1 Reply
      Latest reply: Dec 18, 2016 3:01 PM by eskimo RSS
      dmnov Level 1 Level 1 (0 points)

        Here is my code, and what is supposed to do, is encrypt text with imported certificate as .pem. I imported RSAUtils.swift in the code, and both certificates but I havent done anything in .plist file (I'm not sure if something should be done or not) and the other doubdt that I have is about the com.company.tag_private line. What should I put there instead of 'company'? I tried with my name, but didn't work.

        Everything seems to be fine (no errors) untill I launch the app and try to encrypt text, the just nothing happens - no text is output. What am I missing?


        This is my code:

        @IBOutlet weak var messageToDecrypt: UITextView!
            @IBOutlet weak var decryptedMessageLabel: UITextView!
            let privatekey = "com.company.tag_private"
            let publickey = "com.company.tag_public"
            @IBAction func decrypt(sender: AnyObject) {
                func decrypt() {
                    let privatekey = getKeyStringFromPEM(name: "private_key_pkcs8")
                    let message = messageToDecrypt.text
                    let data = message?.data(using: String.Encoding(rawValue: String.Encoding.utf8.rawValue))
                    let decryptedData:NSData? = RSAUtils.decryptWithRSAPrivateKey(data!, privkeyBase64: privatekey, keychainTag: privatekey) as NSData?
                    let decryptedMessage = decryptedData?.base64EncodedString(options: NSData.Base64EncodingOptions())
                    decryptedMessageLabel.text = decryptedMessage
            override func viewDidLoad() {
                messageToDecrypt.delegate = self
                decryptedMessageLabel.delegate = self
        • Re: What is com.company.tag_private
          eskimo Apple Staff Apple Staff (6,055 points)

          … what is supposed to do, is encrypt text with imported certificate as .pem.

          I’m not familiar with RSAUtils.swift (it’s not an Apple thing AFAICT) but it seems likely that these tags values relate to the keychain (probably used by kSecAttrApplicationTag).  Which is weird because you don’t need to mess with the keychain in order to encrypt data with a certificate.  What you need to do is:

          1. Convert the certificate from PEM format into DER format

          2. Create a certificate object (SecCertificate) from that

          3. Extract the public key from that

          4. Encrypt using that public key

          I’ll break down each step in turn.

          The difficulty of step 1 depends on the source of your certificate.  If you’re dealing with one fixed certificate, you can just do the conversion on your Mac (using Keychain Access) and then add the .cer file to your app’s bundle.  OTOH, if you have to deal with some arbitrary PEM, you’ll have to write (or acquire) a PEM parser.

          To create a certificate object from DER data, call SecCertificateCreateWithData.

          To extract a public key from a certificate:

          1. Create a trust object using SecTrustCreateWithCertificates

          2. Evaluate that trust object using SecTrustEvaluate (you can ignore the result, but step 3 won’t work unless you’ve done an evaluation)

          3. Get the public key via SecTrustCopyPublicKey

          To see how to encrypt using a public key, take a look at the CryptoCompatibility sample code.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"