I am working on an electronic iphone application.
I am using WSS with XML-Signature to sign requests to the client's SOAP server.
Because the iPhone device cannot be trusted (due to a jailbreak), the client requirement is to manually encrypt the RSA key pair (using AES128) before storing the keys in the key chain.
From what I have found so far, keys are automatically added to the keychain when generated.
So my idea is to retrieve the data later (just like the public key is retrieved in the CryptoExercise example), remove the keys from the key fob, do AES encryption and save it in the keychain as a custom NSData again.
1) Do you see any problems with this?
I read somewhere that to retrieve data or delete a key, you may need some kind of password, although I did not have a password. I will try this later today and post the answer if no response is sent yet.
2) I canβt find if there is a way to use this key without introducing a few more hacks in the code?
It seams, like the SecKeyRawSign method, accepts only the SecKeyRef link, which is a pointer to a key in the keychain. Is there any other way to sign using the NSData key?
The only idea I have at the moment is to use the SecItemAdd method to add an unencrypted key to the key chain before signing and delete it after signing. But I donβt like it, because it will happen all the time, and if the application is closed (crash or something else) before the key is removed from the key fob, it will remain there until it says that the application will be launched next time.
Any idea for a better solution?
considers