Working on export/import of symmetric keys, and passphrase entry. Not ready for release quite yet.
5 // Created by Jens Alfke on 4/2/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
10 #import <CommonCrypto/CommonCryptor.h>
13 @interface MYSymmetricKey : MYKey <MYEncryption, MYDecryption>
15 #if !MYCRYPTO_USE_IPHONE_API
16 CSSM_KEY *_ownedCSSMKey;
20 /** Initializes a symmetric key from the given key data and algorithm. */
21 - (id) initWithKeyData: (NSData*)keyData
22 algorithm: (CCAlgorithm)algorithm;
24 /** Randomly generates a new symmetric key, using the given algorithm and key-size in bits.
25 The key is not added to any keychain; if you want to keep the key persistently, use
26 the method of the same name in the MYKeychain class. */
27 + (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits
28 algorithm: (CCAlgorithm)algorithm;
30 /** Converts a passphrase into a symmetric key.
31 The same passphrase (and salt) will always return the same key, so you can use this method
32 to encrypt and decrypt data using a user-entered passphrase, without having to store the key
33 itself in the keychain.
34 @param alertTitle A title for the alert (this seems to be ignored by the OS).
35 @param prompt A prompt string displayed in the alert.
36 @param creating Is a new passphrase being created? If YES, the user will have to enter the
37 passphrase twice, to check for errors, and the nifty passphrase-strength meter will be
38 displayed. If NO, there's only one text-field, and an option to display its contents in
40 @param salt An arbitrary value whose data will be mixed in with the passphrase before
41 hashing, to perturb the resulting bits. The purpose of this is to make it harder for
42 an attacker to brute-force the key using a precompiled list of digests of common
43 passwords. Changing the salt changes the key, so you need to pass the same value when
44 re-deriving the key as you did when first generating it. */
45 + (MYSymmetricKey*) generateFromUserPassphraseWithAlertTitle: (NSString*)alertTitle
46 alertPrompt: (NSString*)prompt
47 creating: (BOOL)creating
50 /** The key's algorithm. */
51 @property (readonly) CCAlgorithm algorithm;
53 /** The key's size/length, in bits. */
54 @property (readonly) unsigned keySizeInBits;
57 /** A utility that prompts for a passphrase, using the Security agent's nice modal panel,
58 and returns the raw passphrase as a string.
59 @param alertTitle A title for the alert (this seems to be ignored by the OS).
60 @param prompt A prompt string displayed in the alert.
61 @param creating Is a new passphrase being created?
62 (See description in +generateFromUserPassphrase... method.) */
63 + (NSString*) promptForPassphraseWithAlertTitle: (NSString*)alertTitle
64 alertPrompt: (NSString*)prompt
65 creating: (BOOL)creating;