views:

3539

answers:

2

I am developing Iphone application. I have used SecKeyGeneratePair method of Security/Security.h framework. I am getting public & private keys as SecKeyRef objects. Can I access the key or print its value to console? Can I get NSString or NSData object from it ? When i print the key to console using NSLog I am getting . Can we pass these key objects over network to other application which might be in java? Can we encrypt some text in iphone application, send it to server, using the key sent decrypt the text on server side ?

+4  A: 

Consider using NSData to get the string value, and perhaps use Base64 or some other form of encoding when passing over the network (and then decoding from Base64 to whatever in Java).

Here's an example of some code that might help you get started. I'm doing a HMAC-SHA1 signature ('digest') here, but the general idea is the same for your RSA case:

#import <Foundation/NSString.h>
#import <CommonCrypto/CommonHMAC.h>
#import <CommonCrypto/CommonDigest.h>

@interface NSString (NSStringAdditions)

+ (NSString *) base64StringFromData:(NSData *)data length:(int)length;
- (NSString *) base64StringWithHMACSHA1Digest:(NSString *)secretKey;

@end

-------------------------------------------

#import "NSStringAdditions.h"

static char base64EncodingTable[64] = {
  'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
  'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
  'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
  'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
};

@implementation NSString (NSStringAdditions)

- (NSString *) base64StringWithHMACSHA1Digest:(NSString *)secretKey {
  unsigned char digest[CC_SHA1_DIGEST_LENGTH];
  char *keyCharPtr = strdup([secretKey UTF8String]);
  char *dataCharPtr = strdup([self UTF8String]);

  CCHmacContext hctx;
  CCHmacInit(&hctx, kCCHmacAlgSHA1, keyCharPtr, strlen(keyCharPtr));
  CCHmacUpdate(&hctx, dataCharPtr, strlen(dataCharPtr));
  CCHmacFinal(&hctx, digest);
  NSData *encryptedStringData = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];

  free(keyCharPtr);
  free(dataCharPtr);

  return [NSString base64StringFromData:encryptedStringData length:[encryptedStringData length]];
}

+ (NSString *) base64StringFromData: (NSData *)data length: (int)length {
  unsigned long ixtext, lentext;
  long ctremaining;
  unsigned char input[3], output[4];
  short i, charsonline = 0, ctcopy;
  const unsigned char *raw;
  NSMutableString *result;

  lentext = [data length]; 
  if (lentext < 1)
    return @"";
  result = [NSMutableString stringWithCapacity: lentext];
  raw = [data bytes];
  ixtext = 0; 

  while (true) {
    ctremaining = lentext - ixtext;
    if (ctremaining <= 0) 
       break;        
    for (i = 0; i < 3; i++) { 
       unsigned long ix = ixtext + i;
       if (ix < lentext)
          input[i] = raw[ix];
       else
          input[i] = 0;
    }
    output[0] = (input[0] & 0xFC) >> 2;
    output[1] = ((input[0] & 0x03) << 4) | ((input[1] & 0xF0) >> 4);
    output[2] = ((input[1] & 0x0F) << 2) | ((input[2] & 0xC0) >> 6);
    output[3] = input[2] & 0x3F;
    ctcopy = 4;

    switch (ctremaining) {
      case 1: 
         ctcopy = 2; 
         break;
      case 2: 
         ctcopy = 3; 
         break;
    }

    for (i = 0; i < ctcopy; i++)
       [result appendString: [NSString stringWithFormat: @"%c", base64EncodingTable[output[i]]]];

    for (i = ctcopy; i < 4; i++)
       [result appendString: @"="];

    ixtext += 3;
    charsonline += 4;

    if ((length > 0) && (charsonline >= length))
      charsonline = 0;

    return result;
 }

 @end
Alex Reynolds
A: 

Thanks Alex Reynolds for your quick response. In case of RSA Encryption first I have to generate a key pair which is in the form of SecKeyRef objects. Then we will pass that reference to SecKeyEncrypt & SecKeyDecrypt methods. when i encrypt & decrypt locally it is working perfect but if i try to send the key & encrypted data to server & decrypt at server(java implementation) side, I am not able to pass the SecKeyRef object to server as a key value. In java we have to get the string in string or byte array format to pass to the encryption method. Can we get the access to the data stored in object SecKeyRef (which is NSCFType object)? which is a struct __SecKey.

Prajakta
I don't know the answer to your question, but you might look into serializing the SecKeyRef object: http://developer.apple.com/DOCUMENTATION/Cocoa/Conceptual/Archiving/Concepts/serializations.html
Alex Reynolds