{"id":28409022,"url":"https://github.com/remaerd/keys","last_synced_at":"2025-06-24T22:31:31.932Z","repository":{"id":36305982,"uuid":"40610595","full_name":"remaerd/Keys","owner":"remaerd","description":"Uncomplicated cryptography frameworks base on CommonCrypto","archived":false,"fork":false,"pushed_at":"2021-06-09T04:56:38.000Z","size":525,"stargazers_count":47,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-02T13:56:57.688Z","etag":null,"topics":["asymmetric-keys","cryptography","ios","macos","rsa-encryption","swift","symmetric-keys"],"latest_commit_sha":null,"homepage":null,"language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/remaerd.png","metadata":{"files":{"readme":"README-CHINESE.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-12T16:07:47.000Z","updated_at":"2024-11-27T19:19:49.000Z","dependencies_parsed_at":"2022-09-04T20:00:47.498Z","dependency_job_id":null,"html_url":"https://github.com/remaerd/Keys","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/remaerd/Keys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remaerd%2FKeys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remaerd%2FKeys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remaerd%2FKeys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remaerd%2FKeys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/remaerd","download_url":"https://codeload.github.com/remaerd/Keys/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remaerd%2FKeys/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261766659,"owners_count":23206667,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asymmetric-keys","cryptography","ios","macos","rsa-encryption","swift","symmetric-keys"],"created_at":"2025-06-02T05:17:28.349Z","updated_at":"2025-06-24T22:31:31.916Z","avatar_url":"https://github.com/remaerd.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Carthage compatible](https://img.shields.io/badge/Carthage-compatible-4BC51D.svg?style=flat)](https://github.com/remaerd/Keys)\n[![Version](https://img.shields.io/github/release/soffes/Crypto.svg)](https://github.com/remaerd/Keys/releases)\n[![License](https://img.shields.io/pypi/l/Django.svg)](https://github.com/remaerd/Keys/blob/master/LICENSE)\n\n\n# Keys - 三把数据加密的钥匙\n*Please help me translate the README documentation. Thanks!*\n\n\n## 干嘛用\n\n```swift\n\tlet password = Password(\"Secret\")\n\tlet key = SymmetricKey()\n\tpassword.encrypt(data)\n\tlet data = \"Hello World!\".dataUsingEncoding(NSUTF8StringEncoding)!\n\tlet encryptedData = key.encrypt(data)\n\tlet decryptedData = key.decrypt(encryptedData)\n\tprint(decryptedData) // \"Hello World!\"\n```\n\nKeys 是一个没有学习曲线的数据加密开源框架。 Keys 简化了 CommonCrypto 内复杂的参数和接口，帮助你有效地实现数据加密解密功能。\n\n想深入了解软件如何加密你的数据，我推荐阅读 1Password / iMessage 这两个软件的数据加密原理的相关文档。你亦可以直接使用 Keys 提供的 API 接口， Keys 依据数据加密学的 Best Practice 设计。\n\n- 1Password https://support.1password.com/opvault-design/\n- iMessage https://www.apple.com/business/docs/iOS_Security_Guide.pdf\n\n## 三把 “钥匙”\n\nKeys 由三种不同“钥匙”组成。你需要根据软件的需求，使用不同的“钥匙”加密用户的数据。\n- 对称密钥 / 用于加密数据。由一个随机数据组成。适合加密存储在本地的数据。\n- 非对称密钥 / 用于加密数据。由两个随机数据组成。适合加密需要在互联网上传输的数据。\n- 密码 / 用于加密对称密钥。由字串符和盐（随机数据）组成。不能用于加密数据。\n\n\n## 最佳实践\n\n### Carthage\n\n需要使用 Keys。 请安装 Carthage 并在 Cartfile 内加入\n\n```\n\tgithub \"remaerd/Keys\"\n```\n\n### 储存在本地的加密数据\n\n用户的数据不应该直接使用密码字串符加密。当你需要加密数据时，你必须使用对称密钥加密用户的数据，再用密码加密对称密钥。 同理，当你需要解密数据时。你需要通过密码解密对称密钥，再用对称密钥解密用户的数据。\n\n#### 新建密码\n\n```swift\n\tlet password = Password(\"Hello\")\n\tlet salt = password.salt // 盐\n\tlet rounds = password.rounds // Rounds\n\tlet data = password.data // 由密码和盐计算出来的密钥\n```\n\n每次新建密码会自动生成一个随机盐和 Round 值。当你使用相同的密码但不同的盐 ／ Round 值生成密码后，新的 Password 不能够解密之前用 Password 加密过的数据。\n你不应该将用户的密码明文保存到本地，但你需要将盐和 Rounds 保存到本地。当创建密码时，你应该重新问用户获取密码，再用盐和 Rounds 重建密码。\n\n#### 新建对称密钥\n\n```swift\n\tlet key = SymmetricKey()\n\tlet encryptionKey = key.cryptoKey // 加密用的密钥\n\tlet iv = key.IV // IV\n\tlet hmacKey = key.hmacKey // 生成 MAC （ 数据验证码 Message Authentication Code） 用的密钥\n```\n\n每次新建对称密钥会自动生成一个随机 IV 值和 验证数据用的 HMAC。当你需要保留密钥时，你需要同时在本地存储 cryptoKey，IV，和 hmac。\n\n#### 加密数据\n\n```swift\n\tlet key = SymmetricKey()\n\tlet data = \"Hello World!\".dataUsingEncoding(NSUTF8StringEncoding)!\n\tdo {\n\t\tlet encryptedData = try key.encrypt(data)\n\t\tprint(encryptedData)\n\t} catch {\n\t\tprint(\"Cannot encrypt data\")\n\t}\n```\n\n#### 解密数据\n\n```swift\n\tlet key = SymmetricKey(key: keyData, hmacKey: hmacData, IV: IVData)\n\tdo {\n\t\tlet decryptedData = try key.decrypt(data)\n\t\tprint(decryptedData)\n\t} catch {\n\t\tprint(\"Cannot decrypt data\")\n\t}\n```\n\n### 需要传输的加密数据\n\n当你需要将某些加密数据传输到第三方时，你需要使用非对称密钥。你可以想象一个金库有两把钥匙，一把能够用来将黄金放进金库，一把能够用来取出黄金。当你需要传输数据时，你在本地使用其中一把钥匙加密数据后，你将另一把钥匙和数据传输到另外一个设备，另外一个设备就能够解密你的数据。\n\n#### 新建非对称密钥\n\n```swift\n\tlet keys = AsymmetricKeys.generateKeyPair()\n\tlet publicKey = keys.publicKey // 加密/解密用的一对密钥\n\tlet privateKey = key.privateKey // 验证数据用的一对密钥\n```\n\n每次生成新的非对称密钥，将会获得一对密钥，分别负责加密，解密数据。你亦可以使用 ```AsymmetricKeys.generateKeyPair()``` 同时生成两对秘钥，分别用于加密／解密／签名／验证数据。\n\n#### CommonCrypto 秘钥\n\n使用 ```AsymmetricKeys.generateKeyPair()```， Keys 会生成一对由 CommonCrypto 生成的 RSA 秘钥，你可以通过这对秘钥分别加密／解密数据。\n\n由 ```AsymmetricKeys.generateKeyPair()``` 生成的秘钥适用于 iOS 设备之间的加密数据传输。若需要在多个设备端（服务器，Android 等），请使用 OpenSSL 生成的 RSA 秘钥。\n\n```swift\n\tlet data = \"Hello World!\".dataUsingEncoding(NSUTF8StringEncoding)!\n\tlet keys = AsymmetricKeys.generateKeyPair()\n\tlet publicKey = keys.publicKey\n\tlet privateKey = keys.privateKey\n\tdo {\n\t\tlet encryptedData = try privateKey.encrypt(data)\n\t\tlet decryptedData = try publicKey.decrypt(data)\n\t\tprint(NSString(data: decryptedData, encoding: NSUTF8StringEncoding))\n\t\t// Hello World\n\t} catch {\n\t\tprint(\"Cannot encrypt data\")\n\t}\n```\n\n#### OpenSSL 秘钥\n\n通过 OpenSSL，你可以在服务器端生成 RSA 秘钥，用 PublicKey 加密数据后，将 PrivateKey，以及加密的数据传输到用户客户端。通过以下两段 Terminal.app 代码，你可以生成一对 RSA 秘钥。\n\n```bash\n\topenssl genrsa -out private.pem 2048\n\topenssl rsa -in private.pem -pubout -out public.pub \n```\n\nSwift 客户端获得加密数据和 PrivateKey 后，即可解密数据。\n\n```swift\n\tlet data = \"Hello World!\".dataUsingEncoding(NSUTF8StringEncoding)!\n\tlet publicKeyData = NSData(contentsOfURL: NSBundle.mainBundle().URLForResource(\"keys-public\", withExtension: \"pem\")!)!\n  let privateKeyData = NSData(contentsOfURL: NSBundle.mainBundle().URLForResource(\"keys-private\", withExtension: \"pem\")!)!\n\tdo {\n\t\tlet publicKey = try PublicKey(publicKey:privateKeyData)\n\t\tlet privateKey = try PrivateKey(privateKey:privateKeyData)\n\t\tlet encryptedData = try privateKey.encrypt(data)\n\t\tlet decryptedData = try publicKey.decrypt(encryptedData)\n\t\tprint(NSString(data: decryptedData, encoding: NSUTF8StringEncoding))\n\t\t// Hello World\n\t} catch {\n\t\tprint(\"Cannot decrypt data\")\n\t}\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremaerd%2Fkeys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fremaerd%2Fkeys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremaerd%2Fkeys/lists"}