1 Reply
      Latest reply on Oct 9, 2019 9:16 AM by eskimo
      jose_webpac Level 1 Level 1 (0 points)



        I am reading articles about the new library CryptoKit which sounds interesting but would like to implement a basic functionality and don't know what is the best path to follow.


        The idea is simple, using CryptoKit I would like to encrypt some text using a secret text only shared with receiver. For example I would like to make secure the text: "My encrypted message" using the secret: "$)WERWERsdff?55345"


        After the app encrypts the message I would get an encoded string to be passed to receiver (server). Then on server, using c# and given secret I could decrypt the message.


        The approach I can get is using following code:


        import CryptoKit



        func encrypt(_ data: Data, to theirEncryptionKey: Curve25519.KeyAgreement.PublicKey, signedBy ourSigningKey: Curve25519.Signing.PrivateKey) throws -> (ephmeralPublicKeyData: Data, ciphertext: Data, signature: Data) {


            // Create a salt for key derivation.

        let protocolSalt = secretKey.data(using: .utf8)!

        let ephemeralKey = Curve25519.KeyAgreement.PrivateKey()

        let ephemeralPublicKey = ephemeralKey.publicKey.rawRepresentation

        let sharedSecret = try ephemeralKey.sharedSecretFromKeyAgreement(with: theirEncryptionKey)

        let symmetricKey = sharedSecret.hkdfDerivedSymmetricKey(using: SHA256.self,

        salt: protocolSalt,

        sharedInfo: ephemeralPublicKey +

        theirEncryptionKey.rawRepresentation +


        outputByteCount: 32)

        let ciphertext = try ChaChaPoly.seal(data, using: symmetricKey).combined

        let signature = try ourSigningKey.signature(for: ciphertext + ephemeralPublicKey + theirEncryptionKey.rawRepresentation)

        return (ephemeralPublicKey, ciphertext, signature)




        var secretKey = "abcdef0123456xyz"

        let message = "Hello, Here I want to Present CryptoKit Example.".data(using: .utf8)!


        let senderSigningKey = Curve25519.Signing.PrivateKey()

        let senderSigningPublicKey = senderSigningKey.publicKey


        let receiverEncryptionKey = Curve25519.KeyAgreement.PrivateKey()

        let receiverEncryptionPublicKey = receiverEncryptionKey.publicKey



        let sealedMessage = try! encrypt(message, to: receiverEncryptionPublicKey, signedBy: senderSigningKey)





        But I get all time decrypt error on server, do you know a full compatible method so c# could process the encrypted text?

        • Re: CryptoKit: encrypt with secret, decrypt in server
          eskimo Apple Staff Apple Staff (13,895 points)

          If you’re sharing a key between the client and the server, that’s symmetric encryption, which means you don’t need to be using asymmetric constructs like Curve25519.  Rather, you’d use one of the symmetric encryption and decryption algorithms, like AES or ChaChaPoly.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"