Kotani bald collection

  • In daily development, the brothers use encryption more or less. A little chat todayRSA&HASH

1. RSA asymmetric encryption

1.1. Features of RSA

  • Low efficiency of RSA encryption (public-key encryption-private key decryption, private key encryption-public key decryption)

  • The security of RSA encryption is relatively high (because the data transmitted in the middle is encrypted and difficult to crack)

1.2. Use RSA asymmetric encryption in iOS

Use public and private keys in iOS. Der and p12 files.

1.2.1. .derand.p12File File generation

    1. Generate the key fileprivate_key.pem(This could also be written as2048Bytes, but generally1024Bytes)

openssl genrsa -out private_key.pem 1024

    1. Request filecsrGeneration of (via private key file)

openssl req -new -key private_key.pem -out rsacert.csr

Fill in some request information

    1. Obtain the self-signed filecrt

openssl x509 -req -days 3650 -in rsacert.csr -signkey private_key.pem -out rsacert.crt

It’s good for 10 years

    1. throughcrtObtaining the Public Key File.der(Used in iOS development)

openssl x509 -outform der -in rsacert.crt -out rsacert.der

    1. iOSThe private key used in.p12File generation (remember the password set here)

openssl pkcs12 -export -out p.p12 -inkey private_key.pem -in rsacert.crt

    1. File display a wave of ~

1.2.2. RSA code test

That’s how RSA is used. In general, the client saves the public key and the server saves the private key, which is used to encrypt key data (this data cannot be big data because RSA is not efficient).

2. A HASH encryption

  • Guys use it in their normal developmentMD5It’s a kind ofHASH

HASH is an idea that includes MD5, but not MD5

2.1. Features of HASH

  • HASHisIrreversible operation(Meaning once you change, you can’t change it back.)

CMD5 = CMD5 = CMD5 = CMD5

  • HASH is often used to encrypt passwords.

  • HASH is the same length, 32 characters (hexadecimal)

  • Mainly used to validate data

2.2. Code usage

Specific implementation, too much online, here will not say

2.3. Add salt

As a result of the CMD5 website, the simple password is not as safe as imagined

  • So we came up with itAdd salt~ (so-calledAdd saltIs to put together a piece of data for him)

2.4. HMAC salt

The salt is fixed on the client side, so it is a bit bad to say that all users share the same salt

  • Now we use more orHMAC(It is said to be relatively safe, I have not used it in the project ~ hahaha)

In fact, this is also added salt ~ but this salt, from the server, relatively safe point

3. Log in using a password

Said some encryption methods (symmetric encryption after say ~)

3.1. Login in the project

We all know the user's password, the developer must not know.

  • First, let’s talk about the login of our project (brothers, big guys, I said don’t attack, or I will be a sinner ~ (but there is nothing to attack ~ small broken company)).

  • Our company is a typical account password login

  • The password is passed to the server using a HASH

  • What’s stored in the database is a HASH

  • This validates the HASH

Are all the HASH

3.2. Login of your ideal design

  • Men ~ will have some ideal, but my position is relatively low, said also do not calculate, can only and brothers in this mouth hi ~ ha ha ha

I have no way to test it. The leader plays back in 30 seconds ~ (the reason is: 1. The CURRENT IPA is still usable, 2. The DAU of IPA is only a little, there is no need to make it so complicated ~ : he convinced me, I think he is right ~), ah, I am too easy to listen to others opinions ~

  • But I still want to write out their own ideas (brothers see good ~, bad words hope you can give advice ~)

It may still be lacking a lot, but I don’t think it’s safe to just HASH, given the site

3.2.1. Registration process

3.2.2. Login process

3.2.3. The situation of users changing mobile phones

This is my imagination, but I have limited ability and power, can not test. After the happy life depends on brothers ~

4. Digital signature

  • Digital signature is easy to say

  • I feel like I’m teaching a fish how to swim in front of my paid brothers

  • In simple terms, when important data is transmitted, the HASH value of the data is brought along, and RSA is used to encrypt the HASH value to ensure the reliability of the data (to prevent the information from being tampered with).

  • Gu still has to draw pictures

If the intermediate data is tampered with, then the client compares the HASH differently, and this data is discarded

5. To summarize

  • RSA&HASH encryption is used in the development of many. You can see that a little bit

  • Hope this knowledge will bring you some help ~ (Xiaogu is a man, not too can say hypocritical words, hahaha)