Geek Answers Handbook

Public Key Encryption / Decryption Code Example on Mac?

Where can I find a simple example of public key encryption and decryption code on Mac OS X? I'm upset that Apple's “Certificate, Key, and Trust Services Programming Guide” shows how to do this on iOS, but the required APIs ( SecKeyEncrypt , SecKeyDecrypt ) are apparently not available on Mac OS X. Perhaps a way to do this in "CryptoSample", but it doesn't look clear or simple, and the sample project is too old to open the current version of Xcode.

+6
security openssl macos
source share
3 answers

Security Framework APIs change quite often between Mac OS releases. The best approach depends on the version you are aiming for:

  • If your code only needs to run 10.7 and higher, you can use Security Transforms, the new high-level public API for cryptographic transformations. The Security Programming Guide has a useful (and simple!) Sample code:

    http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecTransformPG/SecurityTransformsBasics/SecurityTransformsBasics.html

    You will want to create a transformation using SecEncryptTransformCreate or SecDecryptTransformCreate , set its input using SecTransformSetAttribute and execute it using SecTransformExecute .

  • If you need to support Mac OS 10.6 or lower, you should use the low-level and rather scary CDSA APIs. CryptoSample cdsaEncrypt is a cdsaEncrypt example.

    http://developer.apple.com/library/mac/#samplecode/CryptoSample/Listings/libCdsaCrypt_libCdsaCrypt_cpp.html

    You can get CSSM_CSP_HANDLE and CSSM_KEY from SecKeyRef using SecKeyGetCSPHandle and SecKeyGetCSSMKey respectively.

    To learn more about CDSA, the full specification is available in the Open Group (free, but requires registration):

    https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=11287

    Good luck

  • If the private key was created with the ability to export, you can export it to an insecure format and use openssl directly. This puts the raw key data directly into the address space of your application, so it defeats one of Keychain's main goals. Do not do this.

  • Finally, you can communicate with private functions. Mac OS 10.6 and 10.7 include, but do not publicly announce, SecKeyEncrypt and SecKeyDecrypt , with the same arguments as on iOS. A quick, dirty solution is to simply declare and use them (loosely coupled, with the usual caveats). This is probably a bad idea to do in code that you plan to distribute to others.

+6
source share

There, decryption of data using the public key is implemented at: https://github.com/karstenBriksoft/CSSMPublicKeyDecrypt . Security.framework does not have a public API for this kind of function, so CSSM must be used directly, even if it is deprecated. For public key encryption, just use SecEncryptTransformCreate, but for public key decryption you need to use the CSSMPublicKeyDecrypt class.

+4
source share

Mac OS X contains OpenSSL in libcrypto. The CommonCrypto framework is apparently derived from SSLeay, the predecessor of OpenSSL.

+1
source share

More articles:


All Articles