project encryption

iOS - Item Encryption Handling

Reprint: Original address https://blog.csdn.net/xiaohe901216/article/details/51152030

Because the company is doing P2P, data security is still somewhat necessary. Here are some ideas:

The password is generally MD5 plus salt, and later changed to Apple's own keychain keychain encryption

It is still necessary for some customers to conceal the information encryption processing, which not only protects the privacy of customers but also protects the company's customer resources.

The basic processing of our project is AES+RSA

When the user logs in, in addition to the username and password, a key is required (the key is a login verification). This key is generated by adding a 5-digit random number to the login number (mobile phone number). The mobile phone number is basically to ensure the uniqueness of the key. This key is used as an AES key, which is randomly generated each time a login operation is performed

Then RSA encryption is not used to encrypt data, but is used to encrypt the key of AES, and the public key of RSA is provided by the server

Every time the program starts and executes the login, a key will be generated, and each request will be verified once, and it also ensures that the login of the account is unique (the problem of switching login), if the request content has direct AES encryption that needs to be encrypted.

This scheme performs a login operation every time the program is started

Below is a similar processing scheme seen:

A solution for secure interaction between mobile client and server.

For : http://my.oschina.net/kaster/blog/130940

The client uses AES to encrypt the message, and the RSA public key is used to encrypt the AES key
. The server uses the private key to decrypt the AES key, and then uses the AES key to decrypt the encrypted message. The text

hides the data compression part

Tag: <none>

Code Snippet (2) [View all code in full screen]

1. [File] rsa.rar ~ 6KB download (298)

2. [code][Java]code

/////////////

//测试代码

publicstatic void main(String[] args)

{

EnDeCodeTest();

}

//加解密,模拟网络

staticvoid EnDeCodeTest()

{

try

{

//AES对称密钥

String mingKey = "1A2B3C4D5E6F010203040506A7B8C9D0";

//待加密明文

String mingData = "ABCD1234中文测试";

//使用AES_KEY加密数据

String miData = CodeHelper.EncodeMessage("", mingData, mingKey);

//使用PublicKey加密AES对称密钥

InputStream inStream = newFileInputStream("D:/rsa/public_rsa.cer");

CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);

PublicKey pubKey = cert.getPublicKey();

//加密后的AES对称密钥

String miKey = CodeHelper.EncodeKey("", mingKey, pubKey);

//通过网络交互数据 miData miKey

String miKey_ = miKey;

String miData_ = miData;

//使用PrivateKey解密AES对称密钥

// 密钥仓库

KeyStore ks = KeyStore.getInstance("PKCS12");

// 读取密钥仓库

FileInputStream ksfis = newFileInputStream("D:/rsa/private_rsa.pfx");

BufferedInputStream ksbufin = newBufferedInputStream(ksfis);

char[] keyPwd = "password".toCharArray();

ks.load(ksbufin, keyPwd);

// 从密钥仓库得到私钥

PrivateKey priK = (PrivateKey) ks.getKey("test", keyPwd);

//明文AES密钥

String mingKey_ = CodeHelper.DecodeKey("", miKey_, priK);

//解密数据

String mingData_ = CodeHelper.DecodeMessage("", miData_, mingKey_);

System.out.print("Result:"+ mingData_ + "\r\n");

}

catch(Exception e)

{

System.out.print(e);

}

问：RSA 很少用来做加密算法使用，一般多数用于数据签名算法中。这是由于 RSA 作为加密算法进行加密处理时，其所能处理的原文数据量不能超过（RSA 长度 / 8 - 11），比如：RSA 1024 进行加密运算时，原文的长度不能超过 117 个字节。

你这个安全数据传输可以改进一下，可以参照 SSL/TLS 协议握手的原理，AES 密钥不是固定的，由通信双方各随机生成一半，双方生成的一半密钥通过对方的 RSA 公钥加密传送给对方，对方使用自己的 RSA 私钥解密，这样与自己的另外一半 AES 密钥拼合成数据传输的加密密钥，从而完成密钥的交换过程。

答：这一块是用于移动客户端，架构上只要保证客户端的数据不被窃取即可。客户端的AES密钥是随机生成，RSA加密不用于加密数据，而是用来加密AES的密钥。因为客户端不是支付类的客户端，所以没有对每台终端生成独立的私钥证书。 ----- 另外，之前客户端与服务端的交互是短连接，每次交互都随机生成AES密钥，数据用AES加密，AES密钥用RSA加密，每次请求同时传递密文和加密后的AES密钥；现在的方案是，客户端启动后，先进行一次检查公钥证书的交互，再进行一次激活交互，激活交互用于客户端传递AES密钥（128位，使用RSA公钥加密），服务端返回激活流水，后续的交互，客户端使用激活时设定的AES密钥进行数据加密。

Code Snippet (2) [View all code in full screen]

1. [File] rsa.rar ~ 6KB download (298)

2. [code][Java]code

Guess you like