Re: RSA and libcrypto
Re: RSA and libcrypto
- Subject: Re: RSA and libcrypto
- From: Jean-Daniel Dupas <email@hidden>
- Date: Tue, 14 Jan 2014 18:37:27 +0100
Le 14 janv. 2014 à 18:20, Jens Alfke <email@hidden> a écrit :
>
> On Jan 14, 2014, at 1:19 AM, email@hidden wrote:
>
>> As Jens comments the security APIs are ridiculously opaque.
>> Perhaps this is seen as a necessity in the serious world of crypto - perhaps it is just hard to avoid. However, it is a liability.
>
> Crypto is inevitably sort of complex, but Apple’s to blame for some bad (and downward-trending) API design and poor documentation. Other crypto APIs that I’ve seen are much clearer.
>
>> By comparison libcrypto is pretty straightforward.
>> The only problem with retaining it is the extra complexity involved in integrating the static library build into the project and upgrading the source.
>
> My reservation about using libcrypto would be key storage. The Keychain is a pretty great thing — a secure place to store keys that’s well-integrated into the OS. I don’t know how OpenSSL stores keys, but if it’s using some other mechanism, it’s probably less secure.
>
> This thread should probably move to apple-cdsa (which is the fittingly-obscure name for the security/crypto mailing list.)
>
Just in case it was not mentioned in the thread, SecTransform supports RSA. You can use SecEncryptTransformCreate() with an asymmetric key.
Anyway, the full list of what can be done is demonstrated in the CryptoCompatibility sample code:
https://developer.apple.com/library/mac/samplecode/CryptoCompatibility/Introduction/Intro.html
For each possible action, it provides a way to perform it using CDSA, SecTransform, and iOS specific code.
-- Jean-Daniel
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden