Use private key with SecKeyCreateEncryptedData

Hi,


RSA permits to use private and public keys to encrypt/decrypt data, but SecKeyCreateEncryptedData seems to only permit public key for encryption.

Is there any way to encrypt data with private key?


Thanks!


PS: the client is responsible of creating keypair, and the server validates sign with the public key.

Up vote post of Marc Hervera Down vote post of Marc Hervera
1.2k views
Posted by
Marc Hervera
Reply
Add a Comment

Replies

My understanding is that encrypting with the private key is not considered to be best practice and, as such, is not supported by Apple’s APIs.

the client is responsible of creating keypair, and the server validates sign with the public key.

It sounds like you’re doing signing/verification rather than encryption/decryption. Have you looked at using the signing APIs? For example, 

SecKeyCreateSignature
takes a private key. It supports a variety of different signature algorithms, and one of those, 
kSecKeyAlgorithmRSASignatureRaw
, allows you to effectively craft your own.

WARNING I recommend against crafting your own signature algorithm. Experience has shown that even algorithms crafted by security experts can have nasty vulnerabilities.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Yes, I'm wrong

I needed to sign, not to encrypt...


Thanks

Posted by
Marc Hervera
Up vote reply of Marc Hervera Down vote reply of Marc Hervera
Add a Comment