|
snej@0
|
1 |
//
|
|
snej@0
|
2 |
// MYPublicKey.h
|
|
snej@0
|
3 |
// MYCrypto
|
|
snej@0
|
4 |
//
|
|
snej@0
|
5 |
// Created by Jens Alfke on 3/25/09.
|
|
snej@0
|
6 |
// Copyright 2009 Jens Alfke. All rights reserved.
|
|
snej@0
|
7 |
//
|
|
snej@0
|
8 |
|
|
snej@0
|
9 |
#import "MYKey.h"
|
|
snej@13
|
10 |
@class MYSHA1Digest, MYSymmetricKey;
|
|
snej@0
|
11 |
|
|
snej@0
|
12 |
#if !TARGET_OS_IPHONE
|
|
snej@0
|
13 |
#import <Security/SecKey.h>
|
|
snej@0
|
14 |
#endif
|
|
snej@0
|
15 |
|
|
snej@0
|
16 |
|
|
snej@1
|
17 |
/** A public key, which can be used for encrypting data and verifying signatures.
|
|
snej@3
|
18 |
MYPublicKeys are created as part of generating a key-pair,
|
|
snej@3
|
19 |
or by being imported from data into a MYKeychain. */
|
|
snej@13
|
20 |
@interface MYPublicKey : MYKey
|
|
snej@0
|
21 |
{
|
|
snej@1
|
22 |
@private
|
|
snej@0
|
23 |
MYSHA1Digest *_digest;
|
|
snej@0
|
24 |
}
|
|
snej@0
|
25 |
|
|
snej@0
|
26 |
/** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */
|
|
snej@0
|
27 |
@property (readonly) MYSHA1Digest *publicKeyDigest;
|
|
snej@0
|
28 |
|
|
snej@0
|
29 |
/** Encrypts a short piece of data using this key, returning the raw encrypted result.
|
|
snej@1
|
30 |
An RSA key can encrypt only blocks smaller than its own key size; this
|
|
snej@0
|
31 |
method will fail and return nil if the data is too long.
|
|
snej@0
|
32 |
RSA encryption is also much slower than regular symmetric-key encryption, so the correct
|
|
snej@0
|
33 |
way to encrypt a large block of data using a public key is to first generate a random
|
|
snej@0
|
34 |
symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the
|
|
snej@0
|
35 |
public key, and then encrypt your data with the session key. Send the encrypted session key
|
|
snej@0
|
36 |
and the encrypted data. */
|
|
snej@13
|
37 |
- (NSData*) rawEncryptData: (NSData*)data;
|
|
snej@0
|
38 |
|
|
snej@0
|
39 |
/** Verifies the signature of a block of data. If the result is YES, you can be assured that
|
|
snej@1
|
40 |
the signature was generated from the data by using this key's matching private key.
|
|
snej@0
|
41 |
If the result is NO, something is wrong: either the data or the signature was modified,
|
|
snej@1
|
42 |
or the signature was generated by a different private key.
|
|
snej@1
|
43 |
(What's actually verified using RSA is the SHA-256 digest of the data.) */
|
|
snej@0
|
44 |
- (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;
|
|
snej@13
|
45 |
|
|
snej@14
|
46 |
|
|
snej@14
|
47 |
/** @name Expert
|
|
snej@14
|
48 |
* Advanced methods.
|
|
snej@14
|
49 |
*/
|
|
snej@14
|
50 |
//@{
|
|
snej@14
|
51 |
#if !TARGET_OS_IPHONE
|
|
snej@14
|
52 |
|
|
snej@13
|
53 |
/** Encrypts a session key using this public key.
|
|
snej@13
|
54 |
The holder of the private key can then unwrap the session key from this data.
|
|
snej@13
|
55 |
@param sessionKey The symmetric session key to wrap/encrypt
|
|
snej@13
|
56 |
@return The encrypted data representing the session key */
|
|
snej@13
|
57 |
- (NSData*) wrapSessionKey: (MYSymmetricKey*)sessionKey;
|
|
snej@13
|
58 |
|
|
snej@14
|
59 |
#endif
|
|
snej@14
|
60 |
//@}
|
|
snej@14
|
61 |
|
|
snej@0
|
62 |
@end
|