Hi,
I'm trying to use symmetric encryption for securing internal data.
I want to use the SecKeyCreateEncryptedData(_:_:_:_:) with symmetric encryption.
in the doumentation i see that it "Encrypts a block of data using a public key and specified algorithm".
Is this API used for symmetric encryption ? If it is , does it supports AES-CBC? I cannot see it in the supported SecKeyAlgorythems.
https://developer.apple.com/documentation/security/seckeyalgorithm
Thanks !
Is this API used for symmetric encryption?
No.
For AES-CBC you should use Common Crypto, and specifically
<CommonCrypto/CommonCryptor.h>Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thanks for the quick answer.
However , I wonder if i can pass to the AES operation the key in a secure way , that means to pass the SecKeyRef instead of block of data:
err = CCCrypt(
self.op,
kCCAlgorithmAES128,
(self.ivData == nil) ? kCCOptionECBMode : 0,
self.keyData.bytes, self.keyData.length,
self.ivData.bytes, // will be NULL if ivData is nil
self.inputData.bytes, self.inputData.length,
result.mutableBytes, result.length,
&resultLength
);
and make sure that the AES Symmetric key wont be out of the ARM secure execution zone (Security Enclave) ?
Thanks !
can [I] pass to the AES operation the key in a secure way
No. The Secure Enclave does not support symmetric crypto, although that would make a fine enhancement request.
ps If you do file an ER, please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thank you for acknowledge this behaviour.
I submitted a feature request no. 45365468.
Will be greatful if this security feature will be accepted.