 is the number of bits required, but keyLength chose kCCKeySizeAES128, then the real key is actually the interception in front of 16, if the key pass 16, but keyLength chose kCCKeySizeAES256, that is the key bits is not enough, will auto-complete to 32
although the key length is not enough, then automatically filled or intercepted, but the feeling is passed the correct key is better, keysize 128 of = 16,192keysize = 24,256keysize = 32
Well, directly on the code
Demo
need to introduce#import <CommonCrypto/CommonCrypto.h>
AES256 ECB mode encryption
+(NSData *)dataByAes256ECB:(NSData *)data key:(NSString *)key mode:(CCOperation)operation {
char keyPtr[kCCKeySizeAES256 + 1];//选择aes256加密,所以key长度应该是kCCKeySizeAES256,32位 bzero(keyPtr, sizeof(keyPtr));//清零 [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];//秘钥key转成cString NSUInteger dataLength = data.length; size_t bufferSize = dataLength + kCCBlockSizeAES128; void * buffer = malloc(bufferSize); size_t numBytesDecrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(operation, kCCAlgorithmAES128, kCCOptionPKCS7Padding | kCCOptionECBMode,//ECB模式 keyPtr, kCCKeySizeAES256, NULL,//选择ECB模式,不需要向量 data.bytes, dataLength, buffer, bufferSize, &numBytesDecrypted); if (cryptStatus == kCCSuccess) { NSData * result = [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]; return result; } free(buffer); return nil; } AES128 CBC mode encryption
+(NSData *)dataByAes128CBC:(NSData *)data key:(NSString *)key mode:(CCOperation)operation iv:(NSString *)iv {
char keyPtr[kCCKeySizeAES128 + 1]; bzero(keyPtr, sizeof(keyPtr)); [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = data.length; size_t bufferSize = dataLength + kCCBlockSizeAES128; void * buffer = malloc(bufferSize); size_t numBytesDecrypted = 0; NSString * initIv = iv; char ivPtr[kCCBlockSizeAES128+1]; memset(ivPtr, 0, sizeof(ivPtr)); [initIv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding]; CCCryptorStatus cryptStatus = CCCrypt(operation, kCCAlgorithmAES128, kCCOptionPKCS7Padding, keyPtr, kCCKeySizeAES128, ivPtr, data.bytes, dataLength, buffer, bufferSize, &numBytesDecrypted); if (cryptStatus == kCCSuccess) { NSData * result = [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]; return result; } free(buffer); return nil; }