Small knowledge, big challenge! This article is participating in the creation activity of “Essential Tips for Programmers”.

IOS encryption-related algorithm framework: CommonCrypto.

1. Symmetric encryption

Symmetric encryption in iOS includes DES, 3DES, and AES.

  • Encryption and decryption use the same key.
  • Encryption and decryption process:
    • Plaintext -> key encryption -> ciphertext,
    • Ciphertext -> Key decryption -> plaintext.
  • Advantages: open algorithm, less computation, fast encryption speed, high encryption efficiency, suitable for mass data encryption;
  • Disadvantages: The two parties use the same key. The key transmission process is insecure and easy to crack. Therefore, the key needs to be changed frequently to keep it secret.

1.1 the AES

The ADVANCED Encryption Standard (AES) is a next-generation encryption algorithm standard that supports encryption with 128, 192, and 256-bit keys. The encryption and decryption keys are the same. IOS generally uses ECB mode with 16-byte 128-bit key. AES algorithm mainly includes three aspects: round change, turn number and key expansion.

  • Advantages: High performance, high efficiency, flexible and easy to use, high security level.
  • Disadvantages: Encryption and decryption of the same key, so the use of AES encryption, how to safely save the key becomes a problem.

1.2 the DES

DES: indicates the Data encryption standard. The entry parameters of the DES algorithm are Key, Data, and Mode.

  • Among themKeyIs 7 bytes, 56 bits in total, is the working key of DES algorithm.DataIt is 8 bytes and 64 bits, which is the data to be encrypted or decrypted.ModeDES works in two modes: encryption and decryption.
  • Disadvantages: Less security than AES.

1.3 3 des

3DES is a mode of the DES encryption algorithm. It uses three 64-bit keys to encrypt data for three times. DES is the encryption algorithm to AES transition, is a more secure transformation of DES. It takes DES as the basic module and designs a packet encryption algorithm by combinatorial packet method.

Asymmetric encryption: RSA encryption

  • Asymmetric encryption algorithms require two keys in pairs, public keys (publickey) and private keys (privatekey).
  • Encryption and decryption: There is only one public key corresponding to a private key. The generator is responsible for generating the private and public keys, saving the private keys, and publicizing the public keys.

Public key encryption, private key decryption; Or private key digital signature, public key authentication. Public and private keys are paired, and they decrypt each other.

  • Features:
    • 1. Keep information confidential to prevent man-in-the-middle attack: The plaintext is encrypted through the recipient’s public key and transmitted to the recipient. Only the recipient has the corresponding private key, but others cannot have or calculate the private key through the public key. Only the recipient with the private key can read it. This method is typically used to exchange symmetric keys.
    • 2. Authentication and tampering prevention: The permission dog encrypts an authorization plaintext with its private key, and sends the authorization plaintext, encrypted ciphertext, and public key together. The receiver needs to decrypt the ciphertext with the public key to determine whether the plaintext has been tampered. This method is used for digital signatures.
  • Advantages: Small degree of encryption, long encryption time, commonly used for digital signatures and encryption keys, high security, solves the security problem of symmetric encryption keys.
  • Disadvantages: encryption and decryption speed is much slower than symmetric encryption, not suitable for mass data encryption.

3. Hash algorithm encryption:MD5 encryption,The SHA encryption,HMAC encryption

  • Hash algorithm encryption is used to encrypt data using the hash algorithm. The encrypted result is irreversible, that is, the encrypted data cannot be decrypted.
  • Features: irreversible, algorithm open, the same data encryption results consistent.
  • Function: information summary, information “fingerprint”, used to do data identification. For example, user password encryption, file verification, digital signature, and authentication protocol.

MD5 encryption: The result of encrypting different data is 32 characters of fixed length. SHA encryption: a secure hash algorithm, which applies to the digital signature Algorithm (DSA) defined in the Digital Signature Standard (DSS). For messages less than 2^64 bits in length, SHA1 produces a 160-bit message digest. This message digest can be used to verify data integrity when a message is received. As the data is likely to change during transmission, different message digests will be generated. Of course, there are SHA256 and SHA512 in addition to SHA1. HMAC encryption: Given a key, the plaintext encryption is hashed twice, and the result is still a 32-bit string.

4. Base64 encryption

  • An encoding method that is not, strictly speaking, an encryption algorithm. Its function is to encode binary data into text, convenient network transmission.
  • Encoding in Base64 increases the length of the data by about a third, but the advantage is that the encoded data can be displayed directly in emails and web pages.
  • Although Base64 can be used as encryption, but base64 can be reversed, very insecure!
  • Base64 encoding has a very distinctive feature, the ‘=’ sign at the end.
  • Principle:
    • 1. Convert all characters to ASCII codes.
    • 2. Convert ASCII code to 8-bit binary;
    • 3. Divide binary three bits into a group of 24 bits and then divide them into a group of six bits and a group of four bits;
    • 4. Add two zeros to eight bits before the six-bit binary;
    • 5. Convert the binary to decimal.
    • 6. Finally, obtain the Base64 encoding corresponding to decimal from the Base64 encoding table.