RSA & HASH
Steps to generate a CSR file from Apple
- There is no way for iOS to encrypt and decrypt using pem. If you use pem, you need to create it in keystring access
- Create the CSR file request file
Procedure for generating a certificate through OpenSSL
-
Requesting a CSR file
- Fill in some information about the organization
- Use the private key (private.pem) created by yourself to generate a request file and sign it in the signature authority
- Certificates like HTTPS are the same
- Signing is proof that the certificate is valid
- The three men who founded RSA created a company, set up a special signing agency, and made money from signatures
- They can also sign is no authentication
The command to request a CSR file
openssl req -new -key private.pem -out rsacert.csr
Copy the code
-
The signature
-
Signature command
openssl x509 -req -days 3650 -in rsacert.csr -signkey private.pem -out rsacert.crt Copy the code
-
Result of signature
- Maximum use of CRT. For example, if you make an HTTPS request, you put it on the company’s server and someone else needs to receive it
- The content of the CRT
-
-
Converting CRTS into usable ones where did we get this from Apple
-
CRT to der command
openssl x509 -outform der -in rsacert.crt -out rsacert.der Copy the code
-
Result of transformation
-
Once you have the DER, you can bind a key to keystring access
-
-
Convert to a P12 file
-
The command
openssl pkcs12 -export -out p.p12 -inkey private.pem -in rsacert.crt Copy the code
-
The result of the conversion requires a password
-
The P12 file is paired with the DER file. Once you have these two files, you can encrypt and decrypt them in your code
-
Pem is the private key * public. Pem is the public key * rsacert. CSR is the request file * rsacert. CRT is the certificate for authentication * rsacert.der is the certificate. Der and P12 can only be used in the encryption and decryption code. The files after encryption and decryption are binary files. In iOS, it is NSData binary files. To display binaries, the binaries are transcoded to base64
Base64 encoding
-
What you see above with the cat command is the result of base64 encoding
-
validation
-
Create message.txt file
-
Encode the file and view the contents
-
Base64 decoding
-
-
Principle 0 to 9 A to z A to Z + / = Text Wikipedia Base64 consists of 65 characters
-
Base64 encoding of text Man
-
The table can be queried by the index above
-
If there are only two characters, there are only 16 bits. You can’t divide 16 by 6 by filling in the 0’s, and only filling in the 0’s after that
-
IOS uses Base64 encoding and decoding
To sum up, base64 encodes and decodes binary in table lookup mode. It is only suitable for representing binary files such as the result of hash value encryption
RSA encryption
- Loading public and private keys and encrypting and decrypting
- (void)viewDidLoad { [super viewDidLoad]; // 1 loadPublicKey [[RSACryptor sharedRSACryptor] loadPublicKey:[[NSBundle mainBundle] pathForResource:@"rsacert" ofType:@"der"]]; // 2 loadPrivateKey [[RSACryptor sharedRSACryptor] loadPrivateKey:[[NSBundle mainBundle] pathForResource:@"p" ofType:@"p12"] password:@"123456"]; } - (void)touchesBegan:(NSSet<UITouch *> *)touches withEvent:(UIEvent *)event {// NSData *result = [[RSACryptor sharedRSACryptor] encryptData:[@"hello" dataUsingEncoding:NSUTF8StringEncoding]]; NSString *base64 = [result base64EncodedStringWithOptions:0]; NSLog(@" encrypted result %@", base64); NSData *jiemi = [[RSACryptor sharedRSACryptor] decryptData:result]; NSLog (@ "decryption: % @", [[nsstrings alloc] initWithData: jiemi encoding: NSUTF8StringEncoding]); }Copy the code
- The result is different because there is a fill mode in RSA
/ *! @typedef SecPadding @abstract Supported padding types. */ typedef CF_OPTIONS(uint32_t, SecPadding) { kSecPaddingNone = 0, kSecPaddingPKCS1 = 1, kSecPaddingOAEP = 2, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0), /* For SecKeyRawSign/SecKeyRawVerify only, ECDSA signature is raw byte format {r,s}, big endian. First half is r, second half is s */ kSecPaddingSigRaw = 0x4000, /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is an MD2 hash; standard ASN.1 padding will be done, As well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1MD2 = 0x8000, 10.12, "MD2 is deprecated") __IOS_DEPRECATED(2.0, 5.0, "MD2 is deprecated") __TVOS_UNAVAILABLE __WATCHOS_UNAVAILABLE, /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is an MD5 hash; standard ASN.1 padding will be done, */ kSecPaddingPKCS1MD5 = 0x8001, // __OSX_DEPRECATED(10.0, 10.12, "MD5 is deprecated") __IOS_DEPRECATED(2.0, 5.0, "MD5 is deprecated") __TVOS_UNAVAILABLE __WATCHOS_UNAVAILABLE, /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA1 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1SHA1 = 0x8002, /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA224 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1SHA224 = 0x8003, / / __OSX_UNAVAILABLE __IOS_AVAILABLE (2.0), / * For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA256 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1SHA256 = 0x8004, / / __OSX_UNAVAILABLE __IOS_AVAILABLE (2.0), / * For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA384 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1SHA384 = 0x8005, / / __OSX_UNAVAILABLE __IOS_AVAILABLE (2.0), / * For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA512 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1SHA512 = 0x8006, / / __OSX_UNAVAILABLE __IOS_AVAILABLE (2.0),};Copy the code
KSecPaddingNone does not fill the secret text unchanged other changes will be made
One of the application scenarios of RSA
- Server (public key) Client (private key)
- When you install an app on your phone, it comes with a public key
- The server periodically updates the symmetric encryption key delivered to the client.
- Public and private keys decrypt and encrypt keys
- The key encrypts and decrypts the transmitted data
- A public key can also send updates
RSA application Scenario 2 signature
Hash
Common Hash algorithms
- md5
- sha1 sha256 sha512
Common symmetric encryption
- DES
- 3DES
- AES is what Apple uses and it’s also called advanced Cryptographic Standard and it’s what the NSA uses
The characteristics of the Hash
- The algorithm is public
- The same data, you get the same answer
- The default value is 128 bits,32 characters (hexadecimal identifier).
- You can’t reverse it
- The result of the hash is finite, but the data is infinite. Two or more data must have the same hash value, which is a hash collision
- Summary of information, “fingerprint” of information, is used for data identification
The purpose of the Hash
- Encryption of user passwords
- Search engine
- copyright
- A digital signature
Encryption of user passwords
- The principle of
- Network transmitted data/locally saved data (private data) cannot be in plaintext
- The server also cannot save plaintext passwords
PS company’s secret disclosure, will assume the corresponding legal responsibility
-
Password encryption mode
- RSA Encryption password
- Advantages: Network leakage may be low
- disadvantages
- The server saves the user’s real password (plaintext password). Data on the server is leaked, causing security risks. (The developer had better not know the password, so it is better to use hash.)
- The private key and public key are open to developers, who may leave the company with them, and the cost of replacing users’ public keys is high
- Hash encryption
- It is more secure for both the client transport and the server not to know the plaintext password
- RSA Encryption password
-
The Hash using
- md5
- The hash value can be used to query the MD5 web site
- Add salt
- Md5 (password + salt) A salt is a fixed, complex string
- Logical design Client/server configuration. During registration, the client sends the encrypted hash to the server, and the server stores the hash value with the account on the server. The next time you log in, you send the hash to the server to authenticate the user
- Salt may be taken away by the developer and cannot be fixed
- HMAC encryption
-
The server delivers the key, and the client HMAC hashes the key twice, with one key for each account
-
The characteristics of
- The server delivers a key. Key is an unfixed salt
- The client HMAC hashes twice
- One key for each account
-
The registration process
- Send the account to the server to check whether there are users registered with account such as hankv587
- If there is no registration, the server delivers a key and binds it with HankV587 to send the key to the client
- After obtaining the key, the client enters the password for HMAC encryption
- The hash value obtained after encryption is sent to the server for saving
- Each time you log in, the key is delivered
- The key is small and can be encrypted using RSA
- After the phone is changed, the key is reissued. If there is no key, the login is not authorized
- A lot of apps, authorized login
- It is best to use keystring access to save keys locally. Keystring access can be either plain text or encrypted
- When changing the password, enter the password again to change the key
- Keychain access is encrypted for deposit and decrypted for extraction
- When replacing a key, enter the password and obtain the original key for authentication. After the authentication succeeds, the client receives the key and the server updates the key
-
The password is secure, but a hacker can simulate a user getting a hash value and then logging in
-
Hash + timestamp
- The original login method remains unchanged
- The authentication mode is changed ((HMAC hash value)+202006052134). Md5 time accurate to minute is delivered by the server
- Server ((HMAC hash)+202006052135 own time). Md5 authentication failed
- The server verifies another minute ((HMAC hash)+202006052134 own time). Md5 passes
- Hackers must log in within 59 seconds and authorization is relatively safe
- Timestamp Custom timestamps can also be encrypted with RSA
-
- md5
Search engine
- For example, search thesaurus iOS Changsha Hank/ Changsha iOS Hank
- Computes the hash value for each word
- MD5 (“iOS”) = 1bdf605991920db11cbdf8508204c4eb
- MD5 (” changsha “) = 6 b357589b12f6141fc48c4b0375ef2f9
- MD5 (“Hank”) = ba02b1e3410f72ad50c76f9c144d6b3
- Add those hash
- 1bdf605991920db11cbdf8508204c4eb + 6b357589b12f6141fc48c4b0375ef2f9 + ba02b1e3410f72ad50c76f9c144d6b3
- The order of changes in the number of times results in the same value
- Computes the hash value for each word
- copyright
- Any file can generate a hash value when a file is uploaded
- But when you download something, like a picture or a video, you add something that’s the same, but not the same as the original file
- Hash is used to identify web disk data
A digital signature
Why use the word signature. Because foreigners like to use checks, and the signature on the check proves it’s yours. So digital signature, as the name implies, is a method used to identify digital information
- The purpose is to verify that the binary data is original and issued by the issuing authority
- What techniques are used to identify the authenticity of the data?
- Hash
- Data + Hash value of data
- The party receiving the data uses the same algorithm to calculate the hash value of the data and compares it with the received hash value. If they are different, the data has been changed
- But the hash value is also changed, and the authentication passes
- Data + RSA (Hash value of data)
- The receiving party decrypts the data using RSA to obtain the hash value of the data
- Use the same hash algorithm to calculate the hash value of data
- Compare two hash values. If they are different, the data is modified and the authentication fails
- The hash is not modified during transmission
- Encrypting data using RSA is called data signature
- RSA (hash value of data) becomes the data signature of the original data
- Digital signature is very widely used in alipay, the payment platform of major banks, iOS signature verification
- IOS signature verification is code signing
- A digital signature is a signature of data
- It’s essentially the same thing
conclusion
- RSA terminal code, RSA code demonstration.
- The characteristics of RSA
- RSA is very secure (because the entire business logic is secure)
- Very low encryption efficiency (cannot encrypt large data)
- To encrypt critical data! For example, encrypt hash values and HMAC keys
- Hash
- Algorithm in public
- Irreversible operation
- The same data gives the same result
- Different data have the same length
- General user data identification (password, copyright, Baidu cloud data identification)
- Hash purposes
- Password encryption
- MD5 direct encryption
- Can be backqueried
- Salt fixed with salt is a safety hazard
- HMAC encrypts data using dynamic keys
- HMAC(better solution)
- In HASH + timestamp mode, different encryption results are greatly affected by time
- MD5 direct encryption
- Password encryption
- A digital signature
- Algorithm: RSA + HASH
- Purpose: Verify that data integrity is not tampered with
- Logic:
- 1 Data Indicates the original data of the packet
- 2 HASH value of the original data
- 3 The HASH value of the original data is obtained by RSA (data signature)