[iPhone SDK] Security

Discussion in 'iPhone/iPad Programming' started by Duke Leto, May 18, 2008.

  1. macrumors regular

    Joined:
    Mar 17, 2008
    #1
    On the iPhone, I want to make a simple application with a textfield. You would input text, and press a button, and it would encrypt it and put the data on another textfield. You could then decrypt the data. For the longest time I have looked and the Certificate, Key, and Trust Services Reference (https://developer.apple.com/iphone/...ce.html#//apple_ref/c/func/SecKeyGeneratePair), but I do not know how exactly encryption works, what exactly an asymmetric pair is, or how to do anything with it.

    Also, I need to know if encryption is processor intensive, because that might mean I would need design changes in the long run.
     
  2. macrumors G3

    Joined:
    Jul 25, 2007
    Location:
    California
    #2
    The deal with asymmetric pairs is that there is a "public" key and a "private" key. These are two different keys, but they are mathematically related.

    The idea is that you can encrypt things with one of those two keys, and decrypt them with the other. (Alternatively, you can digitally "sign" things with one key, and check the signature's validity with the other).

    This is called "asymmetric" or "public-key" cryptography, and is typified by algorithms such as RSA.

    The other sort of cryptography, which may be what you are thinking of, is "symmetric" cryptography, which uses only a single key. This is typified by DES. In such systems, both the sender and recipient of a message must know the secret, shared key. This raises difficulties: how do you inform the recipient of the key without being overheard?

    Sometimes people use RSA to transmit a DES key.

    In any event, you need only generate the keys once. Once you do, you can hard code them into your code; generating the keys is probably more processor intensive than encryption/decryption.
     
  3. thread starter macrumors regular

    Joined:
    Mar 17, 2008
    #3
    I think I am starting to understand what you have said, but where do these keys end up?

    Would I create the symmetrical pair and put it in a file, to be read later?

    Also, when I do encrypt, would I encrypt an NSString object, a char, or some other variable type/class?

    Thank you for the quick response and the explanation of keys. :)
     
  4. macrumors G3

    Joined:
    Jul 25, 2007
    Location:
    California
    #4
    I believe you encrypt a c-string (const uint8_t *, actually). You apparently have to also pre-declare a buffer in which to put the result (which presumably has length identical to the input string).

    As for the keys, the actual (private) key would presumably be stored in the system keychain (i have to admit i've never tried any of this on iphone). It would be associated with an "identity" with a keychain keyring.

    The public key could be stored where you'd like; it's the private key that needs to be secret.
     
  5. thread starter macrumors regular

    Joined:
    Mar 17, 2008
    #5
     
  6. macrumors G3

    Joined:
    Jul 25, 2007
    Location:
    California
    #6
     
  7. thread starter macrumors regular

    Joined:
    Mar 17, 2008
    #7
    One last thing... the SecKeyGeneratePair function uses a CFDictionaryRef as a parameter. What does it need to have in the Dictionary, and how should I go about creating it?
     
  8. macrumors G3

    Joined:
    Jul 25, 2007
    Location:
    California
    #8
    The dictionary is just a way to pass parameters to the function. You create a dictionary with appropriate key-value pairs and pass in a pointer.

    I believe you can just pass a pointer to an NSDitionary instead.

    So you'd do something like:

    NSMutableDictionary *myDictionary = [[NSMutableDictionary alloc] initWithCapacity:2];

    [myDictionary setValue:kSecAttrKeyTypeRSA forKey:kSecAttrKeyType];
    [myDictionary setValue:512 forKey:keySecAttrKeySizeInBits];

    then pass "myDictionary" as the CFDictionary.
     
  9. thread starter macrumors regular

    Joined:
    Mar 17, 2008
    #9
    Now I'm getting some problems here. I call

    int status = SecKeyGeneratePair(myDictionary, &key, &pKey);

    and it tells me that I am implicitly declaring that function. It does this for encryption as well..

    I also seem to have a problem with the numbers, eg. buffer sizes.
     
  10. macrumors newbie

    Joined:
    May 31, 2008
    #10
    I have the same problem as Duke. Whta's the problem?
     
  11. macrumors newbie

    Joined:
    Jun 6, 2008
    #11
    I had the same problem. I figure out somehow when you 'r using the simulator, the security framework still point to the Mac security framework vs the iphone security framework.

    It 's only working when you are using a real device... For it that you must be of course through with your enrollment process and be able to sign your code.

    I got that far but now I m stuck! Once I create the key pair I know you have to specify the kSecAttrIsPermanent to true in the dictionary to add both keys to the default keychain but I have no clue as to how to read those keys back from the Keychain in the iphone
     
  12. macrumors newbie

    Joined:
    Jun 20, 2008
    Location:
    Phoenix, AZ
    #12
    There's a helpful discussion with a simplified example over at the Apple forums.

    Bill
     

Share This Page