In iOS app, I need to encrypt NSString with RSA Algorithm, I have known public modulus and exponent key.On Android side they have used bouncy castle ApI for RSA Encryption.Can some one help me how to encrypt how can I encrypt NSString with these Public Modulus and Exponent key as could generate similar encryption as in Android.I have looked on many source code available but could not generate the correct encryption.Any help would be highly appreciated.
Modulus key That I have is "117130940722358865944076735715016871148960803304334901248996815419815052552875336322790410991392433604701394608500231884113911915168625416296669114728862690539451024021812353340986348428958506523689933432584403548435474622224828221548841371083486321081622447517054022904372023020885356296462823306439795173749"
Exponent is "65537"
Please help me to encrypt NSString with RSA Encryption.
Being in iOS, you probably need to work without extra libs like OpenSSL. But to do so, you must have some kind of "big numbers" library. I am not using iOS, but a search gives this mention of "huge numbers" library, discussed here: Store and perform operations with huge numbers in iOS
With this library, you need only RSA formulas. Fast search gives this article http://www.linuxjournal.com/article/6695, you don't need to all of it, just scroll down to mention of ModExp - this is an operation you need to encrypt a message when you have key and modulus available.
You can use openSSL for this
https://www.openssl.org/docs/man1.1.0/crypto/RSA_public_encrypt.html
#include <openssl/rsa.h>
int RSA_public_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
Be aware of export compliance though
Using SSL in an iPhone App - Export Compliance
You may be better trying to get the Common Crypto equivalent to work
Related
Is it possible to set up AWS KMS in a way so that it would generate same ciphertext for the same text (e.g. alpha) each time?
And if not, what others cryptographic methods should I use? (it would be great if they have libs for node.js as well)
I have a simple straight question: Can an encrypted PKCS1 RSAPrivateKey be imported into a PKCS11 compatible security module without exposing the private key in the client's memory?
I know that PKCS11 explicitly mentions PKCS8's PrivateKeyInfo as the required private key format in order to import it in through the C_UnwrapKey function.
Any help please!
Whether private key is exposed in the host memory during the unwrapping fully depends on the implementation of your PKCS#11 module.
RSA keys are usually wrapped with symmetric keys (i.e. AES) and sadly many PKCS#11 modules shipped with common smartcards implement symmetric encryption algorithms in software. Unwrapping in such cases consists of two steps:
software based decryption of key material which is stored in the host memory
import of decrypted key material into the device
However there are also PKCS#11 implementations (and devices) that implement symmetric encryption algorithms in hardware and these are capable of performing unwrapping of RSA keys without exposing private key into the host memory.
You can use C_GetMechanismInfo() function to find out whether your PKCS#11 module performs specific algorithm in hardware or not. Just examine the "flags" member of returned CK_MECHANISM_INFO structure for the presence of CKF_HW flag.
Edit: PKCS#1 to PKCS#8 conversion
As far as I know PKCS#11 does not specify any standard method for PKCS#1 key unwrapping or conversion. Also the last time I have worked with Luna SA HSM there was a statement in the documentation that it expects imported key material to be in PKCS#8 format.
You can try to convert PKCS#1 key to PKCS#8 in software, but I am afraid it won't be possible without decryption of private key into the host memory. It is rather easy to convert unencrypted PKCS#1 key to the PKCS#8 one - you just insert PKCS#1 RSAPrivateKey sequence into the PKCS#8 PrivateKeyInfo sequence, specify version, privateKeyAlgorithm and you are done. But to convert encrypted PKCS#1 key (whole RSAPrivateKey sequence is encrypted) you first need to decrypt it, convert it to PKCS#8 PrivateKeyInfo sequence, then encrypt PKCS#8 PrivateKeyInfo sequence, insert encrypted PrivateKeyInfo into EncryptedPrivateKeyInfo sequence and specify encryptionAlgorithm.
Yes, you can! Use the pkcs11-tools --keypairgen option to do so.
e.g.
pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l --pin 648219 --keypairgen --key-type rsa:1024 --id 10
See
http://linux.die.net/man/1/pkcs11-tool
https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM
for more details
I have read the header of CommonCryptor.h, and only I can find kCCAlgorithmAES128
But there are a few answer in SO stating it can, e.g.
AES Encryption for an NSString on the iPhone
Anyone can answer?
You can always use OpenSSL on iPhone, and that does support AES 256.
That being said, kCCAlgorithmAES128 means a block length of 128, not key length. According to this example code (found in this answer) you simply need to use kCCKeySizeAES256 for the keyLength parameter to get support for 256 bit keys.
Recently I discovered a category of NSData (also NSString) which implements AES en-/decryption. Maybe this is helpful to crypt any kind of data:
Adding methods to NSData and NSString using categories to provide AES256 encryption on iOS
But it seems to have an implementation issue, which makes it incompatible with openSSL.
--
Another useful like might be Properly encrypting with AES with CommonCrypto. To support 256 bit keys just change the kCCKeySizeAES128 to 256.
--
Last but not least this tread looks promising: Decode OpenSSL AES256 string in iOS
If you goto http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-36064/CommonCrypto/CommonCryptor.h and search AES256 on the page you will find the key size as 256 ,192,128 so yes it does support AES256 encryption.
Now I want to encrypt or decrypt some data in object-c use DES algorithm ,can somebody give me some suggestion?
First point. AES has replaced DES as the de-facto encrpytion standard, at least for the banking industry.
Second Point: Irrespective of what algo you decide on, this is what you have to do.
Add the Security.framework to your project.
Import the "CommonCrypto/CommonCryptor.h" file. This contains all the interfaces for symmetric encryption.
Using the methods in this class, you can define your encryption algo (AES, DES, etc.), the key size, padding that you want to use, etc.
You have to option of a one-shot API for encryption/decryption (CCCrypt()) or more advanced options if needed.
Hope this helps. Let me know if you need any particular information.
A code sample can be found in How to encrypt an NSString in Objective C with DES in ECB-Mode?
As the referring topic describes, you will have to keep in mind that DES uses a 56-bit (7 bytes) key and 64-bit (8 bytes) blocks.
Although DES is symmetric you will have to decrypt data by providing the kCCDecrypt option to the CCCrypt function.
I am looking for checksum algorithm written in obj-c so that I can validate a ticket(number) and generate 2Dbar code based on validation.
Any ideas on how to achieve this?
Thanks
Sounds like you can use a public-key cryptographic function.
Encrypt with the private key fixed length information, including a number (the real ticket number) and a random salt (to reduce the chance of someone cracking your key), into a fixed length output.
You can then use the public key to decode that output and verify that the information is there.
Here is some Apple sample code that demonstrates the use of cryptographic functions.
For 2D barcode code, you could start by looking at ZXing