1. Encryption and decryption methods
For RSA encryption and decryption, the iOS API also provides methods in both forms.
SecKeyEncrypt SecKeyDecryptCopy the codeOpenssl also provides a number of methods:
RSA_public_encrypt
RSA_private_encrypt
RSA_public_decrypt
RSA_private_decrypt
Copy the codeIn comparison, openSSL provides more explicit methods, such as: public key decryption, private key decryption, private key encryption, public key decryption. Although the iOS native provides only encryption and decryption methods, it is clearly stated in the method annotation that encryption is used with the public key and decryption is used with the private key.
In fact, public key encryption private key decryption is also the most common way, private key encryption public key decryption is not much, but private key encryption public key decryption is sometimes needed. If you really need private key encryption and public key decryption, OpenSSL is more convenient, but in fact, iOS can also do private key encryption and public key decryption.
Here is an overview of RSA encryption and decryption:
1. Generate a key
Public key (E,N) Private key (E,D,N)Copy the code2. The encryption
Ciphertext = plaintextE% N Plaintext = ciphertextD % N
Let’s go through a concrete example to intuitively experience, through calculation we now get a specific key pair:
Public key =(E, N) =(5,323) Private key =(D, N) =(29,323) B = AE mod N = pow(123, 5) % 323 = 225 A = BD mod N = pow(225, 29) % 323 = 123
If A(123) is plaintext, the above procedure is public key encryption and private key decryption. If B(225) is plaintext, the above procedure is private key encryption and public key decryption.
Switching the order might clear things up a bit:
A = BDMod N = POw (225, 29) % 323 = 123 (key encryption) B = AEMod N = pow(123, 5) % 323 = 225 (public key decryption)
In this way, we will find that encryption and decryption is actually the same method. So why is there encryption and decryption? My understanding is:
Encryption means that the incoming data is computed directly (as above), but the data is processed according to the padding mode, excluding the padding random number.
So from the principle of private key encryption public key decryption is all right, just need to do some data processing. Concrete implementation can see Demo.
2, segmented encryption
The RSA algorithm itself requires that the length of the text must be 0<m<n, that is, the content must not be larger than n, otherwise an error occurs. So if m=0, the RSA encryptor will simply return all zeros. Therefore, when encrypting long data, divide the data into segments. The length of each segment cannot be greater than the modulus length (key length).
In actual RSA encryption, the segment length is also related to the fill mode:
| Fill the way | Maximum input length | The length of the output | Fill the content |
|---|---|---|---|
| PKCS1 | keySize – 11 | keySize | The random number |
| NONE | keySize – 1 | keySize | 00 |
Some articles say that padding is NONE and the maximum input length is keySize, which is actually risky. If the plaintext length is the same as the key length, the plaintext may be larger than the module, which will cause errors in encryption. So the recommended padding is NONE is the plaintext segment length keySize minus 1.
After segmented encryption, segmented decryption is required. In actual RSA encryption, the encrypted ciphertext is always equal to the length of the key. Therefore, the segmented size of the ciphertext is directly determined by the length of the key during segmented decryption.
3. Fill mode
In practice, random factors should be added in the encryption and decryption process to improve security and prevent various attacks. In order to generate different ciphertext for the same plaintext each time it is encrypted, some random numbers are filled before encryption, which is not only available in RSA, but also available in symmetric encryption such as DES, known as padding. There are various types of padding standards in encryption standards, such as PCKS1.
For PKCS1, this padding format requires that each encrypted data be at least 11 bytes shorter than the key length (keysize-11). The padding format is as follows:
PS as random fill number, M is expressly 00 00 02 | PS | | M (public-key encryption) 00 00 01 | PS | | M (private key encryption)Copy the codeThe value that starts with 00 also ensures that the data to be encrypted is not larger than the modulus of the key.
Another common one is None, which is preceded by zero (0) if the plaintext is shorter than the key
0000 | M
Copy the codeThe Demo portal