I need to import an existing key into my app to use it with RSA encryption, I don't want to generate a new key.
I've read the apple documentation http://developer.apple.com/library/ios/#documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html
But it doesn't seem to provide a way to import an existing PEM private key, it talks about creating them, but not about how to use an existing key.
Is this actually possible? Are there any API or Lib to do this? I don't need this for appstore, so don't be shy with responses if they are against the appstore rules.
Ok I ended up using a version of OpenSSL compiled for iPhone:
https://github.com/x2on/OpenSSL-for-iPhone
Related
I have generated a public/private JWS Key Pair and I need to convert my private key to a .pem file to sign my JWT using RS256 Algorithm.
Is there a solution for this?
I dont mind using like bash scripts etc, I am writing in .NET though if there is a way to do it in the code. Just anything expect an online converter!
FYI, I found a website with a NodeJS script on it and it worked a treat!
https://www.jvt.me/posts/2019/12/10/node-jwk-to-x509-pem/
I need to create a .pfx file starting from the digital signature contained in a smart card.
I have a smart card and I know the key code that allow me to create a .cer file, but not the .pfx. I tried using the "OpenSSL" utility but what I miss is the ".key" file.
How can I generate the .key file knowing the key code of the smart card?
You might be doing something here that you don't really want to do. Creating a certificate (the .cer file you mentioned) is a normal use case with smart cards where you use the smart card to sign that certificate. You don't get the "key file" because that's secured in your smart card.
In typical cryptographic smart cards you cannot export the key as this would invalidate the whole idea of having it physically protected.
PFX file as well as pkcs#12 container both include a certificate and the private key in the same container. And as you most likely cannot export your key from your smart card, what you are asking is not possible.
I am trying to get TortoiseGIT to stop nagging me to enter a password every time. I've generated a public key, I've added that key to GitHub and I've generated the keyfile.
Where do I store the key file?
What other steps am I missing to allow me to not have to enter my password each time?
UPDATE
I would still like to know the answer, but ultimately this solved my problem: http://www.munsplace.com/blog/2012/07/27/saving-username-and-password-with-tortoisegit/
You can use PuTTY Pageant authentication agent and load the private key into it. TortoiseGIT should be able to make use of it.
I solved it using this. Basically, in Windows 8 you can create a file called _netrc which seems to store general passwords.
I have an iOS application, which stores all downloaded *.pdf files in its cache. Is there a way to prevent this data from extracting? Encryption or something else? Thanks in advance.
There are quite a few ways to encrypt files, and I'm sure everyone will have an opinion on the best way to do so.
In a project I've recently been working on, we've been using CommonCrypto (https://github.com/AlanQuatermain/aqtoolkit). Just take any NSData, encrypt it, and save it to a file, and vice versa. You can even write an easy Transformer by subclassing NSValueTransformer, which abstracts all of the encryption to one spot and you will never have to worry about it again.
You can protect PDF files with a password. I assume you create the PDF files not within the application but externally. For example you can use Preview.app in Mac OS X to secure existing PDF files with a password (Hit Cmd-P, then select PDF in the print menu and there you can set security options. Or even more simple: in the menu choose Export...).
In iOS you can then open the PDF files like this:
CGPDFDocumentRef documentRef = CGPDFDocumentCreateWithURL((__bridge CFURLRef)[NSURL fileURLWithPath:filePath]);
if (!CGPDFDocumentIsUnlocked(documentRef))
CGPDFDocumentUnlockWithPassword(documentRef, password);
...
There are actually 2 Documents folders in which your app can store content. One can be extracted, and one is private. Check the accepted answer in this ticket.
Access files in "private Documents" folder transferred with iTunes
Assuming you want the PDF files from getting extracted on jailbroken devices, the most straight forward approach would be along the following lines:
generate a random string during the first launch of the app
save the random string either in NSUserDefaults in state file inside your own app's sandbox
using this random string create a secret key using a deterministic but hard to figure out algorithm
use this secret key, which you don't store anywhere but always generate on demand, symmetrically encrypt your buffer with AES or something similar
You would probably find the source code here very helpful.
On our iOS projects, we commit to the version control repository both the signing certificate and the provisioning profiles used to generate AdHoc and AppStore builds. This way, whenever a new developer downloads a new fresh copy of the app, he has everything he needs to create an AdHoc build for testers.
We are using Jenkins for Continous Integration, and I would like to have a script that does some sanity checks on the commited files. In particular, I'd like to check that the commited provisioning profiles were indeed generated with the signing certificate commited in the repository.
Does anyone know how to do this from the command line? I can't figure out the .mobileprovision file format, although it seems to be a signed binary plist file.
Answering my own question, I hope this helps someone else.
Turns out, the mobileprovision file is a PKCS7 digitally signed message. It is not signed with the developer's certificate, but with Apple's one.
However, the data that's signed is an XML plist that contains the public key of the certificate you use to sign your binaries.
So basically, the steps are as follows:
Extract the data from the PKCS7 file.
Extract the public-key from the p12 file.
Compare the two, and check if they are the same.
I managed to do this easily with Ruby, since it provides nice wrappers to OpenSSL. I left a script in Github, if anyone wants to use.
The relevant parts of the code are as follows:
profile = File.read(#profile_file)
certificate = File.read(#certificate_file)
p7 = OpenSSL::PKCS7.new(profile)
cert = OpenSSL::PKCS12.new(certificate, #certificate_password)
store = OpenSSL::X509::Store.new
p7.verify([], store)
plist = REXML::Document.new(p7.data)
plist.elements.each('/plist/dict/key') do |ele|
if ele.text == "DeveloperCertificates"
keys = ele.next_element
key = keys.get_elements('//array/data')[0].text
profile_cert = "-----BEGIN CERTIFICATE-----" + key.gsub(/\t/, "") + "-----END CERTIFICATE-----\n"
#provisioning_cert = OpenSSL::X509::Certificate.new(profile_cert)
end
end
# Compare #provisioning_cert.to_s and cert.certificate.to_s
Here is a blog entry I found that explains the structure of the .mobileprovision file: .mobileprovision files structure and reading
And thats how csr files are looking like: What is a CSR (Certificate Signing Request)?
I don't think that there is already a working solution out there exactly fitting your needs. That's probably not the answer you were looking for, but I hope that you will find a connection somehow.