This question already has answers here:
Create CSR using existing private key
(2 answers)
Closed 5 years ago.
Apple, faithful to its extremely proprietary spirit, requires certificates used for iOS developer program to be generated with a mac. (as a .certSigningRequest file)
Obviously, they somehow use a standard for these keys, so my question is:
What does a .certSigningRequest look like? Could someone share a censured version of their file? (while keeping same length)
Then, I am sure we can figure out a way to generate the same thing with openssl, and eventually edit the csr file to make it match the format required by apple.
Ah, in fact it is strictly the same format than the files generated with openssl.
I just use to generate always 4096 and I did not expect apple to use 2048 only.
So to generate a set of keys for ios developer:
openssl genrsa -out ios-dev.key 2048
openssl req -new -key ios-dev.key -out ios-dev.csr
Related
I am trying to find a good library to do the following:
Generate RSA public and private key pairs
Encrypt / decrypt using keys
Sign using private key / verify with public key
Generate SHA256 hashes
I tried many libraries, but I can't seem to find something simple and straightforward with all these functions. In python pycrypto covers all this, it's really strange that there doesn't seem to be something like this available for Swift.
If you are using iOS 13 or above as the base SDK for your app then you should look at CryptoKit from Apple as it should cover what you are looking for.
https://developer.apple.com/documentation/cryptokit
If you need to support devices running versions of iOS older than iOS13 then you should look at CommonCrypto (also native to Apple) but if you can afford to only support iOS13 and above then CryptoKit is far better and easier to implement.
Is there a way in dart to generate a file in the PKCS12 / .p12 / .pfx Format by passing in a Certificate and it's Private Key in pure Dart?
The BouncyCastle Port has no support for PKCS 12
For Android, there is the Bouncy Castle Library (Java), I tested it and it works like a charm.
For iOS I find it difficult to build a Plugin with the Open SSL Library linked to it because there is currently no way to tell Xcode to include C Code inside a Flutter Plugin.
dart:ffi would be an option, but it seems like dart has problems with C pointers, so I am not sure how to tackle this.
My iOS app is handling x509 certificates + keys (DER encoded) at runtime. The only way I am able to successfully import them into the keychain is to use PKCS12 using the function: SecPKCS12Import()
I have been trying hard to get it running using only SecItemAdd(). I used that function for the DER encoded certificate and again for the DER encoded key. But even though the call return with success, querying the keychain afterwards didn't yield a SecIdentityRef.
So I ended up using the OpenSSL PKCS12 implementation. I am very keen on getting rid of my dependency on OpenSSL. I have been looking around for alernative implementations of PKCS12. The only alternative lib I found was hosted in apples open source repo:
https://opensource.apple.com/source/Security/Security-57031.10.10/Security/libsecurity_pkcs12/
Though this is an OS X project that has (i suppose) many dependencies to other modules of the security framework. Before I start looking deeper into this
I was wondering:
Is there any chance for me to run libsecurity_pkcs12 on iOS?
Or better: is there any alternative small footprint PKCS12 library that I am not aware of?
Or even better: has anyone imported x509 + key into the iOS keychain (yielding a SecIdentityRef afterwards) without using PKCS12?
I would like to encrypt a plist file at building time (XCode) and then decrypt it at running time when launching the app. As you can see, the purpose is to encrypt the entire plist file, and not just some text inside it.
I've tried to encrypt this file with a run script and OpenSSL, and decrypt it with RNCryptor for Swift, but I couldn't find a good result.
On the other hand, I've seen some posts talking about OpenSSL vs new Mac OS, and maybe this command is not good enough to encrypt due it's deprecated.
Please any idea about it?
Thanks!!
What's the easiest way to zip and encrypt a file with AES (128 or 256) in a Rails app, so that the zip archive can be opened with WinZip?
Requirements:
Zip archive can be opened by WinZip (so no 7-zip)
Zip archive is encrypted with AES-128 or AES-256 (which WinZip supports)
Gems:
Rubyzip: doesn't support encryption
Zipruby: supports only the traditional/legacy non-AES encryption which is significantly less secure.
Any advice on what I can do here?
Thanks!
Are commercial products out of the question? Chilkat Ruby Zip appears to support WinZip AES. The example code looks pretty temptingly easy.
There also appears to be a Java library available. If you're running in JRuby... Or if you feel like porting!