Talking about several kinds of encryption of iOS

Background

When developing applications, the security of the data is critical, and only by submitting the user’s private data with POST requests, the security problem can not be completely solved.

Classification of encryption algorithms

1. symmetric encryption algorithm

Symmetric encryption algorithm, both sides of the information receiving need to know in advance the encryption and decryption algorithm, and its key is the same, then the data encryption and decryption.

2. asymmetric encryption algorithm

Unlike asymmetric algorithms, both A and B generate a bunch of keys in advance, and then A sends its own public key to B, and B sends its own public key to A,

If the A to send messages to B, then you need to use the B public key encrypt messages, and then send to the B terminal, the B terminal with their own private key to decrypt the message, send messages to A B for the same reason. To sum up: the function of public key and private key is that the content encrypted with public key can be decrypted only by private key, and the content encrypted with private key can be decrypted only by public key.

Analysis of common encryption schemes

Base64

Base64 encoding can be used to deliver longer identification information in a HTTP environment.

Security principle: any message that involves private information can not send plaintext, which needs to be encrypted before it is sent

principle

Base64: handles the original 8 bit bytes of data and 6 bit as one unit. This results in an increase in the amount of data that will increase (8-6) /6 = 1/3., and the insufficient part is filled with 0. Each two is represented by one = 0

Characteristic

Using Base64 encoding is not only brief, but also unreadable, that is, the encoded data will not be seen directly by the naked eye.

Base64 can encrypt any file

The base64 process is reversible. It can be decrypted back

MD5

MD5 (information digest algorithm) hash operation. ——&gt. Generates a fixed string

General use – file check!

Features

The algorithm is open and the process is irreversible

The result of any two different files is different, and the length of the string is the same

Reinforcement scheme

MD5 declassified web site: http://www.cmd5.com

Using salt (after MD5 decryption, it’s easy to spot the rules)

Many times MD5 encryption (after using MD5 decryption, found or ciphertext, then MD5 decryption)

First encrypt, then disorderly (crack difficult to increase)

Fundamentals of RSA

RSA uses “secret key pairs” to encrypt and decrypt data. Before encrypting and decrypting data, public and key keys (private, key) are required

Public key (public key): used to encrypt data. Used for public, generally stored in the data provider, such as the iOS client. Private key (private key): used to decrypt data. Must be kept secret, private key disclosure will cause security problems

Dynamic password

Dynamic password: the same password plaintext, each sent to the server, passwords are different. Can be understood as the first ordinary password encryption, plus a period of change of data (such as time), and then encrypted.

Token identity token

Concepts: digital signatures and digital certificates

Digital signature:

A message with a fixed number of bits is computed according to the HASH algorithm agreed upon by both parties. Mathematically, the message digest value will be inconsistent with the original value as long as any bit of the message is modified. This ensures that the message cannot be changed. The message digest value is encrypted with the sender’s private key, and then sent to the receiver along with the original message, and the resulting message is called a digital signature.

digital certificate

A series of data communication parties sign digital certificate is the identity information in Internet communication, provides a validation of your identity on Internet, its function is similar to the driver’s license or ID card in daily life. It is issued by an authority, the —–CA agency, also known as Certificate Authority, where people can identify each other on the internet. A digital certificate is a document that contains a public key, owner information, and public key, digitally signed by a certificate authority. The simplest certificate contains a public key, name, and digital signature of the certificate authority.