CryptoKit: encrypt with secret, decrypt in server

Hello,


I am reading articles about the new library CryptoKit which sounds interesting but would like to implement a basic functionality and don't know what is the best path to follow.


The idea is simple, using CryptoKit I would like to encrypt some text using a secret text only shared with receiver. For example I would like to make secure the text: "My encrypted message" using the secret: "$)WERWERsdff?55345"


After the app encrypts the message I would get an encoded string to be passed to receiver (server). Then on server, using c# and given secret I could decrypt the message.


The approach I can get is using following code:


import CryptoKit



func encrypt(_ data: Data, to theirEncryptionKey: Curve25519.KeyAgreement.PublicKey, signedBy ourSigningKey: Curve25519.Signing.PrivateKey) throws -> (ephmeralPublicKeyData: Data, ciphertext: Data, signature: Data) {


// Create a salt for key derivation.

let protocolSalt = secretKey.data(using: .utf8)!

let ephemeralKey = Curve25519.KeyAgreement.PrivateKey()

let ephemeralPublicKey = ephemeralKey.publicKey.rawRepresentation

let sharedSecret = try ephemeralKey.sharedSecretFromKeyAgreement(with: theirEncryptionKey)

let symmetricKey = sharedSecret.hkdfDerivedSymmetricKey(using: SHA256.self,

salt: protocolSalt,

sharedInfo: ephemeralPublicKey +

theirEncryptionKey.rawRepresentation +

ourSigningKey.publicKey.rawRepresentation,

outputByteCount: 32)

let ciphertext = try ChaChaPoly.seal(data, using: symmetricKey).combined

let signature = try ourSigningKey.signature(for: ciphertext + ephemeralPublicKey + theirEncryptionKey.rawRepresentation)

return (ephemeralPublicKey, ciphertext, signature)

}



var secretKey = "abcdef0123456xyz"

let message = "Hello, Here I want to Present CryptoKit Example.".data(using: .utf8)!


let senderSigningKey = Curve25519.Signing.PrivateKey()

let senderSigningPublicKey = senderSigningKey.publicKey


let receiverEncryptionKey = Curve25519.KeyAgreement.PrivateKey()

let receiverEncryptionPublicKey = receiverEncryptionKey.publicKey



let sealedMessage = try! encrypt(message, to: receiverEncryptionPublicKey, signedBy: senderSigningKey)


print(sealedMessage.ciphertext.base64EncodedString())



But I get all time decrypt error on server, do you know a full compatible method so c# could process the encrypted text?

Replies

If you’re sharing a key between the client and the server, that’s symmetric encryption, which means you don’t need to be using asymmetric constructs like

Curve25519
. Rather, you’d use one of the symmetric encryption and decryption algorithms, like
AES
or
ChaChaPoly
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"