I am trying to sync up private asymmetric keys between my iOS app and its watchOS equivalent. I have tried using SecKeyCopyExternalRepresentation to export it out as CFData and then send it to the watch using WatchConnectivity. However when it gets to the watch I have no way of converting the Data back into a SecKey. I tried using SecKeyCreateWithData in an attempt to recreate it, but it seems that that only works with symmetric keys, for when I tried it it crashed the watch app. Any ideas?
iOS Code:
func sendSharedKeyPair(keyPair: (publicKey: SecKey, privateKey: SecKey)) {
var error: Unmanaged<CFError>?
let publicKeyData = SecKeyCopyExternalRepresentation(keyPair.publicKey, &error)
if let error = error {
return print("Error sending shared key: \(error)")
}
let privateKeyData = SecKeyCopyExternalRepresentation(keyPair.privateKey, &error)
if let error = error {
return print("Error sending shared key: \(error)")
}
if let publicKeyData = publicKeyData, let privateKeyData = privateKeyData {
session.sendMessage(["requestedCommand": WatchControllerCommands.sendSharedKeyPair.rawValue, "keyPair": ["publicKey": publicKeyData, "privateKey": privateKeyData]], replyHandler: nil, errorHandler: { error in
print(error)
})
}
}
watchOS Code:
func session(_ session: WCSession, didReceiveMessage message: [String : Any]) {
guard let requestedCommand = (message["requestedCommand"] as? String).flatMap({ WatchControllerCommands(rawValue: $0) }), requestedCommand == .sendSharedKeyPair else { return }
guard let publicKeyData = (message["keyPair"] as? [String: Any])?["publicKey"].flatMap({ $0 as? Data }), let privateKeyData = (message["keyPair"] as? [String: Any])?["privateKey"].flatMap({ $0 as? Data }) else { return print("Couldn't parse keys") }
let publicTag = "myAppTag"
let privateTag = publicTag + ".private"
let privateAttributes = [String(kSecAttrIsPermanent): true,
String(kSecAttrApplicationTag): privateTag] as [String : Any]
let publicAttributes = [String(kSecAttrIsPermanent): true,
String(kSecAttrApplicationTag): publicTag] as [String : Any]
var error: Unmanaged<CFError>?
let publicCFData = publicKeyData as CFData
let privateCFData = privateKeyData as CFData
let publicCFDict = publicAttributes as CFDictionary
let privateCFDict = privateAttributes as CFDictionary
SecKeyCreateWithData(publicCFData, publicCFDict, &error)
if let error = error {
print(error)
}
SecKeyCreateWithData(privateCFData, privateCFDict, &error)
if let error = error {
print(error)
}
}
From headerdocs around SecKeyCreateWithData:
#param attributes Dictionary containing attributes describing the key
to be imported. The keys in this dictionary are kSecAttr* constants
from SecItem.h. Mandatory attributes are: * kSecAttrKeyType *
kSecAttrKeyClass * kSecAttrKeySizeInBits
Your code only defines kSecAttrIsPermanent and kSecAttrApplicationTag attributes.
Related
I am recieving Bad Access when trying to create a signature with xcode SecKeyCreateSignature.
This flows with biometric enrollment in a webview. When the user hits the enrollment page the device sends to the webview the device Id and a public key.
To generate the key I have...
private let tag = "com.CustomTagName.private",
deviceId = UIDevice.current.identifierForVendor!.uuidString,
privateKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag: "com.CustomTagName.private".data(using: .utf8)! as NSObject,
kSecClass: kSecClassKey,
kSecAttrType: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits : 2048 as NSObject,
kSecReturnData: kCFBooleanTrue
],
privateKey : SecKey?,
privateKeyStr = ""
;
...
private func generateKeys() throws {
var err: Unmanaged<CFError>?
do {
guard let prk = SecKeyCreateRandomKey(privateKeyAttr as CFDictionary, &err) else {
throw err!.takeRetainedValue() as Error
}
// After creating a random private key It appears we have to unwrap it...?
guard let unWrappedKey = SecKeyCopyExternalRepresentation(prk, &err) as Data? else {
throw err!.takeRetainedValue() as Error
}
self.privateKeyStr = unWrappedKey.base64EncodedString()
self.privateKey = prk;
} catch {
}
}
From here I use
let publicKey = SecKeyCopyPublicKey(self.privateKey!);
If I was going to call SecKeyCreateSignature the I have no issue. But I dont call the signature until the user needs to login. So I retrieve the key using...
let message = "HereIAm";
let statusPrivateKey = SecItemCopyMatching(privateKeyAttr as CFDictionary, &resultPrivateKey)
if statusPrivateKey != noErr || resultPrivateKey == nil{
fatalError("Error getting private key")
}
self.privateKey = resultPrivateKey as! SecKey?;
self.privateKeyStr = (privateKey as! Data).base64EncodedString()
// Bad Access Error Here \\
guard let signFingerPrint = SecKeyCreateSignature(privateKey!, SecKeyAlgorithm.rsaSignatureMessagePKCS1v15SHA512, message.data(using: .utf8)! as CFData, &err) else {
fatalError("Signing error")
}
I do notice that the SecKey does not need to be unwrapped with SecKeyCopyExternalRepresentation.
I dont understand the difference in the to Sec Keys when the data is the same.
How do I retrieve the private key to that I can create the signature off it?
I found the answer... kinda, In my privateAttrs I have
kSecReturnData: kCFBooleanTrue
and should be
kSecReturnRef: kCFBooleanTrue
Im my case I was returning Data as the type but I needed to return the type of the original reference.
I have created a private key in the Keychain with SecKeyCreateRandomKey. When I attempt to access the key to perform a signing operation, the Touch ID or FaceID dialog will never appear. I get the sign string but without TouchID or FaceID. I tried with BiometryAny and TouchIdAny but it doesn't work.
static func createKey(keyName:String){
DispatchQueue.main.async{
var error : Unmanaged<CFError>?
print("Key is generating for \(keyName)")
let tag = (keyName + "PrivateKey").data(using: .utf8)!
// private key parameters
var privateKeyParams: [String: Any] = [:]
let accessControlError:UnsafeMutablePointer<Unmanaged<CFError>?>? = nil
// ^ Already a 'pointer'
if #available(iOS 10 , *) {
let allocator:CFAllocator! = kCFAllocatorDefault
let protection:AnyObject! = kSecAttrAccessibleWhenUnlockedThisDeviceOnly
let flags:SecAccessControlCreateFlags = SecAccessControlCreateFlags.userPresence
let accessControlRef = SecAccessControlCreateWithFlags(
allocator,
protection,
flags,
accessControlError // <- Notice the lack of '&'
)
privateKeyParams = [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: tag,
kSecAttrAccessControl as String : accessControlRef!,
]
} else {
// Fallback on earlier versions
}
// global parameters for our key generation
let parameters: [String: Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits as String: 2048,
kSecPrivateKeyAttrs as String: privateKeyParams
]
if #available(iOS 10.0, *) {
do{
guard let privateKey = SecKeyCreateRandomKey(parameters as CFDictionary, nil) else {
print("\(keyName)PrivateKey generator Error!")
throw error!.takeRetainedValue() as Error
}
}
}
}
and signture function:
static func SigntureWithPrivateKey(keyName: String, message : String) -> String {
//print("sign started .........")
guard let messageData = message.data(using: String.Encoding.utf8) else {
print("bad message to sign")
return ""
}
if #available(iOS 10.0, *) {
guard let privateKeyLocal: SecKey = getPrivateKey("\(keyName)PrivateKey") else
{
return ""
}
guard let signData = SecKeyCreateSignature(privateKeyLocal,SecKeyAlgorithm.rsaSignatureDigestPKCS1v15SHA512,messageData as CFData, nil) else {
print("priv ECC error signing")
return ""
}
let convertedSignData = signData as Data
let convertedString = convertedSignData.base64EncodedString()
return convertedString
} else {
return ""
}
}
and getPrivateKey function :
fileprivate static func getPrivateKey(_ name: String) -> SecKey?
{
let query: [String: Any] = [
kSecClass as String: kSecClassKey,
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrApplicationTag as String: name,
kSecReturnRef as String: true
]
var item: CFTypeRef? = nil
let status = SecItemCopyMatching(query as CFDictionary, &item)
guard status == errSecSuccess else
{
if status == errSecUserCanceled
{
print("\tError: Accessing private key failed: The user cancelled (%#).", "\(status)")
}
else if status == errSecDuplicateItem
{
print("\tError: The specified item already exists in the keychain (%#).", "\(status)")
}
else if status == errSecItemNotFound
{
print("\tError: The specified item could not be found in the keychain (%#).", "\(status)")
}
else if status == errSecInvalidItemRef
{
print("\tError: The specified item is no longer valid. It may have been deleted from the keychain (%#).", "\(status)")
}
else
{
print("\tError: Accessing private key failed (%#).", "\(status)")
}
return nil
}
return (item as! SecKey)
}
Sorry your question is quite long so I thought I would give generic answer.
Make sure you have set NSFaceIDUsageDescription in your
info.plist
Without this key, the system won’t allow your app to use Face ID. The
value for this key is a string that the system presents to the user
the first time your app attempts to use Face ID. The string should
clearly explain why your app needs access to this authentication
mechanism. The system doesn’t require a comparable usage description
for Touch ID.
Make sure you have added both Security and LocalAuthentication
framework other than turning on keychain services
You have to specifically set Authentication param in
SecAccessControlCreateWithFlags class(Please go through this clearly it makes lots of difference)
Please find more information along with sample source code here
https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id
Hope this helps.
Do not use the simulator, try it on a real device.
you need to set flag as
let flags:SecAccessControlCreateFlags =
[SecAccessControlCreateFlags.privateKeyUsage, SecAccessControlCreateFlags.touchIDCurrentSet]
Does iOS expose API for key generation, and secret key derivation using ECDH?
From what I see, apple are using it (and specifically x25519) internally but I don't see it exposed as public API by common crypto or otherwise.
Thanks,
Z
Done in playground with Xcode 8.3.3, generates a private/public key using EC for Alice, Bob, then calculating the shared secret for Alice using Alice's private and Bob's public, and share secret for Bob using Bob's private and Alice's public and finally asserting that they're equal.
import Security
import UIKit
let attributes: [String: Any] =
[kSecAttrKeySizeInBits as String: 256,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecPrivateKeyAttrs as String:
[kSecAttrIsPermanent as String: false]
]
var error: Unmanaged<CFError>?
if #available(iOS 10.0, *) {
// generate a key for alice
guard let privateKey1 = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
let publicKey1 = SecKeyCopyPublicKey(privateKey1)
// generate a key for bob
guard let privateKey2 = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
let publicKey2 = SecKeyCopyPublicKey(privateKey2)
let dict: [String: Any] = [:]
// alice is calculating the shared secret
guard let shared1 = SecKeyCopyKeyExchangeResult(privateKey1, SecKeyAlgorithm.ecdhKeyExchangeStandardX963SHA256, publicKey2!, dict as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
// bob is calculating the shared secret
guard let shared2 = SecKeyCopyKeyExchangeResult(privateKey2, SecKeyAlgorithm.ecdhKeyExchangeStandardX963SHA256, publicKey1!, dict as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
print(shared1==shared2)
} else {
// Fallback on earlier versions
print("unsupported")
}
Thanks #Mats for sending me in the right direction..3
Here is the latest code with swift 5 and changes in parameters.
import Security
import UIKit
var error: Unmanaged<CFError>?
let keyPairAttr:[String : Any] = [kSecAttrKeySizeInBits as String: 256,
SecKeyKeyExchangeParameter.requestedSize.rawValue as String: 32,
kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
kSecPrivateKeyAttrs as String: [kSecAttrIsPermanent as String: false],
kSecPublicKeyAttrs as String:[kSecAttrIsPermanent as String: false]]
let algorithm:SecKeyAlgorithm = SecKeyAlgorithm.ecdhKeyExchangeStandardX963SHA256//ecdhKeyExchangeStandardX963SHA256
do {
guard let privateKey = SecKeyCreateRandomKey(keyPairAttr as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
let publicKey = SecKeyCopyPublicKey(privateKey)
print("public ky1: \(String(describing: publicKey)),\n private key: \(privateKey)\n\n")
guard let privateKey2 = SecKeyCreateRandomKey(keyPairAttr as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
let publicKey2 = SecKeyCopyPublicKey(privateKey2)
print("public ky2: \(String(describing: publicKey2)),\n private key2: \(privateKey2)\n\n")
let shared:CFData? = SecKeyCopyKeyExchangeResult(privateKey, algorithm, publicKey2!, keyPairAttr as CFDictionary, &error)
let sharedData:Data = shared! as Data
print("shared Secret key: \(sharedData.hexEncodedString())\n\n")
let shared2:CFData? = SecKeyCopyKeyExchangeResult(privateKey2, algorithm, publicKey!, keyPairAttr as CFDictionary, &error)
let sharedData2:Data = shared2! as Data
print("shared Secret key 2: \(sharedData2.hexEncodedString())\n\n")
// shared secret key and shared secret key 2 should be same
} catch let error as NSError {
print("error: \(error)")
} catch {
print("unknown error")
}
extension Data {
struct HexEncodingOptions: OptionSet {
let rawValue: Int
static let upperCase = HexEncodingOptions(rawValue: 1 << 0)
}
func hexEncodedString(options: HexEncodingOptions = []) -> String {
let format = options.contains(.upperCase) ? "%02hhX" : "%02hhx"
return self.map { String(format: format, $0) }.joined()
}
}
Circa - 2020 and iOS13. In Zohar's code snippet below, also specify a key size in the dictionary before attempting to get the shared secrets.
let dict: [String: Any] = [SecKeyKeyExchangeParameter.requestedSize.rawValue as String: 32]
Or there would be an error saying this.
kSecKeyKeyExchangeParameterRequestedSize is missing
Im updating my app to swift 3
I am getting a couple of errors
for (k, v): (AnyObject, AnyObject) in value {
Gets an NSDictionary.Iterator.Element is not convertable to (Anyobject, Anyobject)
Subsiquently Im getting this error
var artworks = [Artwork]()
func loadInitialData() {
// 1
let fileName = Bundle.main.path(forResource: "PublicArt", ofType: "json");
let data: Data = try! Data(contentsOf: URL(fileURLWithPath: fileName!), options: NSData.ReadingOptions(rawValue: 0))
// 2
var error: NSError?
let jsonObject: AnyObject!
do {
jsonObject = try JSONSerialization.jsonObject(with: data,
options: JSONSerialization.ReadingOptions(rawValue: 0))
} catch let error1 as NSError {
error = error1
jsonObject = nil
}
// 3
if let jsonObject = jsonObject as? [String: AnyObject], error == nil,
// 4
let jsonData = JSONValue.fromObject(jsonObject)?["data"]?.array {
for artworkJSON in jsonData {
if let artworkJSON = artworkJSON.array,
// 5
let artwork = Artwork.fromJSON(artworkJSON) {
artworks.append(artwork)
}
}
}
}
JsonObject produces 'Any' not the expected contextual result type
'AnyObject'
and
Argument type [String : AnyObject] does not conform to expected type
'AnyObject'
Im assuming this is an easy one but I havent coded in a year and would be very appreciative of the help
Thanks
Travis
UPDATE
So I just updated the code
but getting an error in the JSON.swift file
static func fromObject(_ object: AnyObject) -> JSONValue? {
switch object {
case let value as NSString:
return JSONValue.jsonString(value as String)
case let value as NSNumber:
return JSONValue.jsonNumber(value)
case _ as NSNull:
return JSONValue.jsonNull
case let value as NSDictionary:
var jsonObject: [String:JSONValue] = [:]
for (k, v): (AnyObject, AnyObject) in value {
if let k = k as? NSString {
if let v = JSONValue.fromObject(v) {
jsonObject[k as String] = v
} else {
return nil
}
}
}
return JSONValue.jsonObject(jsonObject)
case let value as NSArray:
var jsonArray: [JSONValue] = []
for v in value {
if let v = JSONValue.fromObject(v as AnyObject) {
jsonArray.append(v)
} else {
return nil
}
}
return JSONValue.jsonArray(jsonArray)
default:
return nil
}
}
}
error is:
nsdictionary.iterate.element '(aka (key: Any, value: Any)') is not
convertible to 'AnyObject, AnyObject)'
for code line
for (k, v): (AnyObject, AnyObject) in value {
Sorry for the late reply
Regards
Travis
You are using too much AnyObject aka it's-an-object-but-I-don't-know-the-type.
Since the JSON file is in your bundle you know exactly the types of all objects.
In Swift 3 a JSON dictionary is [String:Any] and a JSON array is [[String:Any]].
However I don't know the exact structure of the JSON and I don't know what JSONValue does – a third party library is actually not necessary – but this might be a starting point to get the array for key data.
func loadInitialData() {
let fileURL = Bundle.main.url(forResource: "PublicArt", withExtension: "json")!
do {
let data = try Data(contentsOf: fileURL, options: [])
let jsonObject = try JSONSerialization.jsonObject(with: data) as! [String: Any]
let jsonData = jsonObject["data"] as! [[String:Any]]
for artworkJSON in jsonData {
print(artworkJSON)
// ... create Artwork items
}
} catch {
print(error)
fatalError("This should never happen")
}
}
I am receiving the GCM Json encoded data as AnyObject as below
[MsgKey: {"NamKey":"Bdy","MobKey":"9964120147","UidKey":"Uid31"}, collapse_key: do_not_collapse, from: 925652137353]
I want to decode the above and pass it to local notication screen
I tried below :
func application(appPsgVar: UIApplication,
didReceiveRemoteNotification userInfo: [NSObject : AnyObject])
{
print("Notification: ",userInfo["MsgKey"]!)
let MsgVar = userInfo["MsgKey"]
var GotVar = MsgVar?.objectAtIndex(2)
|Or|
var GotVar = MsgVar?.objectForKey("UidKey")
|Or|
var GotVar = MsgVar?.valueForKey("UidKey")
and
if let MsgVar = userInfo["MsgKey"] as? [String:AnyObject]
{
GetNfnFnc(MsgVar["NamKey"] as! String)
}
and
if let MsgVar = userInfo["MsgKey"] as? NSData
{
var JsnAryVar: AnyObject!
do
{
JsnAryVar = try NSJSONSerialization.JSONObjectWithData(MsgVar, options: [])
print(JsnAryVar)
}
catch
{
print("ErrVar")
}
GetNfnFnc(JsnAryVar["NamKey"] as! String)
}
}
userInfo["MsgKey"] gives me below data and not able understand how to decode further
{"NamKey":"Bdy","MobKey":"9964120147","UidKey":"Uid31"}
Actu the problem was Json encoded data from server was coming as String
Method 1: Suggested by Eric D giving the solution link
Retrieving values from 2D array in JSON string
do
{
if let MsgCodVar = MsgSrgVar.dataUsingEncoding(NSUTF8StringEncoding),
let MsgJsnVar = try! NSJSONSerialization.JSONObjectWithData(MsgCodVar, options: []) as? [String:AnyObject]
{
print(MsgJsnVar)
}
}
Method 2 : My own hard workaround :-(
Create own function to convert String data to array[String:AnyObject]
func CnvJsnSrgTooAryFnc(JsnSrgPsgVar: String) -> [String:AnyObject]
{
var JsnSrgVar = JsnSrgPsgVar
JsnSrgVar = JsnSrgVar.stringByReplacingOccurrencesOfString("\"", withString: "")
JsnSrgVar = JsnSrgVar.stringByReplacingOccurrencesOfString("{", withString: "")
JsnSrgVar = JsnSrgVar.stringByReplacingOccurrencesOfString("}", withString: "")
let SrgAryVar = JsnSrgVar.componentsSeparatedByString(",")
var JsnAryVar = [String:AnyObject]()
for SrgIdxVar in SrgAryVar
{
let SrgIdxAryVar = SrgIdxVar.componentsSeparatedByString(":")
JsnAryVar[SrgIdxAryVar[0]] = SrgIdxAryVar[1]
}
return JsnAryVar
}
let MsgAryVar = CnvJsnSrgTooAryFnc(MsgSrgVar)
MsgAryVar["UidKey"]
Got output :
print(MsgSrgVar) :
{"NamKey":"Bdy","MobKey":"9964120147","UidKey":"Uid99"}
print(MsgAryVar)
["NamKey": Bdy, "MobKey": 9964120147, "UidKey": Uid99]
In your third approach, set the JsnAryVar type to a Dictionary ([String: AnyObject]) and cast the result of JSONObjectWithData to a Dictionary.
Follows:
var JsnAryVar: [String: AnyObject]!
JsnAryVar = try NSJSONSerialization.JSONObjectWithData(MsgVar, options: []) as! [String: AnyObject]
Now, you can access the elements inside MsgKey as a Dictionary, like JsnAryVar["NamKey"].