I have an important file saving in my app's document directory. I don't allow other to view its content so I encrypt the file with auto-generated AES key and encrypt this AES key with RSA public key, then save the encrypted AES key to NSUserDefaults.
When using the important file, I will fetch the encrypted AES key and decrypt the AES key with RSA public key, then decrypt the file.
But I don't know where to store the RSA private key, is it safe to write it in my code like NSString *rsaPrivateKey = #"%^^&*(())";, if not, is there a safer solution ?
I know how to generate RSA public and private key using openssl (This link helps me)
Edit:
The important file is only open to the user himself, you can consider it as a photo with some sensitive content and the photo is saved by the user.
In principle you are trying to solve the DRM problem. As long as you cannot trust the runtime system, there is no complete solution. Your best bet is to store keys in system provided containers and hope those are well protected (i.e. the iOS key chain as borrrden already mentioned).
If that fails you can encrypt your RSA key with an AES key generated from some static information within the device. This should be thought of as obfuscation rather than encryption as the key is not really secret. You should probably try and use a standard container format such as PKCS#8 to encrypt the keys.
It is possible to generate RSA keys from a static set of data (using a PRNG to feed this data in the RSA key pair generator) but those kind of schemes are not standardized, very brittle and take an unspecified amount of CPU time, so I would strongly recommend not to take that route.
Related
I'm currently using Azure Key vault .net SDK to encrypt/decrypt some data. Azure SDK for .net has a build-in Class called "CryptographyClient" and it has built-in method for doing that:
CryptographyClient.decrypt and CryptographyClient.encrypt
The key I'm using is a RSA key and algorithm I use is RsaOaep, so I assume it is asymmetric encryption. I followed this article to write my c# code. Basically, I get the public part of the asymmetric key from the key vault first, then use it to create a CryptographyClient.
Usually, for asymmetric encryption, we gonna use the public key to encrypt while the private key is for decryption only. So basically, the private key will never leave the Azure Key Vault (always at the Azure server, is it true?).
Now my question is:
when I call CryptographyClient.encrypt, is it only running on the client-side (my local server)? or will it send my plaintext to Azure server and send back the encrypted text?
when I call CryptographyClient.decrypt, since the private key should never leave Azure and you can only decrypt with private key, is it only running on the Azure server-side? Mean that my local server will need to send the encrypted text to Azure and wait for decryption?
I got a feeling that both of those methods are only happening on the client-side and this is what I want. But then it doesn't make sense for decryption.
Thanks for the clarification as I can't find any MS documentation for this.
Operations that use the public key - if they can download the public get i.e., caller has the "get" permission - will happen on the client. They public key is download and operation performed. If the caller doesn't have the "get" permission on that key, the operation will be performed on the service.
These operations include:
encrypt
verify
wrap
Operations that require the private key will always be performed on the service, unless you created a CryptographyClient from your own JSON web key (JWK) that has both the public and private keys.
These operations include:
*decrypt
*sign
*unwrap
All of the encryption/decryption occurs on the server side since that’s where the private key lives.
The CryptographyClient API is based on REST :
https://learn.microsoft.com/en-us/rest/api/keyvault/keys/encrypt
https://learn.microsoft.com/en-us/rest/api/keyvault/keys/decrypt/decrypt
You can run a Fiddler trace while executing your code to see the server communication.
I want to create Public key from Public key bytes using RSA and x.509 certificate. After that I want to encrypt data with public key, which will decrypt by java program on server side using private key.
I have tried many libraries to get the solution but I got nil output every-time after encryption.
Any help would be greatly appreciated. Thanks!
if you generate key in you ios app, it need to some modification before import outside (non-ios) otherwise it will not work and also if you want to use outsider key in your ios app it also need reduce some byte from key, you can find it on web, for import and export Rsa key I use swiftyRSA ,
https://github.com/TakeScoop/SwiftyRSA
It work fine for me.
I'm trying to rewrite some Java (Android) code in ObjC on the iPhone. The code will do a basic web service call and needs to set some headers with authentication information.
One part of that information is an encrypted hash of the data I am sending over.
The Java version calculates an SHA256 signature using an RSA private key that is generated on the phone. The private key is generated using a seed that I have available.
The (simplified) java code is as follows:
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Signature sig = Signature.getInstance("SHA256WithRSAEncryption");
// I get the private key bytes from an outside source
EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
sig.initSign(keyFactory.generatePrivate(privateKeySpec));
sig.update(/* insert my data here */);
return sig.sign();
Now I'm trying to recreate this in iOS and ObjC. Doing the SHA256 signature calculation is easy, but I don't see how to create a private RSA key easily. I would prefer to use the built-in API's if there are any available, but if I must use a third party library like OpenSSL then I can live with that as well.
Most people (citation needed) elect to go with the third party OpenSSL library, not only because rolling your own crypto is hard, but also because their is a good chance you'll create bad crypto if you're not already experienced with it.
That said, nothing prevents you from writing your own SHA256 hash, in straight C or C++ if you like, although I think you'll find your PRNG options lacking and find yourself spending altogether way too much time on entropy pools and the like.
If you do come across a good SHA256 primitive without all the extra baggage of OpenSSL, I'd love to learn about it too! But so far I haven't seen one.
I have some code that I am using to encrypt and decrypt some strings in an ios application. The code involves the use of CCCrypt. Is there a reliable way to test the validity of a key used without actually storing the key anywhere? From my research it seems as though the only way to come close to telling if the key is valid is by using key lengths and key hashes. Can anyone guide me in the proper direction for this?
Getting to the answer requires a little bit of background about proper encryption. You may know this already, but most people do this wrong so I'm covering it. (If you're encrypting with a password and don't encode at least an HMAC, two salts, and an IV, you're doing it wrong.)
First, you must use an HMAC (see CCHmac()) any time you encrypt with an unauthenticated mode (such as AES-CBC). Otherwise attackers can modify your ciphertext in ways that cause it to decrypt into a different message. See modaes for an example of this attack. An HMAC is a cryptographically secure hash based on a key.
Second, if your are using password-based encryption, you must use a KDF to convert it into a key. The most common is PBKDF2. You cannot just copy password bytes into a key.
Assuming you're using a password this way, you generally generate two keys, one for encryption and one for HMAC.
OK, with those parts in place, you can verify that the password is correct because the HMAC will fail if it isn't. This is how RNCryptor does it.
There are two problems with this simple approach: you have to process the entire file before you can verify the password, and there is no way to detect file corruption vs bad password.
To fix these issues somewhat, you can add a small block of extra data that you HMAC separately. You then verify that small block rather than the whole file. This is basically how aescrypt does it. Specifically, they generate a "real" key for encrypting the entire file, and then encrypt that key with a PBKDF2-generated key and HMAC that separately. Some forms of corruption still look like bad passwords, but it's a little easier to tell them apart this way.
You can store a known value encrypted with the key in your database. validating if the key is correct is then straightforward: you encrypt the known string, and compare it to the encrypted output in the database. If you stick with a single block of data, then you don't have to worry about modes of operation and you can keep it simple.
It is also possible to store a hash of the key, but I would treat the key as a password, and take all the defensive measures you would take in storing a password in your database (e.g. use bcrypt, salt the hash, etc).
If you can't store these values, you can decrypt something where you don't know the actual contents, but perhaps know some properties of the message (e.g. ASCII text, has today's date somewhere in the string, etc) and test the decrypted message for those properties. Then if the decrypted block that doesn't have those properties (e.g. has bytes with MSB set, no instance of the date), you know the key is invalid. There is a possibility of a false positive in this case, but chances are very low.
Generally I agree with Peter Elliott. However, I have couple of additional comments:
a) If keys were randomly generated then storing hashes of the keys are safe
b) You can always attach to encrypted message (if you can control that) a hash of orginial message. In such case, you can decrypt message, get hash of decrypted message and compare it with the hash of original message. If they are eqaul then correct key was used for decryption.
I have an application that stores data locally on the iPhone.
I want to encrypt data so i am confused which method should i use.
I have used Core Data framework in application.
NSFileManager (NSFileProtectionKey), CoreData (NSFileProtectionKey), NSData (NSDataWritingOptions) are the options or is there some other method as well.
Please suggest me something
Thanks
Use the Keychain Service.
But you need to now that to encrypt the data you need a private key or a passphrase.
I would then say, encryption make only sense, when the user needs to authenticate when using your application. Then you could encrypt the data with the entered password.
Here you could AES256 encrypt data with the a PBKDF2 like function for generating a encryption key (thanks to Robert).
But providing a code sample would go to far. Read in yourself! :)
But also know: since iOS 4 the "disk" space is already encrypted with the Device PIN!