iOS中使用Openssl X509证书进行字符串签名和验签

利用openssl 和x509证书对字符串进行签名和验签

／／签名

-(NSString *)rsaSignStringwithString:(NSString *)stringToSign

{

    _signErrorMessage = [[NSString alloc]init];

    _signErrorMessage = nil;

    NSMutableString *string = [[NSMutableString alloc]init];

    [string appendString:stringToSign];

    

    const char *message = [string cStringUsingEncoding:NSUTF8StringEncoding];

    int messageLength = strlen(message);

    unsigned char *sig = (unsigned char *)malloc(256);

    unsigned int sig_len;

    

    char *filePath = (char *)[RSAPrivateKeyFile cStringUsingEncoding:NSUTF8StringEncoding];

    unsigned char sha1[20];

    SHA1((unsigned char *)message, messageLength, sha1);

    int success = 0;

    BIO *bio_private = NULL;

    RSA *rsa_private = NULL;

    bio_private = BIO_new(BIO_s_file());

    BIO_read_filename(bio_private, filePath);

    rsa_private = PEM_read_bio_RSAPrivateKey(bio_private, NULL, NULL, "");

    

    if (rsa_private != nil) {

        if (1 == RSA_check_key(rsa_private))

        {

            int rsa_sign_valid = RSA_sign(NID_sha1, sha1, 20, sig, &sig_len, rsa_private);

            if (1 == rsa_sign_valid)

            {

                success = 1;

            }

        }

        BIO_free_all(bio_private);

    }

    else {

        NSLog(@"rsa_private read error : private key is NULL");

        _signErrorMessage = @"private key is NULL";

    }

    if(success == 1)

    {

        //Base64加密之前签名结果反转

        char finalsig[sig_len];

        for(int i = 0; i < sig_len ; i++)

        {

            finalsig[i] = sig[sig_len - i -1];

        }

        NSString * signedString = EncodeBase64StringFromData([NSData dataWithBytes:finalsig length:sig_len]);

        return signedString;

    }

    else return nil;

}

／／验签

-(BOOL)rsaVerifyString:(NSString *)stringToVerify  withsignedstring:(NSString *)signature

{

    _verifyErrorMessge = [[NSString alloc]init];

    _verifyErrorMessge = nil;

    

    //证书转为X509结构和RSA结构

    [self certifacateConvertToX509withoption:1 andSerialNumber:nil];

    

    NSMutableString *string = [[NSMutableString alloc]init];

    [string appendString:stringToVerify ];

    

    const char *message = [string cStringUsingEncoding:NSUTF8StringEncoding];

    int messageLength = [string lengthOfBytesUsingEncoding:NSUTF8StringEncoding];

    NSData *signatureData = decodeDataFromBase64String(signature);

    

    unsigned char *sig = (unsigned char *)[signatureData bytes];

    unsigned int sig_len = [signatureData length];

    

    //Base64解码之后签名结果反转

    char finalsig[sig_len];

    for(int i = 0; i < sig_len ; i++)

    {

        finalsig[i] = sig[sig_len - i -1];

    }

    

    unsigned char sha1[20];

    SHA1((unsigned char *)message, messageLength, sha1);

    if(rsa_verify == NULL)

    {

        _verifyErrorMessge = @"Public key is NULL";

        return NO;

    }

    int rsa_verify_valid = RSA_verify(NID_sha1, sha1, 20 , (unsigned char *)finalsig, sig_len, rsa_verify);

    if (1 == rsa_verify_valid)

    {

        return YES;

    }

    _verifyErrorMessge = [NSString stringWithFormat:@"Failed code is %d",rsa_verify_valid];

    return NO;

}

    //证书转为X509结构和RSA结构 方法在上一篇博客中有详细代码