Re: Share and store RSA - public key in java server and vice versa
Re: Share and store RSA - public key in java server and vice versa
- Subject: Re: Share and store RSA - public key in java server and vice versa
- From: Devarshi Kulshreshtha <email@hidden>
- Date: Mon, 19 May 2014 15:36:27 +0530
This is what I am trying to achieve from some days now:
Approach #1:
~ Android End ~
1. Generated public and private key at an android device (using an
openssl wrapper)
2. Got modulus and exponent from the generated public key
~ iOS End ~
3. Generated public key from modulus and exponent, at ios end, using
code specified in this link:
http://stackoverflow.com/a/10643962/217586
4. Converted some sample string to an object of NSData using
NSUTF8StringEncoding
5. Used - wrapSymmetricKey:keyRef: method defined in SecKeyWrapper
class (CryptoExercise example) for encryption, and passed key obtained
from step 3 and data to encrypt obtained from step 4 to it
6. Converted NSData (encrypted data) obtained in previous step to
base64encoded string, shared the same to android guy
~ Android End ~
7. Tried to decrypt the base64encoded string, using related private key
Problem: getting error - too much data for RSA block
Approach #2: (Got to know from this link that -
https://github.com/superwills/iOSRSAPublicKeyEncryption, we are not
supposed to load public keys in iOS from anything other than a
certificate, so tried a different approach)
~ Terminal End ~
1. Generated certificate using openssl commands specified in this url:
http://stackoverflow.com/a/17295321/217586
~ iOS End ~
2. Obtained public key as specified in above url
3. Used below code to encrypt the data:
SecKeyWrapper *secKeyWrapper = [SecKeyWrapper sharedWrapper];
SecKeyRef obtainedPublicKey = [secKeyWrapper
getPublicKeyRefFromDerCertificate:kCertificatePath];
NSData *dataToBeEncrypted = [kStringToBeEncrypted
dataUsingEncoding:NSUTF8StringEncoding];
NSData *encryptedText = [secKeyWrapper
wrapSymmetricKey:dataToBeEncrypted keyRef:obtainedPublicKey];
4. Converted NSData to base64encoded string
~ Terminal End ~
5. Used below command to convert it back to original string:
echo <base 64 encoded string obtained from step 4> | openssl rsautl
-decrypt -inkey rsaPrivate.pem
Problem: getting error - rsa routines:RSA_EAY_PRIVATE_DECRYPT:data
greater than mod
len:/SourceCache/OpenSSL098/OpenSSL098-47.1/src/crypto/rsa/rsa_eay.c
Any suggestions?
On Fri, May 16, 2014 at 10:40 PM, ChanMaxthon <email@hidden> wrote:
> Keychain is okay, I just cannot bear the crypto libraries.
>
> Sent from my iPhone
>
>> On May 17, 2014, at 1:08 AM, Jens Alfke <email@hidden> wrote:
>>
>>
>>> On May 16, 2014, at 12:37 AM, ChanMaxthon <email@hidden> wrote:
>>>
>>> I got fed up by Apple already and found a little BSD-licensed CXX crypto library called Botan. I will either wrap it in Objective-C or rewrite it for my later projects.
>>
>> I’m cautious of ‘alternative’ crypto implementations; there’s a lot of complex math and logic involved that’s easy to get wrong. I want the implementation I use to be as battle-tested as possible.
>>
>> Also, the Keychain is a valuable place to store secrets that, being built into the OS, offers better security than anything you can do on your own or with 3rd party libraries. There’s not really any other good solution for storing keys, short of making the user type in a strong passphrase every time they launch the app. Too bad the Keychain APIs are the worst part of the Security framework :(
>>
>> —Jens
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
--
Thanks,
Devarshi
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden