Swift RSA Public Key Encryption Howto

Privacy & Security General
BassemDy OP
Created Dec ’15
Replies 6
Boosts 0
Views 9.5k
Participants 3

Hello All,


After successfully generating an RSA Public/Private key pairs, I'm now trying to encrypt regular text with either my private or public keys. The app is designed with Swift for OSX 10.11 (not iOS). The signature for my encryption function is as follows:


func encryptMessageWithKey(message: String, keyType: KeyType,
        withCompletionBlock: (success: Bool, data: NSData?, error: Exceptions?)
        -> Void)


I can successfully retreive the 

SecKeyRef
for either my private or public keys. However, I haven't been able to find a Swift reference for how the actual encryption should be done. I have been able to find reference for 
SecTransform
and CMS:


https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecTransformPG/EncryptionandDecryption/EncryptionandDecryption.html#//apple_ref/doc/uid/TP40010801-CH3-SW3


https://developer.apple.com/library/mac/documentation/Security/Reference/CryptoMessageRef/index.html#//apple_ref/c/func/CMSEncodeContent


But I wasn't able to finalize the implementation with the above. Any pointers to how I can encode a String and get an NSData / String encoded value?


Edit

I got to this point:


var sourceData = message.dataUsingEncoding(NSUTF8StringEncoding)!
var privKey = self.getPrivateKeyReference()
var errorRef: Unmanaged<CFError>?
var encoder = SecEncryptTransformCreate(privKey!, &errorRef)


SecTransformSetAttribute(encoder,
    kSecPaddingKey,
    kSecPaddingPKCS1Key,
    &errorRef)


SecTransformSetAttribute(encoder, kSecTransformInputAttributeName, sourceData, &errorRef)


if (errorRef != nil) {
    let error = errorRef!.takeRetainedValue()
    print(error)
}


var encryptedData = SecTransformExecute(encoder, nil)


However, there seems to be a problem with 

sourceData
that is causing the application to crash (with: EXEC_BAD_ACCESS) once 
SecTransformExecute()
is executed.


It's important to note that I'm using: Xcode Version 7.1 (7B91b)

Replies  6
Boosts  0
Views  9.5k
Participants  3
DTS Engineer OP
Apple
Jan ’16

Generally you don’t encrypt user data directly with an RSA key (because an RSA key can only encrypt a small amount of data). Rather, you generate a cryptographically random key, use that to encrypt the data with a symmetric cypher (AES typically) and then encrypt the random key with RSA. As you can imagine, there are lots of variables in play.

Are you trying to interoperate with an existing encryption scheme? Or designing your own encryption scheme?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
BassemDy OP
Jan ’16

I'm sorry for the delay in responding. Thank you for the feedback, it's quite insightful. What I'm batteling with at the moment is the "how" to achieve what you mentioned given the little resources available online. I'm quite new to this and don't know yet the best practices. I'm not trying to reinvent the wheel, as what I'm building should have already been tackled before:


1. I want to generate a private / public key pair on "A"

2. I want to share the public key with a remote client "B"

3. I want to use this public key at B to encrypt a message and pass it back to "A"

4. I want "A" to decrypt / verify this message with the private key it has

0
DTS Engineer OP
Apple
Jan ’16

What platforms are A and B running on?

What do you mean by “message”? Is that something you send in real time over a TCP connection? Or some sort of store and forward thing, like email?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
BassemDy OP
Feb ’16

A is an OSX application, B is an iOS application. The message is plain-text with variable size, passed through HTTP from A to a designated server then pushed to B.

0
DTS Engineer OP
Apple
Feb ’16

Why are you not using TLS for this? Designing your own crypto scheme is something that should only be attempted by crypto experts (and even they get it wrong most of the time, hence we’re at TLS version 1.2 :-).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
DTS Engineer OP
Apple
Aug ’21

Can we achieve this using CryptoKit?

I’ll responding over on your other thread.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Swift RSA Public Key Encryption Howto
First post date Last post date
 
 
Q