最近有个需求,就是xcode工程里放入资源文件需要加密,然后可以使用CocoaSecurity解密让工程使用。为了方便起见,直接用脚本加密文件,然后放入工程中。个人博客:https://www.linit.space
注意 python使用ase加密需要安装 pycrypto
附上官网下载地址,安装方法只需要进入目录后
执行python setup.py install
==下载地址== https://pypi.python.org/packages/60/db/645aa9af249f059cc3a368b118de33889219e0362141e75d4eaf6f80f163/pycrypto-2.6.1.tar.gz
难点
python的加密需和CocoaSecurity解密配套。
因此要确定以下几点
- CocoaSecurity AES加密的模式
- CocoaSecurity key 和iv 怎么取值
- 加密后的文本 用什么格式。
分析
+ (CocoaSecurityResult *)aesDecryptWithBase64:(NSString *)data key:(NSString *)key
{
CocoaSecurityResult * sha = [self sha384:key];
NSData *aesKey = [sha.data subdataWithRange:NSMakeRange(0, 32)];
NSData *aesIv = [sha.data subdataWithRange:NSMakeRange(32, 16)];
return [self aesDecryptWithBase64:data key:aesKey iv:aesIv];
}
== 分析上述代码。可以发现CocoaSecurity的加密用到的key和iv 是由一个字符串 经过sha384算法生产一个data数据,然后截取data前32位作为key 32位到48位作为 iv,同时输入文本是要求为base64编码 ==
在+ (CocoaSecurityResult *)aesDecryptWithData:(NSData *)data key:(NSData *)key iv:(NSData *)iv 这个方法中,我们重点看如下部分
CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
[key bytes], // Key
[key length], // kCCKeySizeAES
[iv bytes], // IV
[data bytes],
[data length],
buffer,
bufferSize,
&encryptedSize);
==不难看出 采用的是kCCOptionPKCS7Padding自动补齐。 至于用什么模式嘛,这个非常难看出,不过点击kCCOptionPKCS7Padding 进入他的枚举你会发现可以选择kCCOptionECBMode 因此,我猜测,肯定不是 ECB模式,而是CBC模式,至于为什么,当然是试出来的。==
python代码实现
一. AES加密
#coding=utf-8
import os
import sys
import hashlib
import base64
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
class prpcrypt():
def __init__(self, key):
self.key = key
self.mode = AES.MODE_CBC
#加密函数,如果text不是16的倍数【加密文本text必须为16的倍数!】,那就补足为16的倍数
def encrypt(self, text):
sha384 = hashlib.sha384()
sha384.update(self.key.encode('utf-8'))
res = sha384.digest()
key = res[0:32];
iv = res[32:48];
cryptor = AES.new(key, self.mode,iv)
length = 16
count = len(text)
add = length - (count % length)
text = text + ('\0' * add)
self.ciphertext = cryptor.encrypt(text)
return base64.encodestring(self.ciphertext)
f = raw_input("请输入需要加密的文件路径")
fileName = str(f)
fileName = fileName.rstrip("\n")
fileName = fileName.rstrip(" ")
fileObject = open(fileName,'r')
encryptStr = fileObject.read()
fileObject.close()
pc = prpcrypt('key123')
encryptStr = encryptStr.rstrip("\n")
encryptStr = encryptStr.rstrip(" ")
e = pc.encrypt(encryptStr)
fileObject = open(fileName,'w')
fileObject.write(e)
fileObject.close()
二. AES解密
#coding=utf-8
import os
import sys
import hashlib
import base64
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
class prpcrypt():
def __init__(self, key):
self.key = key
self.mode = AES.MODE_CBC
#解密后,去掉补足的空格用strip() 去掉
def decrypt(self, text):
sha384 = hashlib.sha384()
sha384.update(self.key.encode('utf-8'))
res = sha384.digest()
key = res[0:32];
iv = res[32:48];
cryptor = AES.new(key, self.mode,iv)
plain_text = cryptor.decrypt(base64.decodestring(text))
return plain_text.rstrip('\0')
f = raw_input("请输入需要解密的文件路径")
fileName = str(f)
fileName = fileName.rstrip("\n")
fileName = fileName.rstrip(" ")
fileObject = open(fileName,'r')
decryptStr = fileObject.read()
fileObject.close()
pc = prpcrypt('key123')
decryptStr = decryptStr.rstrip("\n")
decryptStr = decryptStr.rstrip(" ")
e = pc.decrypt(decryptStr)
fileObject = open(fileName,'w')
fileObject.write(e)
fileObject.close()
三. OC部分
NSString *key = @"key123";
CocoaSecurityResult *securityResult = [CocoaSecurity aesDecryptWithBase64:@"加密后文本" key:key];
NSString *str = securityResult.utf8String;
str = [str stringByReplacingOccurrencesOfString:@"\0" withString:@""];