gy79ruIbnKrDqo6kkCQQDPYCIZRlI0tREa
4y+E2YUqx/x6XPohlJUQoZBJQ3Zt0RQ+afljNxlSOiL4pw9GLwoDhatxzjlMUMnb
b36mP1plAkEAxTib34YEp5nkwpbZ5roAfKRmKgUnezULVCDKS/KiamXURwAUwGGU
aVy9o1akS48C42gsF+NtOe9yq1z9sj6y0wJBAICLZpekL3DcjC3OhbYj35gVPzva
RnJqV7xnabkASHjqEVJe/mexz9BYmTTo2V736Y0lXpC89GeJ7JZJFoiW3MECQDyM
4cZhpiIy7HoVyHa/GpEqBDfYd0OriHveyV1B9D2IYAEgdD6QdvlWQN7aJf0Q vklF
XWxEJe/IpUMZfMZx24MCQDu19hNYYg8863mvGbc7jWAY1Apjx1i/KTXe/6rBjmoS
bxoSEpKNHpW6dgL/6S6WQuB8j3tNUUNj5O99cU6DLsM=
-----END RSA PRIVATE KEY-----
接着跟着笔者一起执行下面的操作吧~
创建证书请求
$ openssl req -new -key private.pem -out rsacert.csr
这时候控制条要求输入以下一些个人信息~那就跟着提示来吧~
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Erma
Organizational Unit Name (eg, section) []:com
Common Name (e.g. server FQDN or YOUR name) []:Erma
Email Address []:mr_wangyaojie@163.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
这时候生成了一个csr文件
生成证书并且签名,有效期10年
$ openssl x509 -req -days 3650 -in rsacert.csr -signkey private.pem -out rsacert.crt
转换格式-将 PEM 格式文件转换成 DER 格式
$ openssl x509 -outform der -in rsacert.crt -out rsacert.der
导出P12文件
$ openssl pkcs12 -export -out p.p12 -inkey private.pem -in rsacert.crt
最后生成了两个我们要用的文件,一个p12文件和一个der文件,der文件是公钥,p12文件是私钥。我们把这两个文件拖入我们的Demo中来使用吧~下面是demo~
三、der和p12加密解密Demo
通过这个Demo主要讲解上面提到的工具类的使用~
CryptorTools *tool = [[CryptorTools alloc] init];
1、加载公钥
NSString *pubPath = [[NSBundle mainBundle] pathForResource:@"rsacert.der" ofType:nil];
[tool loadPublicKeyWithFilePath:pubPath];
2、使用公钥加密
NSString *result = [tool RSAEncryptString:@"xiaoer"];
NSLog(@"%@",result);
3、加载私钥 - 密码是导出P12的密码
NSString *privatePath = [[NSBundle mainBundle] pathForResource:@"p.p12" ofType:nil];
[tool loadPrivateKey:privatePath password:@"xyz147896321"];
4、使用私钥解密
NSLog(@"%@", [tool RSADecryptString:result]);
OK~上面是通过der和p12加密的应用过程~下面再来看看字符串公钥加密的使用方法~
四、公钥字符串加密工具类~
RSA.h
//
// RSA.h
//
// Created by Erma on 15-2-3.
// Copyright (c) 2015年 Erma. All rights reserved.
//
#import <Foundation/Foundation.h>
@interface RSA : NSObject
+ (NSString *)encryptString:(NSString *)str publicKey:(NSString *)pubKey;
+ (NSString *)encryptData:(NSData *)data publicKey:(NSString *)pubKey;
@end
RSA.m
#import "RSA.h"
#import <Security/Security.h>
@implementation RSA
/*
static NSString *base64_encode(NSString *str){
NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding];
if(!data){
return nil;
}
return base64_encode_data(data);
}
*/
static NSString *base64_encode_data(NSData *data){
data = [data base64EncodedDataWithOptions:0];
NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
return ret;
}
static NSData *base64_decode(NSString *str){
NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
return data;
}
+ (NSData *)stripPublicKeyHeader:(NSData *)d_key{
// Skip ASN.1 public key header
if (d_key == nil) return(nil);
unsigned long len = [d_key le