密碼學(xué)之RSA

文章引用自泡菜,有興趣的同學(xué)可以看看里面的數(shù)學(xué)原理。

RSA終端命令

首先要生成一對(duì)公鑰和秘鑰,利用mac自帶的openSSL。

1、生成私鑰

openssl genrsa -out private.pem 1024
執(zhí)行結(jié)果得到一個(gè)private.pem文件

?  ~ cd Desktop                          
?  Desktop openssl genrsa -out private.pem 1024
Generating RSA private key, 1024 bit long modulus
......++++++
.++++++
e is 65537 (0x10001)
?  Desktop

明文查看私鑰

openssl rsa -in private.pem -text -out private.txt

?  Desktop openssl rsa -in private.pem -text -out private.txt
writing RSA key
?  Desktop cat private.txt 
Private-Key: (1024 bit)
modulus:
    00:c4:8f:af:46:b0:83:c6:b1:4f:36:30:2f:21:b0:(此處省略)
publicExponent: 65537 (0x10001)
privateExponent:
    51:62:68:a1:2d:2e:b2:92:f1:88:2f:35:24:8e:b2:(此處省略)
prime1:
    00:fb:67:9e:d7:60:14:2d:5f:a5:ab:27:1d:84:64:(此處省略)
prime2:
    00:c8:27:70:69:cb:4c:32:fe:d4:f2:20:80:8a:75:(此處省略)
exponent1:
    00:8d:64:d2:ee:38:e8:40:38:aa:19:5f:8f:77:55:(此處省略)
exponent2:
    7a:d8:ba:06:34:e0:ef:eb:b8:87:63:ab:81:4f:f6:(此處省略)
coefficient:
    78:1c:1f:69:c5:4b:58:ed:ad:b0:18:9d:2f:01:72:(此處省略)
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDEj7VdnVhocskujLkYlH
(此處省略)
GjnWFHjzeyAlT+54ELndGiaOsqNoyi4gzBXvaiM3Oak=
-----END RSA PRIVATE KEY-----
?  Desktop

2、生成公鑰,公鑰由私鑰生成

openssl rsa -in private.pem -pubout -out public.pem
執(zhí)行結(jié)果得到一個(gè)public.pem文件

?  Desktop openssl rsa -in private.pem -pubout -out public.pem
writing RSA key
?  Desktop

3、嘗試用公鑰加密,私鑰解密

3.1 創(chuàng)建文本

?  Desktop vim message.txt
?  Desktop cat message.txt 
hello
?  Desktop

3.2 公鑰加密

openssl rsautl -encrypt -in message.txt -inkey public.pem -pubin -out enc.txt
查看加密后的結(jié)果是一串亂碼

?  Desktop openssl rsautl -encrypt -in message.txt -inkey public.pem -pubin -out enc.txt
?  Desktop cat enc.txt 
aJ?gM??N?PB?????,???5?2???l?$/m?(???,j?'?U?α42?Y/S??SL?&c?0F?'g?Qh??Z?)??!??Y(?m???V??7??i???J)?Z??F?d{_R??~Y%                
  ?  Desktop

3.3 私鑰解密

openssl rsautl -decrypt -in enc.txt -inkey private.pem -out dec.txt
執(zhí)行結(jié)果成功,輸出結(jié)果與原文一致

?  Desktop openssl rsautl -decrypt -in enc.txt -inkey private.pem -out dec.txt
?  Desktop cat dec.txt 
hello
?  Desktop

4、證書(shū)生成

如果想在代碼中實(shí)現(xiàn)RSA,需要使用規(guī)定格式的證書(shū),而剛才創(chuàng)建的pem格式的證書(shū)是不能直接用,要轉(zhuǎn)換成p12、der格式

4.1創(chuàng)建scr證書(shū)請(qǐng)求文件

openssl req -new -key private.pem -out rsacert.scr

?  Desktop openssl req -new -key private.pem -out rsacert.scr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:guangdong
Locality Name (eg, city) []:dongguan
Organization Name (eg, company) []:mumu
Organizational Unit Name (eg, section) []:mumu
Common Name (eg, fully qualified host name) []:mumu
Email Address []:947226522@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
?  Desktop

4.2簽名

openssl x509 -req -days 365 -in rsacert.scr -signkey private.pem -out rsacert.crt
執(zhí)行結(jié)果得到一個(gè)有效期365天的crt證書(shū)。比如https協(xié)議,就是這個(gè)文件放在服務(wù)器上面,讓別人接收。
另外crt也不能直接用,通過(guò)它還要轉(zhuǎn)成der和p12

?  Desktop openssl x509 -req -days 365 -in rsacert.scr -signkey private.pem -out rsacert.crt
Signature ok
subject=/C=CN/ST=guangdong/L=dongguan/O=mumu/OU=mumu/CN=mumu/emailAddress=947226522@qq.com
Getting Private key
?  Desktop

4.3轉(zhuǎn)der格式

openssl x509 -outform der -in rsacert.crt -out rsacert.der
執(zhí)行結(jié)果得到rsacert.der文件

?  Desktop openssl x509 -outform der -in rsacert.crt -out rsacert.der
?  Desktop

4.3轉(zhuǎn)p12格式

openssl pkcs12 -export -out p.p12 -inkey private.pem -in rsacert.crt
執(zhí)行結(jié)果得到p.p12文件

?  Desktop openssl pkcs12 -export -out p.p12 -inkey private.pem -in rsacert.crt
Enter Export Password:
Verifying - Enter Export Password:
?  Desktop

代碼應(yīng)用

將上面生成的rsacert.der和p.p12文件拖入工程中,使用現(xiàn)成的加解密工具類(lèi)文件RSACryptor,代碼如下:

    // 加載公鑰
    NSString *publick = [[NSBundle mainBundle] pathForResource:@"rsacert.der" ofType:nil];
    [[RSACryptor sharedRSACryptor] loadPublicKey:publick];
    
        
    // 加載私鑰
    NSString *private = [[NSBundle mainBundle] pathForResource:@"p.p12" ofType:nil];
    [[RSACryptor sharedRSACryptor] loadPrivateKey:private password:@"111"];
    
    NSString *message = @"hello";
    
    // 加密
    NSData *encryptResult = [[RSACryptor sharedRSACryptor] encryptData:[message dataUsingEncoding:kCFStringEncodingUTF8]];
    NSLog(@"加密結(jié)果:\n%@",encryptResult);
    
    // 解密
    NSData *decrypData = [[RSACryptor sharedRSACryptor] decryptData:encryptResult];
    NSString *decryptResult = [[NSString alloc] initWithData:decrypData encoding:kCFStringEncodingUTF8];
    
    NSLog(@"解密結(jié)果:\n%@",decryptResult);

輸出結(jié)果:

RSADEMO[25563:666088] 加密結(jié)果:
{length = 128, bytes = 0x8d4feef2 0c555630 1f49eca3 43799757 ... 4ef3e5dd 1813e649 }
RSADEMO[25563:666088] 解密結(jié)果:
hello

總結(jié)

如果用RSA加密比較大的數(shù)據(jù),效率會(huì)非常低效,通常會(huì)把源數(shù)據(jù)hash(如md5)一次,再進(jìn)行RSA加密。
RSA特點(diǎn):

  • 相對(duì)安全,私鑰不用傳遞
  • 效率低
  • 加密數(shù)據(jù)小
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容