I could find an answer from 2013 that iOS does not support ECC based encryption and a recommendation to use OpenSSL. I see at the Security Framework Reference some definitions for TLS_ECDH but it is not clear to me that ECC based is fully supported. I need to be able to generate a key pair based on secp256r1 and use the other party 64 byte public key to generate a shared secret by using ECDH. I also need to be able to use ECDSA to sign and verify signatures.
Related
I would like to perform hashing to the signed pdf and send it to others. At the same time, the generated hash value will also be send to others. May I know how can I code by using PSPDFKIT?
PSPDFKit supports the following hashing algorithms:
MD4
MD5
SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512-256)
Please refer to our official documentation for Digital Signatures: https://pspdfkit.com/guides/ios/current/features/digital-signatures/
For future questions about PSPDFKit, please reach out to our support portal at pspdfkit.com/support/request/ - we're happy to provide support there for our commercial SDK.
Any idea if store and retrieval (export the symmetric key out of keyvault) of symmetric keys is supported in Azure Kev vault or possible? I referenced Azure Keyvault documents here and it mentions the Symmetric keys are not supported and may be supported in future (not sure though if the documentation I read is current).
If it’s not supported, is there a way to simulate this using other interfaces like Secrets? Could you share a sample code to do this using Azure Keyvault REST API?
You are right about storing the symmetric keys as secrets.
REST API
Here is a detailed article around the code involved to do this using REST API
http://thuansoldier.net/7329/
.NET SDK
Here is the nuget package
https://www.nuget.org/packages/Microsoft.Azure.KeyVault/
You can use the KeyVaultClient class and GetSecretAsync method.
Here is an example on Microsoft Docs - https://learn.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application
Similar SDKs are available for Node.js, Java and Python
In the Gnupg there is gpg implementation for different platforms, even android, but not IOS.
Is there anyway I can use GPG in my IOS app?
I am looking for the very basic operations as described in this title (Create keypair, List Keys, Import public key, encrypt, decrypt)
I found zero material out there except for apps that use gpg within (which is what I want to accomplish)
any directions are valid
lets talk, thanks
For iOS there is ObjectivePGP framework that covers that functionality, you may want to use it to incorporate PGP in your application.
PGPro and Privacy are both free softwares, they rely on ObjectivePGP and they work like a charm. Maybe there are some limitations in the support of elliptic curves but RSA just works. Please ensure that you don't mistakenly export both your public key and your secret key when using PGPro when you only want to share your public key with someone else who would like to send you encrypted messages.
N.B: Please note that I don't recommend you to encrypt/decrypt messages under proprietary operating systems because it requires you to blindly trust the corporation that provides the operating system as it can't be audited by an independent organization. I recommend you to install a GNU Linux free software distribution like Debian (or Postmarket OS but it's not very mature yet) on your phone instead. As it might be unclear for some people, I highly discourage the use of OS X, iOS, Microsoft Windows and even Android to encrypt/decrypt messages.
I am currently searching for an iOS GnuPG client app as well and found this page Uwes Blog that lists and compares four different apps (iPGMail, oPenGP, Secumail, NouveauPG).
Our company is switching over from using SHA-1 certificates to SHA-2 certificates.
I noticed that CAPICOM only has a CAPICOM_CERTIFICATE_FIND_SHA1_HASH find method.
Will switching over from SHA-1 to SHA-2 mean we will need to switch to an alternative to CAPICOM for verifiying/encrypting/decrypting using these certificates?
CAPICOM_CERTIFICATE_FIND_SHA1_HASH - that's not about hash algorithm, used for signing, but about searching for certificate via fingerprint (i.e. hash of certificate data).
Since CAPICOM uses Microsoft crypto providers, which supports CALG_SHA_256, Capicom should support them as well.
However, you can use other commercial solution, there is a bunch of them, available on the market (BouncCastle, /n software, SecureBlackbox).
I have developed a 'REST-like' XML API that I wish to expose for consumption by third-party web applications. I'm now looking to implement a security model for the exchange of data between a third-party application and the 'REST-like' XML API. I would appreciate suggestions for a suitable asymmetric encryption model.
If you want encryption why not just use SSL to encrypt the connection rather than encrypting the response data? If 128-bit SSL isn't sufficient, then you'll either need to integrate some existing PKI infrastructure using an external, trusted authority or develop a key distribution/sharing infrastructure yourself and issue your public key and a suitable private key/identifier to your API consumers. Choose one of the cryptography providers in System.Security.Cryptography that supports public/private key exchange.
HTTPS works with asymmetric key encryption. It is well-known protocol easy to implement.
It protects against 3p intrusion in your communication.
All you need to implement "below" is authentication - to make sure your user known to you.
Common thing to do is to provide users with key that needs to be sent with every request.
Most common is to implement the OAuth protocol. This is what is used for the OpenSocial providers that checks authorization with 2-legged and/or 3-legged oAuth
Just do some google search and you will find a lot of implementations.