机256位密钥在iOS中使用SecRandomCopyBytes

机256位密钥在iOS中使用SecRandomCopyBytes

本文介绍了随机256位密钥在iOS中使用SecRandomCopyBytes()的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经使用UUIDString作为存储在我的i​​PAD上的文件的加密密钥,但由第三方在我的应用程序上完成的安全审查建议如下。

I have been using UUIDString as an encrption key for the files stored on my iPAD, but the security review done on my app by a third party suggested the following.

随着应用程序的推出,生成一个全局数据库密钥并将其存储在钥匙串中。在生成期间,使用由iOS提供的NSUUID类的方法UUIDString。该函数生成由字母A到F,数字和连字符组成的随机字符串,并且不必要地限制关键字空间,导致熵的削弱。
由于密钥仅由应用程序逻辑使用,不必由个人进行读取,理解或处理,因此无需将密钥空间限制为可读字符。因此,应该使用通过 SecRandomCopyBytes ()生成的随机256位密钥作为主密钥。

With the launch of the application, a global database key is generated and stored in the keychain. During generation, the method UUIDString of the class NSUUID provided by the iOS is used. This function generates a random string composed of letters A to F, numbers and hyphens and unnecessarily restricts the key space, resulting in a weakening of the entropy.Since the key is used only by application logic and does not have to be read, understood or processed by an individual, there is no need to restrict the key space to readable characters. Therefore, a random 256-bit key generated via SecRandomCopyBytes () should be used as the master key.

现在我已经搜索了很多,并尝试了一些代码实现,但是没有发现确切的事情。
我已经尝试过:

Now I have searched a lot and tried some code implementation but havent found the exact thing.What I have tried:

NSMutableData* data = [NSMutableData dataWithLength:32];
int result = SecRandomCopyBytes(kSecRandomDefault, 32, data.mutableBytes);
NSLog(@"Description %d",result);

我的理解是,这应该给我一个整数,我应该将其转换为NSString并使用作为我的钥匙,但我很确定这不是这里需要的,并且上述方法总是将结果作为0.我完全迷失在这里,任何帮助是赞赏。

My understanding is that this should give me an integer and I should convert it to an NSString and use this as my key, but I am pretty sure that this is not what is required here and also the above method always gives the result as 0. I am completely lost here and any help is appreciated.

谢谢。

推荐答案

,除非有一些错误(我不能想象为什么会发生这种情况),然后结果将是-1。您不会将 转换为NSString。

The result of SecRandomCopyBytes should always be 0, unless there is some error (which I can't imagine why that might happen) and then the result would be -1. You're not going to convert that into a NSString.

您要获取的是要写入的随机字节进入可变字节部分,这就是您将用作主键而不是UUID字符串。

The thing you're trying to get are the random bytes which are being written into the mutable bytes section, and that's what you'll be using as your "master key" instead of the UUID string.

我会这样做的方式是:

uint8_t randomBytes[16];
int result = SecRandomCopyBytes(kSecRandomDefault, 16, randomBytes);
if(result == 0) {
    NSMutableString *uuidStringReplacement = [[NSMutableString alloc] initWithCapacity:16*2];
    for(NSInteger index = 0; index < 16; index++)
    {
        [uuidStringReplacement appendFormat: @"%02x", randomBytes[index]];
    }
    NSLog(@"uuidStringReplacement is %@", uuidStringReplacement);
} else {
    NSLog(@"SecRandomCopyBytes failed for some reason");
}

使用UUIDString对我来说足够安全,但这听起来像你的第三方安全审计公司正在努力为他们的费用辩护。

Using a UUIDString feels secure enough to me, but it sounds like your third party security audit firm is trying really hard to justify their fees.

EDITED:由于我现在开始收集downvotes,因为Vlad的替代答案,我不能删除我的(因为它仍然有接受的复选标记),这里是另一个我的代码版本。我正在使用16个随机字节(在转换为十六进制时翻倍)。

EDITED: since I'm now starting to collect downvotes because of Vlad's alternative answer and I can't delete mine (as it still has the accepted checkmark), here's another version of my code. I'm doing it with 16 random bytes (which gets doubled in converting to Hex).

这篇关于随机256位密钥在iOS中使用SecRandomCopyBytes()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 12:46