开发者

Password Encoding and Decoding on iOS

开发者 https://www.devze.com 2023-04-08 19:31 出处:网络
Is there any API for encodin开发者_StackOverflowg or decoding a password to text in iPhone?There is the Common Crypto API.

Is there any API for encodin开发者_StackOverflowg or decoding a password to text in iPhone?


There is the Common Crypto API.

#import <CommonCrypto/CommonCryptor.h>

+ (NSData *)doCipher:(NSData *)dataIn
                  iv:(NSData *)iv
                 key:(NSData *)symmetricKey
             context:(CCOperation)encryptOrDecrypt
{
    CCCryptorStatus ccStatus   = kCCSuccess;
    size_t          cryptBytes = 0;    // Number of bytes moved to buffer.
    NSMutableData  *dataOut    = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];

    ccStatus = CCCrypt( encryptOrDecrypt,
                       kCCAlgorithmAES128,
                       kCCOptionPKCS7Padding,
                       symmetricKey.bytes, 
                       kCCKeySizeAES128,
                       iv.bytes,
                       dataIn.bytes,
                       dataIn.length,
                       dataOut.mutableBytes,
                       dataOut.length,
                       &cryptBytes);

    if (ccStatus != kCCSuccess) {
        NSLog(@"CCCrypt status: %d", ccStatus);
    }

    dataOut.length = cryptBytes;

    return dataOut;
}

Also add Security.framework to your project.

If the security is important consider having someone with security experience create the code and protocol. If the security is not important, just send the password in the clear.

A few bugs in an app is not that bad, the app still basically works, one bug in security and all security is lost.

Good security is not as easy as one might think.


If you are only interested in passwords you might as well use hash functions (md5, sha) and compare the input hash with the hash of the password. That way the password is never saved in plaintext and if your server gets hacked some day they only get the hashes and have to do a pre-image attack in order to get the password.


What you want to do is use the Security Framework. This web site provides you with examples:

Symmetric encryption: http://greghaygood.com/2009/01/17/symmetric-encryption-with-the-iphone-sdk-and-securityframework

Asymmetric encryption: http://greghaygood.com/2009/01/17/asymmetric-encryption-with-the-iphone-sdk-and-securityframework

I hope this helps...

Emmanuel

0

精彩评论

暂无评论...
验证码 换一张
取 消