Thanks @meatonI've checked with the developer. They are sure they have given me the correct information. They say it is definitely a RSA Public key, and definitely SHA-256. Anyway, I guess my original question still stands. How does one decrypt a given secret, using a given RSA Public key, using Objective-C or Swift on macOS? (Keep in mind, SecKeyRef is not available on macOS).
Post
Replies
Boosts
Views
Activity
Aye, I know! You are right - it is in fact a signature I am verifying. I think it's the manufacturer who is using, shall we say, slightly wrong terminology..... beacuse I have checked and checked again with the device manufacturer and they are adam.... [nope wait, don't want to upset the "bad word" gremlins...] "very sure" that it is a "public key" and it is used to 'decrypt'.However - as it happens - I have found the problem!They key they gave me is too strong for USA policy. It fails with cryptic errors due to USA policy on key strengths.I used Java test code with "unlimited key strength" policy files and it worked!Java allows you to install policy files for jurisdictions with no laws against key strength. And it worked.So... now... how to make this work in the USA where my App is destined....
Thanks everyone or all the input so far.Here is a wee bit of code that I've put together in Java - which works!Despite all the talk about RSA and not using PublicKey to decrypt - that is the terminology that the javax.crypto.* stuff uses.Here it is:import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.spec.EncodedKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public String decrypt(String publicKeyStr, String secret, String encryptedToken) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException
{
final Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, castStringToPublicKey(publicKeyStr));
String password = new String(cipher.doFinal(Base64.getDecoder().decode(secret)));
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] encodedHash = digest.digest(password.getBytes(StandardCharsets.UTF_8));
final SecretKey secretKey = new SecretKeySpec(encodedHash, "AES");
Cipher decoder = Cipher.getInstance("AES/ECB/PKCS5Padding");
decoder.init(Cipher.DECRYPT_MODE, secretKey);
return new String(decoder.doFinal(Base64.getDecoder().decode(encryptedToken)));
}
private PublicKey castStringToPublicKey(String publicKeyStrPkcs8) throws InvalidKeySpecException, NoSuchAlgorithmException {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
String publicKeyStr = publicKeyStrPkcs8
.replace("-----BEGIN PUBLIC KEY-----", "")
.replace("-----END PUBLIC KEY-----", "")
.replaceAll("\\s+", "");
byte[] publicKey = Base64.getDecoder().decode((publicKeyStr));
EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKey);
return keyFactory.generatePublic(publicKeySpec);
}Note lines 12 and 13 showing "decrypt" and "public" in the same sentence. I don't get it, but it works. It gives the exact correct output.So, I guess the question is - can I do the equivalent in Objective-C or Swift?
Hi EskimoThanks again - your insight into this is great - I wish I understood a fraction of what you do.Now, I totally agree with you, and what you say tallies with everything I read on the RSA website, and other places.So you can see how I am struggling to understand why the Java code gets away with things like...final Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, castStringToPublicKey(publicKeyStr));
String password = new String(cipher.doFinal(Base64.getDecoder().decode(secret)));...which returns the actual bytes, not just a boolean. And these are standard Java libraries too. They should know better!Oh my head hurts!I tried looking into the actual sources of javax.crypto.x but they are so abstract it is hard to see what is happening.Thanks again! I truly appreciate your help.Kenny..ps.Sorry for the late reply - I have subscribed to this thread, but I never get any notifications about replies.
@Quinn The Eskimo
Once again I am in your debt!
Yes I need to support multicast addresses and iOS13 as a minimum - so BSD Sockets it is!
Fortunately I alreadu have a load of BSD stuff in the previous version of this app (Obj-C, Cocoa) which I will now try to port oevr to SwiftUI.
Wish me luck as I google how to call C style code from SwitfUI.....
Thanks again!
.ps. I really don't like these new forums.. I guess Apple would prefer us to use Stackexchange.
@KMT
Not helpful.
@Quinn
Thanks again - I will look at your attachment and see if I can get my head round it.
I truly wish I could target just iOS 14 - but I'm afraid I can't :-(
You're right - I said SwiftUI, but I meant Swift... having done Objective-C for the past 15+ years, my old brain is finding it hard to migrate to Swift, but one must move with the times! I remember when we used to get Apple Developer tools shipped to us by UPS on CD's! My first apps were home-automation apps using Xcode and IB... now I'm doing some really cool stuff with Film and TV makers on movie sets using loads of UDP... whenever I post one of my silly questions I always hope I'll get an answer from Quinn The Eskimo! Thanks again. :-)
Here's an example how how a question would get completely missed - and the poor user gets no feedback...
This was posted with the wrong tag:
Oh - wait - I can't post an image or screen shot. Oh well. Never mind.
I got this working :-)
But I wimped out :-(
I just lifted my Obj-c code from the previous project, added the bridging header and viola! It just worked.
So I guess that's OK - not 100% sure what the implications are (Is obj-c being deprecated? How long before I just have to figure out how to do all this in Swift?)
I did try to get it working in Swift (Targetting iOS 13) but gave up - the time/gain balance was all wrong for now.
Thanks @Quinn - your help is invaluable!
Hi Quinn - thanks for taking the time for me.
I posted the bug - FB8699241 - regarding whitespace.
I also tried a number of your suggestions, and find that it just feels cludgy and workround-y
I think most really good developers have just abandoned the forums.
In my post over on the swift forum [... well there is no "over on ... " in this new world, so in the big, massive pile of messages tagged with various random tags, and hopefully somewhere by adding lots of filters and gueswork I might be able to find my way back to my own message], I added a reply you your latest reply. The new reply that I made just appeared at a random place in all the other replies - which makes it utterly impossible to read the question, and the replies, in any logical order that makes sense to me. OK, OK - I hear you say "quote the thing your replying to" but it stillo forces the user to track and order these things in the head, rather than on the screen.
I have one suggestion that will fix all the problems:
Simply make "h.t.t.p.s://de.v.e.l.o.p.e.r.a.p.p.l.e...c.o.m./.f.o.r.u.m.s." point to w.ww.st.a.c.k.e.x.ch.a.n.g.e...c.o.m. and we're done!
To do this:
Click your avatar in the top right.
In the resulting popup, click anywhere in the top cell that’s outside of the Edit Profile link.
And yeah, I agree that this is quite non-obvious. We have a bug tracking that (r. 66042728).
Yeah - that doesn't work - maybe it's been 'fixed'
You now have to click on your Avater and then click on your Avatar in the top cell.
@Quinn
See - perfect example of how Tags don't work for forum structure!
So great you could join us!
I'm here too. Having lots of fun.
First of all, I suggest you search for "Stanford CS193p" in YouTube.
(We developers are not trusted enough by our fruity provider to post URLs into these forums, so you'll have to pretend it's 1991 and do it yourself.)
That will give you an excellent list of real world lectures by an fantastic tutor on Swift and SwiftUI - absolutely the best place to start.
Don't you just love the fact that this thread is over two months old, has loads of irrelevant answers, and other people 'hijacking' it to ask unrelated questions about iPhones.... yet it still appears as the most relevant thread when you enter Apple's developer forums? Nice!