[英]Decrypt large amount of RSA encrypted data
Hi guys I needed simple RSA Encryption Decryption. 大家好,我需要简单的RSA加密解密。 I tried the code examples on Apple developer guide, it works perfectly for small amount of text but the example code doesn't cater for situations of large encrypted data.
我在Apple开发人员指南上尝试了代码示例,该代码示例非常适合少量文本,但示例代码无法满足大量加密数据的需要。
Take note of the comment that it is suggesting us to "split the data up into blocks equal to plainBufferSize": 请注意建议我们将数据“拆分为等于plainBufferSize的块”的注释:
- (NSData*)decryptedDataFromData:(NSData*)data usingKey:(SecKeyRef)key
{
OSStatus status = noErr;
size_t cipherBufferSize = [data length];
uint8_t *cipherBuffer = (uint8_t *)[data bytes];
size_t plainBufferSize;
uint8_t *plainBuffer;
// Allocate the buffer
plainBufferSize = SecKeyGetBlockSize(key);
plainBuffer = malloc(plainBufferSize);
if (plainBufferSize < cipherBufferSize) {
// Ordinarily, you would split the data up into blocks
// equal to plainBufferSize, with the last block being
// shorter. For simplicity, this example assumes that
// the data is short enough to fit.
printf("Could not decrypt. Packet too large.\n");
return nil;
}
// Error handling
status = SecKeyDecrypt(key,
kSecPaddingPKCS1,
cipherBuffer,
cipherBufferSize,
plainBuffer,
&plainBufferSize
); // 3
// Error handling
// Store or display the decrypted text
if(key) CFRelease(key);
NSData *decrypted = [NSData dataWithBytes:(const void *)plainBuffer length:plainBufferSize];
return decrypted;
}
Any clues on how should I modify this method so that it will split the data in blocks to handle large amount of data? 关于如何修改此方法的任何线索,以便它将数据拆分为多个块以处理大量数据?
According to RFC3447 RSAES-PKCS1-v1_5 encryption scheme you are using can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus) so if you are using 2048-bit RSA key then maximum length of the plain data to be encrypted is 245 bytes. 根据RFC3447 RSAES-PKCS1-v1_5加密方案,您可以对最大长度为k-11个八位位组的消息进行操作(k是RSA模数的八位位组长度),因此,如果您使用2048位RSA密钥,则最大长度为要加密的纯数据为245个字节。 So you will need to split plain data to the chunks of this size and then encrypt each of them individually but this is rather rare and slow solution .
因此,您将需要将纯数据分割成这种大小的块,然后分别对每个块进行加密,但这是非常罕见且缓慢的解决方案 。 It is much better (and also pretty common) to generate symmetric AES key, encrypt large data using AES algorithm and then encrypt small AES key with RSA key.
生成对称AES密钥,使用AES算法对大数据进行加密,然后使用RSA密钥对小AES密钥进行加密,会更好(也很常见)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.