RSA支持加解密,也支持签名/验签。
使用rsa如何签名/验签呢?
1.rsa 签名
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
@objc public func sign(source: Data, padding: SecPadding = SecPadding.PKCS1SHA1) -> Data? {
guard source.count > 0 && self.privateSecKey != nil else {
return nil
}
let hashData: NSData?
switch padding {
case SecPadding.PKCS1SHA1:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha1)
break
case SecPadding.PKCS1SHA224:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha224)
break
case SecPadding.PKCS1SHA256:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha256)
break
case SecPadding.PKCS1SHA384:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha384)
break
case SecPadding.PKCS1SHA512:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha512)
break
default:do {
print("not support this type sign!")
return nil
}
}
let blockLen = SecKeyGetBlockSize(self.privateSecKey!)
var outBuf = [UInt8](repeating: 0, count: blockLen)
var outBufLen:Int = blockLen
let status: OSStatus = SecKeyRawSign(self.privateSecKey!, padding, hashData!.bytes.assumingMemoryBound(to: UInt8.self), hashData!.length, &outBuf, &outBufLen)
if status == noErr {
return Data(bytes: outBuf, count: outBufLen)
}else{
print("sign status = \(status)")
return nil
}
}
|
2.rsa 验签
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
@objc public func verify(source: Data, signData:Data,padding: SecPadding = SecPadding.PKCS1SHA1) -> Bool {
guard source.count > 0 && signData.count > 0 && self.publicSecKey != nil else {
return false
}
let hashData: NSData?
switch padding {
case SecPadding.PKCS1SHA1:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha1)
break
case SecPadding.PKCS1SHA224:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha224)
break
case SecPadding.PKCS1SHA256:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha256)
break
case SecPadding.PKCS1SHA384:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha384)
break
case SecPadding.PKCS1SHA512:
hashData = (source as NSData).shaWithType(shaType: YKShaType.sha512)
break
default:do {
print("not support this type sign!")
return false
}
}
let signBuf: UnsafePointer<UInt8> = (signData as NSData).bytes.assumingMemoryBound(to: UInt8.self)
let blockLen = SecKeyGetBlockSize(self.publicSecKey!)
let status: OSStatus = SecKeyRawVerify(self.publicSecKey!,
padding,
hashData!.bytes.assumingMemoryBound(to: UInt8.self),
hashData!.length,
signBuf,
blockLen)
if status == noErr {
return true
}else{
print("sign status = \(status)")
}
return false
}
|
3.调用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
//原始数据
let originalString = "你从哪里来,要去哪里去,在你眼里,春天里,我们去了哪里啊,123456789,说不说都不知道,黄河之水天上来,奔流到海不复回。高堂明镜悲白发,朝如青丝,ksnowlv"
//let originalString = "123456helloworld"
let publicKeyPath:String = Bundle.main.path(forResource: "public_key", ofType: "der")!
let privateKeyPath = Bundle.main.path(forResource: "private_key", ofType: "p12")
print("publicKeyPath = \(publicKeyPath)")
print("privateKeyPath = \(String(describing: privateKeyPath))")
let rsaSign:YKRSASign = YKRSASign()
rsaSign.publicKey(fileFullPath: publicKeyPath as NSString, block: {(_ error: NSError?, _ secKey:SecKey?) in
})
rsaSign.privateKey(fileFullPath: privateKeyPath! as NSString, password: "", block: {(_ error: NSError?, _ secKey:SecKey?) in
})
let originalData = originalString.data(using: String.Encoding(rawValue: String.Encoding.utf8.rawValue))
let signData = rsaSign.sign(source: originalData!, padding: SecPadding.PKCS1SHA512)
let isVerify = rsaSign.verify(source: originalData!, signData: signData!, padding: SecPadding.PKCS1SHA512)
if isVerify {
print("验证签名通过")
}else{
print("验证签名失败")
}
|
文章作者
梵梵爸
上次更新
2018-07-19
许可协议
原创文章,如需转载请注明文章作者和出处。谢谢