|
snej@0
|
1 |
//
|
|
snej@0
|
2 |
// MYPublicKey.h
|
|
snej@0
|
3 |
// MYCrypto
|
|
snej@0
|
4 |
//
|
|
snej@0
|
5 |
// Created by Jens Alfke on 3/25/09.
|
|
snej@0
|
6 |
// Copyright 2009 Jens Alfke. All rights reserved.
|
|
snej@0
|
7 |
//
|
|
snej@0
|
8 |
|
|
snej@0
|
9 |
#import "MYKey.h"
|
|
snej@0
|
10 |
@class MYSHA1Digest;
|
|
snej@0
|
11 |
|
|
snej@0
|
12 |
#if !TARGET_OS_IPHONE
|
|
snej@0
|
13 |
#import <Security/SecKey.h>
|
|
snej@0
|
14 |
#endif
|
|
snej@0
|
15 |
|
|
snej@0
|
16 |
|
|
snej@1
|
17 |
/** A public key, which can be used for encrypting data and verifying signatures.
|
|
snej@1
|
18 |
MYPublicKeys are created as part of generating a MYKeyPair,
|
|
snej@1
|
19 |
or by being imported into a MYKeychain. */
|
|
snej@0
|
20 |
@interface MYPublicKey : MYKey <MYEncryption>
|
|
snej@0
|
21 |
{
|
|
snej@1
|
22 |
@private
|
|
snej@0
|
23 |
MYSHA1Digest *_digest;
|
|
snej@0
|
24 |
}
|
|
snej@0
|
25 |
|
|
snej@0
|
26 |
/** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */
|
|
snej@0
|
27 |
@property (readonly) MYSHA1Digest *publicKeyDigest;
|
|
snej@0
|
28 |
|
|
snej@0
|
29 |
/** Returns the receiver as a MYPublicKey.
|
|
snej@0
|
30 |
If the receiver already is a MYPublicKey, this just returns self.
|
|
snej@0
|
31 |
If it's a MYKeyPair, it returns a new MYPublicKey containing just the public key. */
|
|
snej@0
|
32 |
@property (readonly) MYPublicKey *asPublicKey;
|
|
snej@0
|
33 |
|
|
snej@0
|
34 |
/** Encrypts a short piece of data using this key, returning the raw encrypted result.
|
|
snej@1
|
35 |
An RSA key can encrypt only blocks smaller than its own key size; this
|
|
snej@0
|
36 |
method will fail and return nil if the data is too long.
|
|
snej@0
|
37 |
RSA encryption is also much slower than regular symmetric-key encryption, so the correct
|
|
snej@0
|
38 |
way to encrypt a large block of data using a public key is to first generate a random
|
|
snej@0
|
39 |
symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the
|
|
snej@0
|
40 |
public key, and then encrypt your data with the session key. Send the encrypted session key
|
|
snej@0
|
41 |
and the encrypted data. */
|
|
snej@0
|
42 |
- (NSData*) encryptData: (NSData*)data;
|
|
snej@0
|
43 |
|
|
snej@0
|
44 |
/** Verifies the signature of a block of data. If the result is YES, you can be assured that
|
|
snej@1
|
45 |
the signature was generated from the data by using this key's matching private key.
|
|
snej@0
|
46 |
If the result is NO, something is wrong: either the data or the signature was modified,
|
|
snej@1
|
47 |
or the signature was generated by a different private key.
|
|
snej@1
|
48 |
(What's actually verified using RSA is the SHA-256 digest of the data.) */
|
|
snej@0
|
49 |
- (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;
|
|
snej@0
|
50 |
|
|
snej@0
|
51 |
@end
|