iOSRSAPublicKeyEncryption describes how to encrypt data from a PUBLIC KEY in iOS using RSA.
The main functions are in SecKeyHelper.h:
// Loads a certificate located at certPATH (usually in your bundle)
SecKeyRef SecKeyFromPathAndSaveInKeyChain( NSString* certPATH, CFDataRef keyChainId )
// Loads a SecKeyRef from Keychain (that you previously loaded from some certPATH)
SecKeyRef SecKeyFromKeyChain( CFDataRef keyChainId )
Example of how to use is in the testSecKey function in ViewController.m
FACTS
-
YOU'RE NOT SUPPOSED TO LOAD PUBLIC KEYS IN IOS FROM ANYTHING OTHER THAN A "CERTIFICATE". NO BASE64 ENCODED ----- BEGIN PUBLIC KEY ------ STRINGS ARE SUPPORTED ON IOS BY DEFAULT.
-
CERTIFICATES ARE EASY TO CREATE USING OpenSSL OR certutil ON WINDOWS The basic steps are:
HOW TO MAKE A CERTIFICATE
$ openssl genrsa -out privKey.pem 2048
$ openssl req -new -key privKey.pem -out certReq.pem
$ openssl x509 -req -days 2000 -in certReq.pem -signkey privKey.pem -out certificate.pem
$ openssl x509 -outform der -in certificate.pem -out certificate.cer
SEE ALSO: stackoverflow SEE ALSO: OpenSSL HOWTO
DO NOT FOLLOW WINGOFHERMES' METHOD FOR LOADING PUBLIC KEYS FROM BASE64 CODED STRINGS. THIS IS NOT SUPPORTED FOR A REASON AND IS NOT THE RECOMMENDED CODE PATH.
YOU'VE BEEN WARNED.
RELEVANT DEVFORUMS.APPLE THREADS:
In general we recommend that you distribute key material to clients as either a certificate (for public keys) or a PKCS#12 (for private keys or identities). iPhone OS has good support for importing these types of data.
If you have a blob of data in DER form, you can create a SecCertificateRef from it using SecCertificateCreateWithData. Once you have a certificate ref, you can extract the public key using SecTrustCopyPublicKey. There's one gotcha with this, as explained in the following post. https://devforums.apple.com/message/114555#114555
This is surprisingly easy. You don't need to add the certificate to the keychain to handle this case. Rather, just load the certificate data (that is, the contents of a .cer file) in your application (you can either get this from your bundle or off the network) and then create a certificate ref using SecCertificateCreateWithData. From there you can extract a public key ref using a SecTrust object (SecTrustCreateWithCertificates, SecTrustEvaluate -- you can choose to ignore the resulting SecTrustResultType -- and SecTrustCopyPublicKey).
And from there you can encrypt and verify using the SecKey APIs (SecKeyEncrypt, SecKeyRawVerify).
The code in this package is released under the ZLib license.
Copyright (C) 2013 William Sherif
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
- The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
- Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
- This notice may not be removed or altered from any source distribution.