iOS [iPhone SDK] Security

[Duke Leto]

On the iPhone, I want to make a simple application with a textfield. You would input text, and press a button, and it would encrypt it and put the data on another textfield. You could then decrypt the data. For the longest time I have looked and the Certificate, Key, and Trust Services Reference (https://developer.apple.com/iphone/...ce.html#//apple_ref/c/func/SecKeyGeneratePair), but I do not know how exactly encryption works, what exactly an asymmetric pair is, or how to do anything with it.

Also, I need to know if encryption is processor intensive, because that might mean I would need design changes in the long run.

 

[cmaier]

On the iPhone, I want to make a simple application with a textfield. You would input text, and press a button, and it would encrypt it and put the data on another textfield. You could then decrypt the data. For the longest time I have looked and the Certificate, Key, and Trust Services Reference (https://developer.apple.com/iphone/...ce.html#//apple_ref/c/func/SecKeyGeneratePair), but I do not know how exactly encryption works, what exactly an asymmetric pair is, or how to do anything with it.

Also, I need to know if encryption is processor intensive, because that might mean I would need design changes in the long run.

The deal with asymmetric pairs is that there is a "public" key and a "private" key. These are two different keys, but they are mathematically related.

The idea is that you can encrypt things with one of those two keys, and decrypt them with the other. (Alternatively, you can digitally "sign" things with one key, and check the signature's validity with the other).

This is called "asymmetric" or "public-key" cryptography, and is typified by algorithms such as RSA.

The other sort of cryptography, which may be what you are thinking of, is "symmetric" cryptography, which uses only a single key. This is typified by DES. In such systems, both the sender and recipient of a message must know the secret, shared key. This raises difficulties: how do you inform the recipient of the key without being overheard?

Sometimes people use RSA to transmit a DES key.

In any event, you need only generate the keys once. Once you do, you can hard code them into your code; generating the keys is probably more processor intensive than encryption/decryption.

 

[Duke Leto]

In any event, you need only generate the keys once. Once you do, you can hard code them into your code; generating the keys is probably more processor intensive than encryption/decryption.

I think I am starting to understand what you have said, but where do these keys end up?

Would I create the symmetrical pair and put it in a file, to be read later?

Also, when I do encrypt, would I encrypt an NSString object, a char, or some other variable type/class?

Thank you for the quick response and the explanation of keys.

 

[cmaier]

I think I am starting to understand what you have said, but where do these keys end up?

Would I create the symmetrical pair and put it in a file, to be read later?

Also, when I do encrypt, would I encrypt an NSString object, a char, or some other variable type/class?

Thank you for the quick response and the explanation of keys.

I believe you encrypt a c-string (const uint8_t *, actually). You apparently have to also pre-declare a buffer in which to put the result (which presumably has length identical to the input string).

As for the keys, the actual (private) key would presumably be stored in the system keychain (i have to admit i've never tried any of this on iphone). It would be associated with an "identity" with a keychain keyring.

The public key could be stored where you'd like; it's the private key that needs to be secret.

 

[Duke Leto]

I believe you encrypt a c-string (const uint8_t *, actually). You apparently have to also pre-declare a buffer in which to put the result (which presumably has length identical to the input string)./QUOTE]

Since I have never used that data type, is it possible to cast from a char?

Or would declaration look somewhat like this:

const uint8_t *someText = 'some text';

Then I would get the length for the buffer with something similar to:

int length = [someText length];

?

Thank you so much, by the way. I am ready to get my feet a little wet.

 

[cmaier]

I believe you encrypt a c-string (const uint8_t *, actually). You apparently have to also pre-declare a buffer in which to put the result (which presumably has length identical to the input string)./QUOTE]

Since I have never used that data type, is it possible to cast from a char?

Or would declaration look somewhat like this:

const uint8_t *someText = 'some text';

Then I would get the length for the buffer with something similar to:

int length = [someText length];

?

Thank you so much, by the way. I am ready to get my feet a little wet.

You can get the c-string from an NSString, using getCString or UTF8String, which is what I would recommend since you are working with textboxes.

 

[Duke Leto]

One last thing... the SecKeyGeneratePair function uses a CFDictionaryRef as a parameter. What does it need to have in the Dictionary, and how should I go about creating it?

 

[cmaier]

One last thing... the SecKeyGeneratePair function uses a CFDictionaryRef as a parameter. What does it need to have in the Dictionary, and how should I go about creating it?

The dictionary is just a way to pass parameters to the function. You create a dictionary with appropriate key-value pairs and pass in a pointer.

I believe you can just pass a pointer to an NSDitionary instead.

So you'd do something like:

NSMutableDictionary *myDictionary = [[NSMutableDictionary alloc] initWithCapacity:2];

[myDictionary setValue:kSecAttrKeyTypeRSA forKey:kSecAttrKeyType];
[myDictionary setValue:512 forKey:keySecAttrKeySizeInBits];

then pass "myDictionary" as the CFDictionary.

 

[Duke Leto]

Now I'm getting some problems here. I call

int status = SecKeyGeneratePair(myDictionary, &key, &pKey);

and it tells me that I am implicitly declaring that function. It does this for encryption as well..

I also seem to have a problem with the numbers, eg. buffer sizes.

 

[forrestxu]

Now I'm getting some problems here. I call

int status = SecKeyGeneratePair(myDictionary, &key, &pKey);

and it tells me that I am implicitly declaring that function. It does this for encryption as well..

I also seem to have a problem with the numbers, eg. buffer sizes.

I have the same problem as Duke. Whta's the problem?

 

[isabelle]

I had the same problem. I figure out somehow when you 'r using the simulator, the security framework still point to the Mac security framework vs the iphone security framework.

It 's only working when you are using a real device... For it that you must be of course through with your enrollment process and be able to sign your code.

I got that far but now I m stuck! Once I create the key pair I know you have to specify the kSecAttrIsPermanent to true in the dictionary to add both keys to the default keychain but I have no clue as to how to read those keys back from the Keychain in the iphone

 

[phxbbrown]

There's a helpful discussion with a simplified example over at the Apple forums.

Bill