|
snej@3
|
1 |
//
|
|
snej@3
|
2 |
// MYPrivateKey.h
|
|
snej@3
|
3 |
// MYCrypto
|
|
snej@3
|
4 |
//
|
|
snej@3
|
5 |
// Created by Jens Alfke on 4/7/09.
|
|
snej@3
|
6 |
// Copyright 2009 Jens Alfke. All rights reserved.
|
|
snej@3
|
7 |
//
|
|
snej@3
|
8 |
|
|
snej@3
|
9 |
#import "MYKey.h"
|
|
snej@4
|
10 |
@class MYPublicKey, MYSHA1Digest, MYIdentity;
|
|
snej@3
|
11 |
|
|
snej@3
|
12 |
|
|
snej@3
|
13 |
/** A private key, used for signing and decrypting data.
|
|
snej@3
|
14 |
Always paired with a matching public key in a "key-pair".
|
|
snej@3
|
15 |
MYPublicKeys are instantiated by MYKeychain: either by generating a new key-pair, by
|
|
snej@3
|
16 |
looking up a key-pair by its attributes, or by importing a key-pair from data. */
|
|
snej@3
|
17 |
@interface MYPrivateKey : MYKey <MYDecryption>
|
|
snej@3
|
18 |
{
|
|
snej@3
|
19 |
@private
|
|
snej@3
|
20 |
MYPublicKey *_publicKey;
|
|
snej@3
|
21 |
}
|
|
snej@3
|
22 |
|
|
snej@3
|
23 |
/** The matching public key. Always non-nil. */
|
|
snej@3
|
24 |
@property (readonly) MYPublicKey *publicKey;
|
|
snej@3
|
25 |
|
|
snej@3
|
26 |
/** The public key's SHA-1 digest.
|
|
snej@3
|
27 |
This is a convenient short (20-byte) identifier for the key pair. You can store it in your
|
|
snej@3
|
28 |
application data, and then later look up either key using MYKeychain methods. */
|
|
snej@3
|
29 |
@property (readonly) MYSHA1Digest *publicKeyDigest;
|
|
snej@3
|
30 |
|
|
snej@3
|
31 |
|
|
snej@3
|
32 |
/** Decrypts data that was encrypted using the public key.
|
|
snej@3
|
33 |
See the description of -[MYPublicKey encryptData:] for warnings and caveats.
|
|
snej@3
|
34 |
This method is usually used only to decrypt a symmetric session key, which then decrypts the
|
|
snej@3
|
35 |
rest of the data. */
|
|
snej@3
|
36 |
- (NSData*) decryptData: (NSData*)data;
|
|
snej@3
|
37 |
|
|
snej@3
|
38 |
/** Generates a signature of data.
|
|
snej@3
|
39 |
(What's actually signed using RSA is the SHA-256 digest of the data.)
|
|
snej@3
|
40 |
The resulting signature can be verified using the matching MYPublicKey's
|
|
snej@3
|
41 |
verifySignature:ofData: method. */
|
|
snej@3
|
42 |
- (NSData*) signData: (NSData*)data;
|
|
snej@3
|
43 |
|
|
snej@3
|
44 |
|
|
snej@3
|
45 |
/** @name Mac-Only
|
|
snej@3
|
46 |
* Functionality not available on iPhone.
|
|
snej@3
|
47 |
*/
|
|
snej@3
|
48 |
//@{
|
|
snej@3
|
49 |
#if !TARGET_OS_IPHONE
|
|
snej@3
|
50 |
|
|
snej@4
|
51 |
/** Creates a self-signed identity certificate using this key-pair.
|
|
snej@4
|
52 |
The attributes describe the certificate's metadata, including its expiration date and the
|
|
snej@4
|
53 |
subject's name. Keys for the dictionary are given below; the only mandatory one is
|
|
snej@4
|
54 |
kMYIdentityCommonNameKey. */
|
|
snej@4
|
55 |
- (MYIdentity*) createSelfSignedIdentityWithAttributes: (NSDictionary*)attributes;
|
|
snej@4
|
56 |
|
|
snej@3
|
57 |
/** Exports the private key as a data blob, so that it can be stored as a backup, or transferred
|
|
snej@3
|
58 |
to another computer. Since the key is sensitive, it must be exported in encrypted form
|
|
snej@3
|
59 |
using a user-chosen passphrase. This method will display a standard alert panel, run by
|
|
snej@3
|
60 |
the Security agent, that prompts the user to enter a new passphrase for encrypting the key.
|
|
snej@3
|
61 |
The same passphrase must be re-entered when importing the key from the data blob.
|
|
snej@3
|
62 |
(This is a convenient shorthand for the full exportPrivateKeyInFormat... method.
|
|
snej@3
|
63 |
It uses OpenSSL format, wrapped with PEM, and a default title and prompt for the alert.) */
|
|
snej@3
|
64 |
- (NSData*) exportKey;
|
|
snej@3
|
65 |
|
|
snej@3
|
66 |
/** Exports the private key as a data blob, so that it can be stored as a backup, or transferred
|
|
snej@3
|
67 |
to another computer. Since the key is sensitive, it must be exported in encrypted form
|
|
snej@3
|
68 |
using a user-chosen passphrase. This method will display a standard alert panel, run by
|
|
snej@3
|
69 |
the Security agent, that prompts the user to enter a new passphrase for encrypting the key.
|
|
snej@3
|
70 |
The same passphrase must be re-entered when importing the key from the data blob.
|
|
snej@3
|
71 |
@param format The data format: kSecFormatOpenSSL, kSecFormatSSH, kSecFormatBSAFE or kSecFormatSSHv2.
|
|
snej@3
|
72 |
@param withPEM YES if the data should be encoded in PEM format, which converts into short lines
|
|
snej@3
|
73 |
of printable ASCII characters, suitable for sending in email.
|
|
snej@3
|
74 |
@param alertTitle An optional title for the alert panel. (Currently ignored by the OS?)
|
|
snej@3
|
75 |
@param prompt An optional prompt message to display in the alert panel. */
|
|
snej@3
|
76 |
- (NSData*) exportKeyInFormat: (SecExternalFormat)format
|
|
snej@3
|
77 |
withPEM: (BOOL)withPEM
|
|
snej@3
|
78 |
alertTitle: (NSString*)alertTitle
|
|
snej@3
|
79 |
alertPrompt: (NSString*)prompt;
|
|
snej@3
|
80 |
#endif
|
|
snej@3
|
81 |
//@}
|
|
snej@3
|
82 |
|
|
snej@3
|
83 |
@end
|
|
snej@4
|
84 |
|
|
snej@4
|
85 |
|
|
snej@4
|
86 |
/* Attribute keys for creating identities: */
|
|
snej@4
|
87 |
#define kMYIdentityCommonNameKey @"Common Name" // NSString. Required!
|
|
snej@4
|
88 |
#define kMYIdentityGivenNameKey @"Given Name"
|
|
snej@4
|
89 |
#define kMYIdentitySurnameKey @"Surname"
|
|
snej@4
|
90 |
#define kMYIdentityDescriptionKey @"Description"
|
|
snej@4
|
91 |
#define kMYIdentityEmailAddressKey @"Email Address"
|
|
snej@4
|
92 |
#define kMYIdentityValidFromKey @"Valid From" // NSDate. Defaults to the current date/time
|
|
snej@4
|
93 |
#define kMYIdentityValidToKey @"Valid To" // NSDate. Defaults to one year from ValidFrom
|
|
snej@4
|
94 |
#define kMYIdentitySerialNumberKey @"Serial Number" // NSNumber. Defaults to 1
|