i am working on an iphone application which should decrypt a string encrypted by a public key generated by a JAVA program hosted in a remote server.
i was wondering if Iphone SDK Support RSA Encryption. If So how should i proceed to accomplish this task
Look in Docs. You can also try to use openssl for decrypting stuff: http://www.x2on.de/2010/07/13/tutorial-iphone-app-with-compiled-openssl-1-0-0a-library/
Related
We are using Applet previously to get Key Store Certificates installed in client's machine. Now as chrome stops NPAPI, Applet is not working now, so finding some solution using Javascript / jQuery.
I am trying to get the total Certificate List for installs in KeyStore, but I can't find any solutions. Does any one know how to get the full Certificate List using JavaScript or jQuery?
You cannot do that with JavaScript running in the client.
See the following entry of the WebCrypto mailing list:
On Wed, Jun 24, 2015 at 1:50 PM, Jeffrey Walton
wrote:
I see the WebCrypto API will allow discovery of keys
(http://www.w3.org/TR/WebCryptoAPI/):
In addition to operations such as signature generation
and verification, hashing and verification, and encryption
and decryption, the API provides interfaces for key
generation, key derivation, key import and export, and
key discovery.
Certificates have public keys, and they are not as sensitive as private
keys.
Will the WebCrypto API allow discovery/enumeration of certificates?
Examples of what I would like to discover or enumerate (in addition to
the private keys):
Trusted roots
Client certs
Trusted Roots are in the platform's trust store. Client certs may be
in the trust store.
Thanks in advance,
Jeff
There are no plans from Chrome to implement such, on the hopefully obvious and significant privacy grounds.
Client certs contain PII. Trusted certs contain PII and
fingerprinting.
In modern, sandboxed operating systems, such as iOS and Android,
applications cannot enumerate either, as those platform providers
reached the same conclusion.
So no. Never.1
1 For some really long value of never
Get clone of below link https://github.com/scketches/ffPrintCert
install the jpm
npm install jpm --global
Create build for mozilla
jpm xpi
Upload extension in mozilla locally and check
Fire below url in mozilla
about:debugging
Load .xpi file from locally and check.
I wanted to know if there is a way to sign CSR with the Java security library. We are trying to avoid to use Bouncy Castle library. We don't wont any additional dependency in our project.
Our CSR, CA private and pulic key are in PEM format.
Regards,
There is no standard Java API to do that. However, you can use the -certreq option of the keytool utility to create CSRs using private keys stored in a keystore.
How can I detect certificate errors when attempting to access web content hosted on a HTTPS site with a certificate that would generate browser certificate errors or warnings?
It seems that currently the framework does not even send the HTTP request if the communication channel is not secure (i.e. if SSL is not enforced properly [e.g the validation of the certificate’s chain of trust fails])?
Similarly, what would be the best way to enforce certificate pinning?
Cheers
You can write your own PhoneGap Plugin based on the following SO question:
How to pin the Public key of a certificate on iOS
Here's some background on Pinning from the OWASP:
Pinning Cheat Sheet
If you end up writing the plugin, let me know as I'm interested too.
check out this post, which includes a PhoneGap (Build) plugin for certificate pinning, by comparing the server certificate fingerprint with an expected value: http://www.x-services.nl/certificate-pinning-plugin-for-phonegap-to-prevent-man-in-the-middle-attacks/734
The security API's on iOS only seem to cover extracting certain parts of the certificate.
Has anyone used openSSL or asn1c to allow the retrieval of Extensions, Policies etc from the certificate bytes?
Yes, you can use openSSL to parse a certificate, but it is not a easy job, since the lack of openSSL iOS docs.
First, you need the openSSL lib for iOS, and use openSSL to generate x509 cert. Then use the method in the openSSL to try to parse it.
Here is an example of how to extract UPN from a certificate extension (I answered myself). It works fine by now. Other element is similar to fetch.
I need to figure out how to get two OpenSSL functions for iPhone. I'm trying to keep it so I don't need another dylib, because I don't want Apple to reject my application for something so silly.
Anyways, I have an app that access an API, not one of my APIs, so I can't really change it, and also, I don't want anyone to know my public key, or use this specific 'private' api, so I can't just make a PHP script server side, which, would be easier, except that it just won't work out.
I need to be able to use something that will seal a request in OpenSSL, and also encode a public key in OpenSSL. I have the headers, and I can't seem to figure anything out.
Generally, the easiest approach to encryption and decryption on the iPhone is the Security.framework, instead of using OpenSSL directly.
See here:
http://developer.apple.com/iphone/library/DOCUMENTATION/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208-SW9
The example at the bottom (listings 2-8, 2-9 and 2-10) show RSA-1024 key pair creation plus encryption and decryption.
By using a different key, you can control the encryption/decryption method to match the requirements of your server.
You can also compile OpenSSL as a library for iOS. Here is an tutorial from me:
http://www.x2on.de/2010/07/13/tutorial-iphone-app-with-compiled-openssl-1-0-0a-library/
For me I found that implementing the OpenSSL pod from cocoapods was the easiest. No tutorial needed.
Info: http://cocoapods.org/?q=openssl
-> OpenSSL (1.0.1)
OpenSSL is an SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
pod 'OpenSSL', '~> 1.0.1'
- Homepage: http://www.openssl.org/
- Source: https://github.com/endSly/OpenSSL-pod.git
- Versions: 1.0.1, 1.0.0 [master repo]