I'd like to use a public key to encrypt data in my app, then use a private key to decrypt it on my private machine. RSA won't work as the data needs to be smaller than the key (more or less). I read I can use Ellyptical Encryption to do this, and it appears to to work. But it seems the key is limited to 384 bytes:
private let keyType = kSecAttrKeyTypeECSECPrimeRandom // kSecAttrKeyTypeEC
private let algorithm = SecKeyAlgorithm.eciesEncryptionStandardX963SHA384AESGCM // eciesEncryptionStandardX963SHA512AESGCM
private let keySize = 256 // works: 256, 384 NoGood: 512
let keyPairAttr:[CFString: Any] = [
kSecAttrKeyType : keyType,
kSecAttrKeySizeInBits : keySize,
kSecPrivateKeyAttrs : privateKeyAttr,
kSecPublicKeyAttrs : publicKeyAttr
]
var publicKey: SecKey? = nil
var privateKey: SecKey? = nil
sanityCheck = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)
guard SecKeyIsAlgorithmSupported(key, .encrypt, algorithm) else {
fatalError("Can't use this algorithm with this key!")
}
if let encryptedCFData = SecKeyCreateEncryptedData(key, algorithm, cfData, &error) {
return encryptedCFData as NSData as Data
}
I am a total Crypto noobie. I read that often you create a symmetric key, then send it to the remote using RSA asymmetric - its just cumbersome and somewhat difficult in my situation.
I only would be sending data occasionally, and it would be around 20K in size. I cannot find any description on relative merits of different "algorithms" - is there a suggested set of settings that provide reasonable security and performance?