snej@0
|
1 |
//
|
snej@0
|
2 |
// MYPublicKey.h
|
snej@0
|
3 |
// MYCrypto
|
snej@0
|
4 |
//
|
snej@0
|
5 |
// Created by Jens Alfke on 3/25/09.
|
snej@0
|
6 |
// Copyright 2009 Jens Alfke. All rights reserved.
|
snej@0
|
7 |
//
|
snej@0
|
8 |
|
snej@0
|
9 |
#import "MYKey.h"
|
jens@26
|
10 |
@class MYSHA1Digest, MYSymmetricKey, MYCertificate;
|
snej@0
|
11 |
|
snej@0
|
12 |
#if !TARGET_OS_IPHONE
|
snej@0
|
13 |
#import <Security/SecKey.h>
|
snej@0
|
14 |
#endif
|
snej@0
|
15 |
|
snej@0
|
16 |
|
snej@1
|
17 |
/** A public key, which can be used for encrypting data and verifying signatures.
|
snej@3
|
18 |
MYPublicKeys are created as part of generating a key-pair,
|
snej@3
|
19 |
or by being imported from data into a MYKeychain. */
|
snej@13
|
20 |
@interface MYPublicKey : MYKey
|
snej@0
|
21 |
{
|
snej@1
|
22 |
@private
|
jens@26
|
23 |
MYSHA1Digest *_digest; // The key's SHA-1 digest (null if not determined yet)
|
jens@26
|
24 |
MYCertificate *_certificate; // The cert this key came from (if any)
|
snej@0
|
25 |
}
|
snej@0
|
26 |
|
snej@0
|
27 |
/** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */
|
snej@0
|
28 |
@property (readonly) MYSHA1Digest *publicKeyDigest;
|
snej@0
|
29 |
|
snej@0
|
30 |
/** Encrypts a short piece of data using this key, returning the raw encrypted result.
|
snej@1
|
31 |
An RSA key can encrypt only blocks smaller than its own key size; this
|
snej@0
|
32 |
method will fail and return nil if the data is too long.
|
snej@0
|
33 |
RSA encryption is also much slower than regular symmetric-key encryption, so the correct
|
snej@0
|
34 |
way to encrypt a large block of data using a public key is to first generate a random
|
snej@0
|
35 |
symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the
|
snej@0
|
36 |
public key, and then encrypt your data with the session key. Send the encrypted session key
|
snej@0
|
37 |
and the encrypted data. */
|
snej@13
|
38 |
- (NSData*) rawEncryptData: (NSData*)data;
|
snej@0
|
39 |
|
snej@0
|
40 |
/** Verifies the signature of a block of data. If the result is YES, you can be assured that
|
snej@1
|
41 |
the signature was generated from the data by using this key's matching private key.
|
snej@0
|
42 |
If the result is NO, something is wrong: either the data or the signature was modified,
|
snej@1
|
43 |
or the signature was generated by a different private key.
|
snej@1
|
44 |
(What's actually verified using RSA is the SHA-256 digest of the data.) */
|
snej@0
|
45 |
- (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;
|
snej@13
|
46 |
|
snej@14
|
47 |
|
snej@14
|
48 |
/** @name Expert
|
snej@14
|
49 |
* Advanced methods.
|
snej@14
|
50 |
*/
|
snej@14
|
51 |
//@{
|
jens@21
|
52 |
|
jens@21
|
53 |
/** Initializes a public key directly from its raw RSA modulus and exponent.
|
jens@21
|
54 |
These numbers must come from an existing key-pair generated by the RSA algorithm;
|
jens@21
|
55 |
you CANNOT just pass in random data and create a working key! (To create a new key pair,
|
jens@21
|
56 |
call -[MYKeychain generateRSAKeyPairOfSize:].)
|
jens@21
|
57 |
@param modulus RSA modulus, a very large integer represented as a blob of big-endian data.
|
jens@21
|
58 |
@param exponent RSA exponent, a prime number, commonly 17 or 65537.
|
jens@21
|
59 |
*/
|
jens@21
|
60 |
- (id) initWithModulus: (NSData*)modulus exponent: (unsigned)exponent;
|
jens@21
|
61 |
|
jens@21
|
62 |
/** Retrieves the raw RSA modulus and exponent, which together uniquely specify the key.
|
jens@21
|
63 |
The length of the modulus is the size, in bits, of the key: for example, a 2048-bit key
|
jens@21
|
64 |
has 256 bytes of modulus data.
|
jens@21
|
65 |
@param outModulus On return, will contain the modulus: a very large positive integer represented
|
jens@21
|
66 |
as a blob of unsigned big-endian data.
|
jens@21
|
67 |
@param outExponent On return, will contain the exponent: a prime number, often 17 or 65537. */
|
jens@21
|
68 |
- (BOOL) getModulus: (NSData**)outModulus exponent: (unsigned*)outExponent;
|
jens@21
|
69 |
|
snej@14
|
70 |
#if !TARGET_OS_IPHONE
|
snej@14
|
71 |
|
snej@13
|
72 |
/** Encrypts a session key using this public key.
|
snej@13
|
73 |
The holder of the private key can then unwrap the session key from this data.
|
snej@13
|
74 |
@param sessionKey The symmetric session key to wrap/encrypt
|
snej@13
|
75 |
@return The encrypted data representing the session key */
|
snej@13
|
76 |
- (NSData*) wrapSessionKey: (MYSymmetricKey*)sessionKey;
|
snej@13
|
77 |
|
snej@14
|
78 |
#endif
|
snej@14
|
79 |
//@}
|
snej@14
|
80 |
|
snej@0
|
81 |
@end
|