Benpian iOS reverse development is summarized in the first article, is a summary of the relevant technical analysis and iOS cryptography, we want to help, please correct me if wrong place.
I. Introduction
Cryptography history dating back 2,000 years ago, according to legend ancient Rome Julius Caesar in order to prevent the enemy intelligence intercept, transmit information with a password. Julius Caesar approach is relatively simple, through the establishment of a corresponding table for two dozen Roman alphabet, so if you do not know the password, interception will not work.
In 1976, all encryption methods are the same mode: encryption, decryption, using the same algorithm. When data exchange, the two sides need to communicate with each other to tell each other the rules, otherwise it would not be able to decrypt. Encryption and decryption of the rules is the key , protecting it seems particularly important to deliver key has become the biggest risk. This encryption method is referred to a symmetric encryption algorithm.
In 1977 there are three MIT mathematician Ronald Rivest (Ron Rivest), Adi Sammer (Adi Shamir) and Leonard Adleman (Leonard Adleman) algorithm with the design, you can achieve asymmetric encryption. The algorithm is to use the three named, called RSA algorithm
RSA cryptosystem special, two keys: a public key referred public (the publickey) and private secret key referred to as a private key (privatekey). Public key encryption, private key encryption; private key encryption, public key to decrypt. This algorithm is the great RSA algorithm.
- RSA encryption or signature is the result of irreversible binary, most will be converted to use BASE64 code re-transmission.
- When RSA encryption, there are restrictions on the size of data to be encrypted, is not greater than the maximum length of the key. As listed in the use of the key 1024bit ( )
genrsa -out rsa_private_key.pem 1024, the maximum data may be encrypted to the 1024/8 = 128Bytes. When data is larger than 128Bytes, then you need to encrypt data packets - data overrun because, encryption and decryption will fail, OpenSSL returns false, then the encrypted packets encrypted string stitched to the client after a string. - In order to ensure that each result of the encryption is different, then the data to be encrypted when splicing a random string RSA encryption and then encrypted. Padding different ways represent different filling length of the string, after the overrun data packets, will be added to the random string in the specified length Padding. The column is filled with default Padding OPENSSL_PKCS1_PADDING (required for filling occupying 11 bytes) so that a maximum length of the plaintext is 128-11 = 117Bytes.
- The recipient decrypting packets need. The original binary data is encrypted in each divided into a set of 128 Bytes, and then decrypts, after decryption, discards random string according to the length of the Padding, the resultant stitching together the original string, the original message is obtained.
Two, RSA principle
Reliability basis RSA algorithm: to do great integer factorization is difficult .
RSA asymmetric algorithm, encryption using a different key.
Two keys may be used for both encryption, to decrypt the other key . However, typically decrypts encrypted with the public, private, because the public key is. Theoretically between A and B is achieved by RSA secret communication, A and B each require a set of key generation, while maintaining control of their private key; the other message encrypted with the public to be transmitted, with its private key decrypt messages over an opponent.
In signing the scene, signing, public key authentication using the private key.
RSA other than DES symmetric encryption is much slower. Usually in the actual transmission of data, with relatively short RSA encryption symmetric cipher, the two sides before the transmission data exchanged symmetrical password algorithm such as DES.
2.1 Euler function
Euler function: find the number less than the number of positive integers coprime to N of N
For example: 5 corresponds with the number of prime 5 A total of 1,3, i.e. [Phi] ( N ) = 2.
The Euler function RSA algorithm is a special case, if N can be decomposed into two product of mutually prime integers: N = pq
Is: [Phi] ( N ) = [Phi] ( P ) [Phi] ( Q ) = ( P - . 1 ) ( Q - . 1 )
For example: [Phi] ( . 3 . 5 . 9 . 4 . 7 ) = [Phi] ( . 1 0 . 3 ) [Phi] ( . 3 . 4 . 9 ) = (103 - . 1 ) (349 - . 1 ) = 35496
2.2 modular multiplicative inverse
Two positive integers a and n are relatively prime, then we can find the integer B, such that the ab divisible by n-1, i.e. ab ≡ 1 (mod n)
Then Hou, b is called a modular multiplicative inverse
RSA encryption process:
- Take two prime numbers p1, p2
- Determining the value of n, n = p1 * p2, n values tend to a great extent to 1024 bits;
- Determining φ (n), so
φ(n)=(p1-1) * (p2-1); - Determining the value of e
1<e<φ(n),eis an integer and theφ(n)prime; - Determining the value of d
e*d%φ(n)=1; - Encryption c = m ^ e% n;
- Decrypting m = c ^ d% n
Actual verification:
- p1 = 3, p2 = 7;
- n = p1 * p2 = 3 * 7 = 21;
- z (n) = (p1-1) * (p2-1) = 2 * 6 = 12;
- 1 <e <12, e = 5 (12 and e is relatively prime values {1,5,7,11}, φ (12) = 4)
- e * d% φ (n) = 5 * d% 12 = 1, then d = 17
- Plain text m = 3, then c = m ^ e% n = 3 ^ 5% 21 = 12
- Decrypt the ciphertext m = c ^ d% n = 12 ^ 17% 21 = 3
The following is a diagram of data transmission:
Three, OpenSSL
openSSL Apple system built open-source encryption library, so that we can get through the private-public key terminal for data encryption.
The main command:
1. Generate RSA private key
openssl genrsa -out private.pem 1024
2. Extract the public key from the private key
openssl rsa -in private.pem -pubout -out public.pem
3. The private key is converted into plain text
openssl rsa -in private.pem -text -out private.txt
4. After public key encryption
openssl rsautl -encrypt -in message.txt -inkey public.pem -pubin -out enmsg.txt
5. After decrypt the private key
openssl rsautl -decrypt -in enmsg.txt -inkey private.pem -out demsg.txt
6. After encrypt the private key
openssl rsautl -sign -in message.txt -inkey private.pem -out enmsg2.txt
7. After the public key to decrypt
openssl rsautl -verify -in enmsg2.txt -inkey public.pem -pubin -out demsg2.txt
End-use:
1. Create a public and private key
2. View the private-public key
3. Create a text
4. The public key encryption
5. private key to decrypt
6. private key encryption
7. public key to decrypt
7 ways by the above, the following results illustrated:
You can try the above command through the terminal, sprinkle with it !!!
After the RSA is about basic explanation, we want to help! The next will explain the use of hashing algorithm in reverse!