Hello,
I am reading articles about the new library CryptoKit which sounds interesting but would like to implement a basic functionality and don't know what is the best path to follow.
The idea is simple, using CryptoKit I would like to encrypt some text using a secret text only shared with receiver. For example I would like to make secure the text: "My encrypted message" using the secret: "$)WERWERsdff?55345"
After the app encrypts the message I would get an encoded string to be passed to receiver (server). Then on server, using c# and given secret I could decrypt the message.
The approach I can get is using following code:
import CryptoKit
func encrypt(_ data: Data, to theirEncryptionKey: Curve25519.KeyAgreement.PublicKey, signedBy ourSigningKey: Curve25519.Signing.PrivateKey) throws -> (ephmeralPublicKeyData: Data, ciphertext: Data, signature: Data) {
// Create a salt for key derivation.
let protocolSalt = secretKey.data(using: .utf8)!
let ephemeralKey = Curve25519.KeyAgreement.PrivateKey()
let ephemeralPublicKey = ephemeralKey.publicKey.rawRepresentation
let sharedSecret = try ephemeralKey.sharedSecretFromKeyAgreement(with: theirEncryptionKey)
let symmetricKey = sharedSecret.hkdfDerivedSymmetricKey(using: SHA256.self,
salt: protocolSalt,
sharedInfo: ephemeralPublicKey +
theirEncryptionKey.rawRepresentation +
ourSigningKey.publicKey.rawRepresentation,
outputByteCount: 32)
let ciphertext = try ChaChaPoly.seal(data, using: symmetricKey).combined
let signature = try ourSigningKey.signature(for: ciphertext + ephemeralPublicKey + theirEncryptionKey.rawRepresentation)
return (ephemeralPublicKey, ciphertext, signature)
}
var secretKey = "abcdef0123456xyz"
let message = "Hello, Here I want to Present CryptoKit Example.".data(using: .utf8)!
let senderSigningKey = Curve25519.Signing.PrivateKey()
let senderSigningPublicKey = senderSigningKey.publicKey
let receiverEncryptionKey = Curve25519.KeyAgreement.PrivateKey()
let receiverEncryptionPublicKey = receiverEncryptionKey.publicKey
let sealedMessage = try! encrypt(message, to: receiverEncryptionPublicKey, signedBy: senderSigningKey)
print(sealedMessage.ciphertext.base64EncodedString())
But I get all time decrypt error on server, do you know a full compatible method so c# could process the encrypted text?