I'm using native RSA in one iOS app and Chilkat RSA library in another. On a native iOS side I encrypt (OAEP SHA256) data with the following function:
static func encryptWithKey(_ data: Data, rsaKey: SecKey) -> Data? {
let algorithm = SecKeyAlgorithm.rsaEncryptionOAEPSHA256
guard SecKeyIsAlgorithmSupported(rsaKey, .encrypt, algorithm) else { return nil }
var error: Unmanaged<CFError>?
let encryptedData = SecKeyCreateEncryptedData(rsaKey, algorithm, data as CFData, &error)
if let encryptionError = error {
print(encryptionError.takeRetainedValue())
}
return encryptedData as Data?
}
and then in another app, I decrypt this data with Chilkat library:
static func decrypt(base64 encryptedText: String, with xmlKey: String) -> Data? {
let privateKey = CkoPrivateKey()
guard let success = privateKey?.loadXml(xmlKey), success else { return nil }
guard let rsa = CkoRsa() else { return nil }
rsa.unlockComponent(Chilkat.key)
rsa.oaepPadding = true
rsa.littleEndian = false
rsa.oaepHash = "sha256"
rsa.encodingMode = "base64"
rsa.importPrivateKeyObj(privateKey)
if let decryptedData = rsa.decryptBytesENC(encryptedText, bUsePrivateKey: true) {
return decryptedData
} else {
print(rsa.lastErrorText)
}
return nil
}
Even I used one private / public keys pair I'm getting an error (from rsa.lastErrorText):
"ChilkatLog:
DecryptBytesENC(7ms):
DllDate: Feb 1 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: XXXXXXXXXXXX
Architecture: Little Endian; 64-bit
Language: IOS C/C++/Swift/Objective-C
VerboseLogging: 1
usePrivateKey: 1
Component successfully unlocked using purchased unlock code.
rsaDecryptBytes(7ms):
rsa_decrypt(7ms):
KeyType: Private
InputSize: 256
Padding: OAEP
OaepHashAlg: SHA-256
MgfHashAlg: SHA-1
ParamLen: 0
ModulusBitLen: 2048
inlen: 256
modulus_bytelen: 256
modulus_bitlen: 2048
bigEndian: 0
Byte swapping from big-endian to little-endian
padding: OAEP
No leading zero byte for OAEP decoding.
OAEP decoding failed.
--rsa_decrypt
--rsaDecryptBytes
Failed.
--DecryptBytesENC
--ChilkatLog"
Any ideas?
I added some extra logging so we can see the bytes (in hex) after the RSA decrypt but before OAEP unpadding. After RSA decrypt (but before OAEP unpadding), we should see bytes in this format:
0x00 || maskedseed || maskedDB
In other words, the 1st byte of the result SHOULD be a 0 byte. If the RSA private key used to decrypt did not correspond to the public key used to encrypt, then we would see random bytes. (i.e. the 1st byte would not be 0). The maskedseed and maskedDB will still appear as random bytes.
The problem was in OAEP Mgf hash function. If you set oaepMgfHash = "sha256" it becomes compatible with native iOS RSA implementation. In addition, Chilkat library provides an automatic fallback to a proper oaepMgfHash function in case you've specified it incorrectly. Thanks, Matt!
Related
I'm pretty new to RSA Keys and Certificates and all of that. So I'm getting a PEM File from a network request, I understand the PEM file is basically the certificate without header and footer, so essentially I have a string. I need to create a PublicKey from that in order to Encrypt some text, but I think I'm doing something wrong. This is my code so far, I have talked to other teams (Android) and when they print out the Encrypted Data, they are getting a regular String and I'm getting lots of weird characters. Thanks in advance guys! (:
func encryptBase64(text: String, certificateStr: String) throws -> Data {
let encryptionError = EncrpytionError(message: "There has been an issue with encryption")
guard
let certData = Data(base64Encoded: certificateStr),
let certificate = SecCertificateCreateWithData(nil, certData as CFData),
let publicKey = SecCertificateCopyKey(certificate)
else {
throw encryptionError
}
let algorithm: SecKeyAlgorithm = .rsaEncryptionOAEPSHA256AESGCM
guard SecKeyIsAlgorithmSupported(publicKey, .encrypt, algorithm) else {
throw encryptionError
}
guard let cipherText = SecKeyCreateEncryptedData(
publicKey,
algorithm,
text.data(using: .utf8)! as CFData, nil)
else {
throw encryptionError
}
return cipherText as Data
}
And when I try to print cipherText as a String, I get this weird thing:
"D�aj�\\m꒤h,�A�{��8�~�\nY\u0003F�Cˤ�#��\"�\u0018�\u0007\u001fX#VC�U_��E\u0005dž1���X��\/4Px��P\u0016�8}% ��<��#�I_�K\u000e�\bR*�� ���斋�7,�%���F^q�\u0000\\�'�ZTD\u0013Q�_\u0010\u001f>i]&��B���#1\u0006\b��E\u0004�F���yS\u0013�3����SB)��m\u0017%��5ʲ����s\u0003��r�&�?�8b��W#\u001e��؞ۡ��8�s~��ӹ�u\"�2��U�&\b�3XV���˔Y��xt[\fm&P:\\�\f� y��6jy"
Android team is doing something like this on Kotlin:
private fun extractPublicKey(certificateString: String): PublicKey {
val encodedCertificateBytes = certificateString.toByteArray()
val decodedCertificateBytes = Base64.decode(encodedCertificateBytes, Base64.DEFAULT)
val inStream = decodedCertificateBytes.inputStream()
val certificateFactory = CertificateFactory.getInstance("X.509")
val certificate = certificateFactory.generateCertificate(inStream)
inStream.close()
return certificate.publicKey
}
I need on iOS with Swift to:
Generate a Diffie–Hellman key pair with a pre-agreed modulus P and a base G
Compute a shared secret with a local private key, a remote public key and pre-agreed modulus P
And this without Elliptic-curve Diffie–Hellman (ECDH).
I wrote this code using BigInt repository.
/// Diffie–Hellman key pair
struct DHKeyPair {
var privateKey: Data
var publicKey: Data
init(privateKey: Data, publicKey: Data) {
self.privateKey = privateKey
self.publicKey = publicKey
}
}
/// Generate a Diffie–Hellman key pair
///
/// - Parameter modulus: Diffie-Hellman modulus P
/// - Parameter base: Diffie-Hellman base G
/// - Returns: DH key pair, or nil on error
static func generateDhKeyPair(modulus: Data, base: Data) -> DHKeyPair? {
// Modulus
let modulusBigUInt = BigUInt(modulus)
// Base
let baseBigUInt = BigUInt(base)
// Generate random private key
guard let privateKey = Crypto.randomBytes(length: 512) else {
return nil
}
let privateKeyBigUInt = BigUInt(privateKey)
// Compute public key
let publicKeyBigUInt = baseBigUInt.power(privateKeyBigUInt, modulus: modulusBigUInt)
var publicKey = publicKeyBigUInt.serialize()
// Set Diffie-Hellman key pair
let dhKeypair = DHKeyPair(privateKey: privateKey, publicKey: publicKey)
return dhKeypair
}
/// Compute a shared secret based on local pair key (public/private) and remote public key
///
/// - Parameter privateKey: Private key
/// - Parameter remotePublicKey: Remote public key
/// - Parameter modulus: Diffie-Hellman modulus P
/// - Returns: the computed shared secret
static func computeSharedSecret(privateKey: Data, remotePublicKey: Data, modulus: Data) -> Data {
// Private key
let privateKeyBigUInt = BigUInt(privateKey)
// Remote public key
let remotePublicKeyBigUInt = BigUInt(remotePublicKey)
// Modulus
let modulusBigUInt = BigUInt(modulus)
// Compute shared secret
let sharedSecretBigUInt = remotePublicKeyBigUInt.power(privateKeyBigUInt, modulus: modulusBigUInt)
var sharedSecret = sharedSecretBigUInt.serialize()
return sharedSecret
}
It's well working but it takes too long, about 50 seconds to generate the key pair, and the same to compute the shared secret. This is because of the BigUInt modular exponentiation function (see doc).
I couldn't find anything for these operations in the Keys documentation of the API for Swift.
So how can I do these Diffie-Hellman operations faster? Can it be done also with Swift API?
PS: we've the same function on the JDK which takes just a few seconds.
EDIT 1:
These 2 operations take about 4 seconds with a build in release, which is acceptable. But the execution time is still too long in debug (on a real device or a simulator), and also the unit tests are commented because the execution time is too long when running the unit tests.
I am working on iOS and flutter application together. There is encryption of data happening on both the sides. Below is the iOS encryption code which is already live,
func encryption(encryptionKey: String) -> String{
if(self.isEmpty){
return ""
}else{
let key = encryptionKey
let dataBytes : [UInt8] = Array(self.utf8)
let keyBytes : [UInt8] = Array(key.utf8)
do {
let encryptedData = try AES(key: keyBytes, blockMode: ECB(), padding: .pkcs7).encrypt(dataBytes)
let encodedString = Data(encryptedData).base64EncodedString()
return encodedString
} catch let error {
print(error)
return ""
}
}
Below is the flutter encryption code that I am working on now (Using encrypt.dart package),
final key = Key.fromBase64("Some_Key");
final iv = IV.fromLength(16));
final encrypter = Encrypter(AES(key, mode: AESMode.ecb, padding: 'PKCS7'));
final encrypted = encrypter.encrypt(someString, iv: iv); //IV is ignored in ECB mode
The issue here is the encrypted string that I am getting in flutter must be the same as iOS which is not the case. Could someone help me out in getting a compatible encryption version in flutter? Kindly help...
I finally resolved it myself. Posting the answer over here hoping it helps someone.
I had to change the below line,
from
final key = Key.fromBase64("Some_Key");
to
final key = Key.fromUtf8("Some_Key");
That't it. It works!!
I am exchanging data with a device that requires encryption. According to the instructions, my iOS app generates an RSA 2048-bit public-private key pair and I send the device the public key.
I created the public-private key pair using a macOS command line with openssl shown here (as I cannot figure out how to make iOS do it - but that's a future question):
openssl req -x509 -newkey rsa:2048 -out cert.pem
openssl x509 -in cert.pem -noout -pubkey
I copied the values from the cert.pem and the private and public keys into my app:
let certificate = "MIIDej....GWB"
let privateKey = "MIIFhz...Q=="
let publicKey = "MIIBI...AQAB"
When I send the device the public key, the device is happy and sends back data in AES-128 encrypted using the public key I sent.
I am in over my head here, but I'm the one trying to get this device to work.
Is there a way to take the private key or cert that I have set as Strings in my app to decode the data coming from the device?
I have been looking at the Security and CryptoKit docs and it makes my head swim.
FWIW, I was able to use SecCertificateCreateWithData on the String set from the cert.pem file and read some of its info like the summary. But I have no idea how to apply the private key or use the cert to decode the data. I need like a Dummies cliff notes or something.
Thank you.
Apple documentation describe how to generate key pair on the iOS side.
Example:
let tag = "com.example.keys.mykey".data(using: .utf8)!
let attributes: [String: Any] =
[kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits as String: 2048,
kSecPrivateKeyAttrs as String:
[kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: tag]
]
var publicKey: SecKey?
var privateKey: SecKey?
SecKeyGeneratePair(attributes, &publicKey, &privateKey)
More attributes are available here.
And then you can get External representations of private or public key using method:
SecKeyCopyExternalRepresentation.
Example:
var error: Unmanaged<CFError>?
SecKeyCopyExternalRepresentation(secKey, &error) as Data?
To decrypt AES-128 data you need to use CCCrypt. Here you have example from Apple support how the data is encrypted, but to decrypt data you need to change first argument to kCCDecrypt.
Example:
extern NSData * SecDecryptAES128CBCPad(NSData * data, NSData * key, NSData * iv) {
CCCryptorStatus err;
NSMutableData * result;
size_t resultLength;
NSCParameterAssert(key.length == kCCKeySizeAES128);
NSCParameterAssert(iv.length == kCCBlockSizeAES128);
// Padding can expand the data, so we have to allocate space for that. The rule for block
// cyphers, like AES, is that the padding only adds space on encryption (on decryption it
// can reduce space, obviously, but we don't need to account for that) and it will only add
// at most one block size worth of space.
result = [[NSMutableData alloc] initWithLength:[data length] + kCCBlockSizeAES128];
err = CCCrypt(
kCCDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
key.bytes, key.length,
iv.bytes,
data.bytes, data.length,
result.mutableBytes, result.length,
&resultLength
);
assert(err == kCCSuccess);
// Set the output length to the value returned by CCCrypt. This is necessary because
// we have padding enabled, meaning that we might have allocated more space than we needed.
[result setLength:resultLength];
return result;
}
Arguments in CCCrypt method (like kCCOptionPKCS7Padding, iv) you need to adjust to your example.
I know there is a function called SecPKCS12Import that allows you to import data from a p12 file. However, I want to go the reverse route. I have a SecCertificateRef and a public/private SecKeyRef, which I want to use to create a P12 file. Does anyone know how to do this on iPhone?
Thanks
Unfortunately, there CommonCrypto does not provide any means to export PKCS12 containers let alone any other export functionality (even though its OSX counterpart can do that). There are ways to extract the SecKeyRef raw data from the key chain but then you still need to write all the PKCS12 wrapping yourself.
We were facing a similar issue and went with OpenSSL.
Compiling OpenSSL for iOS
Integrating OpenSSL requires a bit of work as you need to compile and link the OpenSSL sources yourself. Fortunately, there are some build scripts available so you do not have to do that yourself, e.g, https://github.com/x2on/OpenSSL-for-iPhone . I suggest you use them as you need to patch some of the Makefiles which is a bit of a hazel. Those build scripts generate static linked libraries for both iOS and tvOS. You just need to link them against your project and set the Header and Library Search Path accordingly.
CocoaPods
You can also use the official OpenSSL CocoaPod . That saves you the trouble of configuring your project.
Exporting PKCS12
As you might know, OpenSSL is a C library. That means you might want to encapsulate all the C functions into a Objective-C or Swift wrapper. There are some open source wrappers that support im- and exporting PKCS12 containers but I have not found a single one with good documentation. You should be able to derive the relevant snippets from some of the sources though.
https://github.com/microsec/MscX509Common/blob/master/src/MscPKCS12.m
You can have a look at this example as well http://fm4dd.com/openssl/pkcs12test.htm .
Hope that helps!
I agree that this task can only be performed using OpenSSL. It is a bit tricky to compile it for iOS but with OpenSSL-for-iPhone it is quite possible.
To solve the given task of creating a PKCS12 keystore from a SecCertificate and a SecKey with Swift 3 just add the static libraries libssl.aand libcrypto.a to your project and create the following bridging header:
#import <openssl/err.h>
#import <openssl/pem.h>
#import <openssl/pkcs12.h>
#import <openssl/x509.h>
To create the keystore the input data have to be converted to OpenSSL data structures, which requires some creativity. The SecCertificate can be converted directly to DER format and then read into a X509 structure. The SecKey is even worse to handle. The only possible solution to get the data of the key is to write it to the keychain and get the reference. From the reference we can get the base 64 encoded string, which then can be read into a EVP_PKEY structure. Now, we can create the keystore and save it to a file. To access the data in the keystore via iOS functions we must read the file via let data = FileManager.default.contents(atPath: path)! as NSData
The full solution is shown in the following:
func createP12(secCertificate: SecCertificate, secPrivateKey: SecKey) {
// Read certificate
// Convert sec certificate to DER certificate
let derCertificate = SecCertificateCopyData(secCertificate)
// Create strange pointer to read DER certificate with OpenSSL
// data must be a two-dimensional array containing the pointer to the DER certificate as single element at position [0][0]
let certificatePointer = CFDataGetBytePtr(derCertificate)
let certificateLength = CFDataGetLength(derCertificate)
let certificateData = UnsafeMutablePointer<UnsafePointer<UInt8>?>.allocate(capacity: 1)
certificateData.pointee = certificatePointer
// Read DER certificate
let certificate = d2i_X509(nil, certificateData, certificateLength)
// Print certificate
X509_print_fp(stdout, certificate)
// Read private key
// Convert sec key to PEM key
let tempTag = "bundle.temp"
let tempAttributes = [
kSecClass: kSecClassKey,
kSecAttrApplicationTag: tempTag,
kSecAttrKeyType: kSecAttrKeyTypeRSA,
kSecValueRef: secPrivateKey,
kSecReturnData: kCFBooleanTrue
] as NSDictionary
var privateKeyRef: AnyObject?
// Store private key in keychain
SecItemDelete(tempAttributes)
guard SecItemAdd(tempAttributes, &privateKeyRef) == noErr else {
NSLog("Cannot store private key")
return
}
// Get private key data
guard let privateKeyData = privateKeyRef as? Data else {
NSLog("Cannot get private key data")
return
}
let pemPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\n\(privateKeyData.base64EncodedString())\n-----END RSA PRIVATE KEY-----\n"
// Delete private key in keychain
SecItemDelete(tempAttributes)
let privateKeyBuffer = BIO_new(BIO_s_mem())
pemPrivateKey.data(using: .utf8)!.withUnsafeBytes({ (bytes: UnsafePointer<Int8>) -> Void in
BIO_puts(privateKeyBuffer, bytes)
})
let privateKey = PEM_read_bio_PrivateKey(privateKeyBuffer, nil, nil, nil)
// !!! Remove in production: Print private key
PEM_write_PrivateKey(stdout, privateKey, nil, nil, 0, nil, nil)
// Check if private key matches certificate
guard X509_check_private_key(certificate, privateKey) == 1 else {
NSLog("Private key does not match certificate")
return
}
// Set OpenSSL parameters
OPENSSL_add_all_algorithms_noconf()
ERR_load_crypto_strings()
// Create P12 keystore
let passPhrase = UnsafeMutablePointer(mutating: ("" as NSString).utf8String)
let name = UnsafeMutablePointer(mutating: ("SSL Certificate" as NSString).utf8String)
guard let p12 = PKCS12_create(passPhrase, name, privateKey, certificate, nil, 0, 0, 0, 0, 0) else {
NSLog("Cannot create P12 keystore:")
ERR_print_errors_fp(stderr)
return
}
// Save P12 keystore
let fileManager = FileManager.default
let tempDirectory = NSTemporaryDirectory() as NSString
let path = tempDirectory.appendingPathComponent("ssl.p12")
fileManager.createFile(atPath: path, contents: nil, attributes: nil)
guard let fileHandle = FileHandle(forWritingAtPath: path) else {
NSLog("Cannot open file handle: \(path)")
return
}
let p12File = fdopen(fileHandle.fileDescriptor, "w")
i2d_PKCS12_fp(p12File, p12)
fclose(p12File)
fileHandle.closeFile()
}