因此,我们希望对 AES 生成的对称密钥本身进行加密,从而实现这种安全性。
基本上是这样的流程: 后端向我们发送密钥 -> 我们创建对称密钥 -> 我们用对称密钥加密数据 -> 我们用后端密钥加密对称密钥 -> 我们将所有内容发送回来。
这是我的尝试,但我预计这里会出现问题。但不知道是什么。预先感谢。
guard let publicKeyData = Data(base64Encoded: publicKey) else {
throw EncryptionError.invalidPublicKey
}
// Convert the recipient's public key data into a SecKey
let keyAttributes: [CFString: Any] = [
kSecAttrKeyType: kSecAttrKeyTypeRSA,
kSecAttrKeyClass: kSecAttrKeyClassPublic,
kSecAttrKeySizeInBits: 2048 // Adjust key size as needed
]
guard let key = SecKeyCreateWithData(publicKeyData as CFData, keyAttributes as CFDictionary, nil) else {
throw EncryptionError.invalidPublicKey
}
// Convert the SymmetricKey to Data
var secretKeyData = Data(count: secretKey.bitCount / 8)
_ = secretKeyData.withUnsafeMutableBytes { secretKeyDataBuffer in
secretKey.withUnsafeBytes { secretKeyBuffer in
secretKeyDataBuffer.copyBytes(from: secretKeyBuffer)
}
}
// Encrypt the symmetric key using the recipient's public key
var error: Unmanaged<CFError>?
guard let encryptedData = SecKeyCreateEncryptedData(
key,
.rsaEncryptionOAEPSHA1AESGCM,
secretKeyData as CFData,
&error
) else {
if let error = error {
throw error.takeRetainedValue()
}
throw EncryptionError.encryptionFailed
}
// Encode the encrypted symmetric key as base64 and return it
return (encryptedData as Data).base64EncodedString()
}
使用 CryptoKit 会更好。你还有理由不这么做吗?
例子:
导入 CryptoKit
let key = Symmetric(data: publicKeyData)
return key.dataRepresentation