Common algorithms

  • DES Data Encryption Standard (used sparingly because it is not strong enough)

  • 3DES uses three keys to encrypt the same data for three times

  • AES Advanced password standard.

Application mode

  • ECB (Electronic Code Book) : Electronic Code Book mode. Each piece of data is encrypted independently.

    • The most basic encryption mode, that is, commonly understood encryption, the same plaintext will always be encrypted into the same ciphertext, no initial vector, vulnerable to passbook replay attacks, rarely used in general.

  • Cipher Block Chaining (CBC) : Cipher Block Chaining mode. Data is encrypted using a key and an initialization vector [IV].

    • The plaintext is encrypted after xOR operation with the previous ciphertext. Therefore, the same ciphertext will be encrypted after different initial vectors are selected. This is the most widely used ciphertext mode. CBC encrypted ciphertext is context-dependent, but plaintext errors are not passed to subsequent groups, but if one group is lost, all subsequent groups are invalidated (synchronization errors).

    • CBC effectively ensures the integrity of ciphertext. If a data block is lost or changed during transmission, subsequent data cannot be decrypted.

ECB practice exercise

  • Create a folder
  • Create a 123.txt file in the folder

  • Open the terminal and enter the folder
  • Enter the command openssl enc-des-ECB-k 616213-nosalt-in 123.txt-out msg1.bin
  • An encrypted binary file is created

  • Command: cat MSg1.bin Cannot be viewed
  • XXD msg1.bin can be viewed
  • View duplicate data

  • There’s some duplication in the data and I can write it down a little bit for validation purposes

  • Modify one of the small sections in view changes to generate an msg2.bin to see the differences between the two.bin files

  • The difference

Conclusion: ECB (Electronic Code Book) : Electronic Code Book mode. Each piece of data is encrypted independently.

DES is a ciphertext encryption algorithm. How many blocks are the data encrypted into? () A, 32 B, 64 C, 128 D, 256

  • 64 bit 8 bit for a byte for 8 bytes for a unit

CBC practical exercise

  • Command openssl ENc-des-CBC-k 616213-iv 0102030405060708 -nosalt -in 123.txt -out msg1.bin
  • After modifying some data, generate a MSg2.bin
  • Iv random value.

  • See the difference between
  • It’s inconsistent from here and then everything else is inconsistent from here.

Instruction set

  • Tip:
  • 1> The encryption process is encrypted first, and then base64 encodingCopy the code
  • 2> The decryption process is base64 decoding and then decryptionCopy the code

encryption

  • DES
    • DES encryption (ECB)
      • $ echo -n hello | openssl enc -des-ecb -K 616263 -nosalt | base64
    • DES encryption (CBC)
      • $ echo -n hello | openssl enc -des-cbc -iv 0102030405060708 -K 616263 -nosalt | base64
  • AES
    • AES encryption (ECB)
      • $ echo -n hello | openssl enc -aes-128-ecb -K 616263 -nosalt | base64
    • AES encryption (CBC)
      • $ echo -n hello | openssl enc -aes-128-cbc -iv 0102030405060708 -K 616263 -nosalt | base64

decryption

  • DES
    • DES (ECB)
      • $ echo -n HQr0Oij2kbo= | base64 -D | openssl enc -des-ecb -K 616263 -nosalt -d
    • DES (CBC)
      • $ echo -n alvrvb3Gz88= | base64 -D | openssl enc -des-cbc -iv 0102030405060708 -K 616263 -nosalt -d
    • AES (ECB)
      • $ echo -n d1QG4T2tivoi0Kiu3NEmZQ== | base64 -D | openssl enc -aes-128-ecb -K 616263 -nosalt -d
    • AES (CBC)
      • $ echo -n u3W/N816uzFpcg6pZ+kbdg== | base64 -D | openssl enc -aes-128-cbc -iv 0102030405060708 -K 616263 -nosalt -d

Code to rehearse

------- encryptionTools. h ---- // // encryptionTools. h // EncryptDemo // // Created by h on 2018/10/16. // Copyright © 2018 Hank. All rights reserved. # import < Foundation/Foundation. H > # import < CommonCrypto/CommonCrypto. H > / * * * * terminal test instructions * DES encryption (ECB) * $echo -n hello | openssl enc - DES - the ECB - 616263 - K nosalt | base64 encryption (CBC) * * * DES $echo -n hello | Openssl enc - des - 616263-0102030405060708 - K CBC to iv nosalt | base64 AES encryption (ECB) * * * $echo -n hello | openssl enc - aes - 128 - the ECB - 616263 - K nosalt | base64 aes encryption (CBC) * * * $echo -n hello | openssl enc - aes - 128-0102030405060708 CBC to iv - 616263 - K nosalt | base64 (ECB) decryption * $* * DES echo -n HQr0Oij2kbo = | | base64 - D openssl enc - DES - the ECB - 616263 - K nosalt (CBC) - d * * DES declassified * $echo -n alvrvb3Gz88 = | | base64 - d openssl enc - DES - CBC - 0102030405060708 - K 616263 - iv nosalt - d AES (ECB) decryption * * * $echo -n d1QG4T2tivoi0Kiu3NEmZQ = = | | base64 - D openssl enc - AES - 128 - the ECB - 616263 - nosalt - D * * K AES (CBC) decryption * $echo -n u3W/N816uzFpcg6pZ + KBDG = = | | base64 - D openssl enc - AES - 128 - CBC - iv in 0102030405060708-616263 K -nosalt -d * * EncryptionTools */ @interface EncryptionTools: NSObject + (instancetype)sharedEncryptionTools; /** @constant kCCAlgorithmAES Advanced Encryption standard, */ @property (Nonatomic, assign) Uint32_t algorithm; /** * encrypt string and return Base64 encoded string ** @param String String to be encrypted * @param keyString Encryption key * @param IV initialization vector (8 bytes) ** @return Returns the base64 encoded string */ - (NSString *)encryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv; /** * decrypted string ** @param String Encrypted and Base64 encoded string * @param keyString Decryption key * @param IV initialization vector (8 bytes) ** @return Returns the decrypted string */ - (NSString *)decryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv; @endCopy the code
------- EncryptionTools.m ----------- // // EncryptionTools.m // EncryptDemo // // Created by H on 2018/10/16. // Copyright © 2018 Hank. All Rights Reserved. // #import "encryptionTools.h" @interface EncryptionTools() @property (nonatomic, assign) int keySize; @property (nonatomic, assign) int blockSize; @end @implementation EncryptionTools + (instancetype)sharedEncryptionTools { static EncryptionTools *instance; static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ instance = [[self alloc] init]; instance.algorithm = kCCAlgorithmAES; }); return instance; } - (void)setAlgorithm:(uint32_t)algorithm { _algorithm = algorithm; switch (algorithm) { case kCCAlgorithmAES: self.keySize = kCCKeySizeAES128; self.blockSize = kCCBlockSizeAES128; break; case kCCAlgorithmDES: self.keySize = kCCKeySizeDES; self.blockSize = kCCBlockSizeDES; break; default: break; }} - (NSString *)encryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv {// set the secret key NSData *keyData = [keyString dataUsingEncoding:NSUTF8StringEncoding]; uint8_t cKey[self.keySize]; bzero(cKey, sizeof(cKey)); [keyData getBytes:cKey length:self.keySize]; // Set the iv uint8_t cIv[self.blocksize]; bzero(cIv, self.blockSize); int option = 0; if (iv) { [iv getBytes:cIv length:self.blockSize]; option = kCCOptionPKCS7Padding; } else {/ * * kCCOptionECBMode ECB model kCCOptionPKCS7Padding CBC encryption * / option = kCCOptionPKCS7Padding | kCCOptionECBMode; } / / set the output buffer NSData * data = [string dataUsingEncoding: NSUTF8StringEncoding]; size_t bufferSize = [data length] + self.blockSize; void *buffer = malloc(bufferSize); Size_t encryptedSize = 0; /** 1. KCCEncrypt /kCCDecrypt 2. Encryption algorithm 3. Encryption options ECB/CBC 4. The address of the KEY 5. Encrypted data (address) 8. Encrypted data length 9. Ciphertext memory address 10. */ CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, self.algorithm, option, cKey, self.keySize, cIv, [data bytes], [data length], buffer, bufferSize, &encryptedSize); NSData *result = nil; if (cryptStatus == kCCSuccess) { result = [NSData dataWithBytesNoCopy:buffer length:encryptedSize]; } else { free(buffer); NSLog (@ "[error] encryption failure | status code: % d", cryptStatus); } return [result base64EncodedStringWithOptions:0]; } - (NSString *)decryptString:(NSString *)string keyString:(NSString *)keyString iv:(NSData *)iv {// sets the secret key NSData *keyData = [keyString dataUsingEncoding:NSUTF8StringEncoding]; uint8_t cKey[self.keySize]; bzero(cKey, sizeof(cKey)); [keyData getBytes:cKey length:self.keySize]; // Set the iv uint8_t cIv[self.blocksize]; bzero(cIv, self.blockSize); int option = 0; if (iv) { [iv getBytes:cIv length:self.blockSize]; option = kCCOptionPKCS7Padding; } else { option = kCCOptionPKCS7Padding | kCCOptionECBMode; } / / set the output buffer NSData * data = [[NSData alloc] initWithBase64EncodedString: string options: 0]; size_t bufferSize = [data length] + self.blockSize; void *buffer = malloc(bufferSize); Size_t decryptedSize = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, self.algorithm, option, cKey, self.keySize, cIv, [data bytes], [data length], buffer, bufferSize, &decryptedSize); NSData *result = nil; if (cryptStatus == kCCSuccess) { result = [NSData dataWithBytesNoCopy:buffer length:decryptedSize]; } else { free(buffer); NSLog (@ "[error] decryption failure | status code: % d", cryptStatus); } return [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding]; } @endCopy the code
  • operation
- (void)viewDidLoad { [super viewDidLoad]; [EncryptionTools sharedEncryptionTools].algorithm = kCCAlgorithmDES; /** aes-ECB encryption */ NSString * key = @" ABC "; NSString * encStr = [[EncryptionTools sharedEncryptionTools] encryptString:@"hello" keyString:key iv:nil]; / / AES encryption - CBC uint8_t iv [8] =,2,3,4,5,6,7,8 {1}; NSData * ivData = [NSData dataWithBytes:iv length:sizeof(iv)]; NSLog(@" result of encrypting is %@",[[EncryptionTools sharedEncryptionTools] encryptString:@"hello" keyString:key iv:ivData]); NSLog(@" Results in %@",[[EncryptionTools sharedEncryptionTools] decryptString:@"u3W/N816uzFpcg6pZ+ KBDG ==" keyString:key iv:ivData]); } 616263 corresponds to the ASCII code of ABCCopy the code
  • Framework CommonCrypto

IOS encryption and decryption CommonCrypto framework