//Stateless, one-shot encrypt operation
CCCryptorStatus cryptStatus = CCCrypt(
kCCEncrypt, //Operation Encrypt or Decrypt
kCCAlgorithmAES128, //Encrypt algorithm to be used
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr,
kCCBlockSizeAES128, //Key length
nil, //In ECB mode ignored
[datainput bytes], //Data to encrypt
dataLength, //Length of data
buffer, //Data after encrypt
bufferSize, //Size of data after encrypt
&numBytesEncrypted); //Onsuccess no.of bytes written
我有一个文件想要对其进行加密,并且我正在使用上述功能。加密和解密工作完美!
但我担心的是:cccrypt() 中有一个选项可以使用默认的 CBC 模式或指定 ECB 模式。我正在使用 ECB 模式,所以如果我将 CBC 模式与 IV 一起使用,那么它会提供更安全的加密吗?
简而言之,我应该使用默认 CBC 模式或 ECB 模式中的哪一种?为什么?
IV 呢? 指定 IV 更长的字符串是否会使加密更加安全和随机? 对于 ECB 模式,它将被忽略。如果我使用 CBC 模式,那么 IV 应该是多少?请提供一个例子,这会有帮助。
同一文件的加密和解密IV应该相同吗?或者可以是不同的 IV?
那么钥匙呢? 我使用的长度是128,算法:AES
我使用的密钥是:@“ltd@mpc”
很强吗?或者我应该使用密钥:0xfedcba9876543210 这样的东西吗?
+ (NSString*)encryptFileAtPath:(NSString )inputFilePath outputPath:(NSString )outputFilePath password:(NSString *)password {
// Convert the URL to a local file path
// Use the converted local file path to read the input data
NSData *inputData = [NSData dataWithContentsOfFile:inputFilePath];
if (!inputData) {
NSLog(@"Failed to read input file.");
return @"";
}
// Generate the key and IV from the password using PBKDF2 (same as in encryption)
NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding];
NSMutableData *keyData = [NSMutableData dataWithLength:kCCKeySizeAES256];
NSMutableData *ivData = [NSMutableData dataWithLength:kCCBlockSizeAES128];
// Use the same salt and rounds as in encryption
const char myByteArray[] = {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
NSData *salt = [NSData dataWithBytes:myByteArray length:32];
unsigned int rounds = 50000;
CCKeyDerivationPBKDF(kCCPBKDF2, passwordData.bytes, passwordData.length, [salt bytes], [salt length], kCCPRFHmacAlgSHA256, rounds, keyData.mutableBytes, keyData.length);
// Set up the decryption context with CBC mode
CCCryptorRef cryptor;
CCCryptorStatus status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding | kCCOptionECBMode,
keyData.bytes, keyData.length, ivData.bytes, &cryptor);
if (status == kCCSuccess) {
NSMutableData *outputData = [NSMutableData dataWithLength:inputData.length + kCCBlockSizeAES128];
size_t encryptedLength;
// Perform encryption
status = CCCryptorUpdate(cryptor, inputData.bytes, inputData.length, outputData.mutableBytes, outputData.length, &encryptedLength);
if (status == kCCSuccess) {
// Finalize encryption
size_t finalLength;
status = CCCryptorFinal(cryptor, outputData.mutableBytes + encryptedLength, outputData.length - encryptedLength, &finalLength);
// [outputData setLength:encryptedLength + finalLength];
if (status == kCCSuccess) {
// Write encrypted data to the output file
NSString *outputFileName = [inputFilePath lastPathComponent];
NSURL *outPath = [NSURL URLWithString:outputFilePath];
NSString *trimmedFilePaths = [outPath.absoluteString containsString:@"file://"] == YES? [outPath.absoluteString stringByReplacingOccurrencesOfString:@"file://" withString:@""]: outPath.absoluteString;
NSString *trimmedD = [trimmedFilePaths containsString:@"%20"] == YES? [trimmedFilePaths stringByReplacingOccurrencesOfString:@"%20" withString:@" "]: trimmedFilePaths;
[FileManager createDiectoryInFoler:@"Encrypted"];
NSString *outputFileSPath = [trimmedD stringByAppendingPathComponent:outputFileName];
[outputData writeToFile:outputFileSPath atomically:YES];
NSLog(@"File encrypted successfully: %@", outputFilePath);
return outputFileSPath;
} else {
NSLog(@"Encryption finalization error: %d", status);
}
} else {
NSLog(@"Encryption update error: %d", status);
}
CCCryptorRelease(cryptor);
} else {
NSLog(@"Cryptor creation error: %d", status);
}
return @"";
}