1.1 --- a/MYKeyPair.h	Sat Apr 04 20:42:03 2009 -0700
     1.2 +++ b/MYKeyPair.h	Sat Apr 04 22:56:13 2009 -0700
     1.3 @@ -10,15 +10,49 @@
     1.4  
     1.5  
     1.6  /** A key-pair consisting of a public and a private key.
     1.7 -    Can be used for signing and decrypting, as well as the inherited encrypting/verifying. */
     1.8 +    Can be used for signing and decrypting, as well as the inherited encrypting/verifying.
     1.9 +    Instances are generated by MYKeychain objects. */
    1.10  @interface MYKeyPair : MYPublicKey <MYDecryption>
    1.11  {
    1.12 +    @private
    1.13      SecKeyRef _privateKey;
    1.14  }
    1.15  
    1.16 +/** Decrypts data that was encrypted using the public key.
    1.17 +    See the description of -[MYPublicKey encryptData:] for warnings and caveats.
    1.18 +    This method is usually used only to decrypt a symmetric session key, which then decrypts the
    1.19 +    rest of the data. */
    1.20 +- (NSData*) decryptData: (NSData*)data;
    1.21 +
    1.22 +/** Generates a signature of data, using the private key.
    1.23 +    (What's actually signed using RSA is the SHA-256 digest of the data.)
    1.24 +    The resulting signature can be verified using the matching MYPublicKey's
    1.25 +    verifySignature:ofData: method. */
    1.26 +- (NSData*) signData: (NSData*)data;
    1.27 +
    1.28 +#if !TARGET_OS_IPHONE
    1.29 +/** Exports the private key as a data blob, so that it can be stored as a backup, or transferred
    1.30 +    to another computer. Since the key is sensitive, it must be exported in encrypted form
    1.31 +    using a user-chosen passphrase. This method will display a standard alert panel, run by
    1.32 +    the Security agent, that prompts the user to enter a new passphrase for encrypting the key.
    1.33 +    The same passphrase must be re-entered when importing the key from the data blob.
    1.34 +    (This is a convenient shorthand for the full exportPrivateKeyInFormat... method.
    1.35 +    It uses OpenSSL format, wrapped with PEM, and a default title and prompt for the alert.) */
    1.36 +- (NSData*) exportPrivateKey;
    1.37 +#endif
    1.38 +
    1.39 +@end
    1.40 +
    1.41 +
    1.42 +
    1.43 +@interface MYKeyPair (Expert)
    1.44 +
    1.45  /** Creates a MYKeyPair object from existing Keychain key references. */
    1.46  - (id) initWithPublicKeyRef: (SecKeyRef)publicKey privateKeyRef: (SecKeyRef)privateKey;
    1.47  
    1.48 +/** The underlying Keychain key reference for the private key. */
    1.49 +@property (readonly) SecKeyRef privateKeyRef;
    1.50 +
    1.51  #if !TARGET_OS_IPHONE
    1.52  /** Exports the private key as a data blob, so that it can be stored as a backup, or transferred
    1.53      to another computer. Since the key is sensitive, it must be exported in encrypted form
    1.54 @@ -34,21 +68,6 @@
    1.55                               withPEM: (BOOL)withPEM
    1.56                            alertTitle: (NSString*)title
    1.57                           alertPrompt: (NSString*)prompt;
    1.58 -
    1.59 -/** A convenient shorthand for the full exportPrivateKeyInFormat... method.
    1.60 -    Uses OpenSSL format, wrapped with PEM, and default title and prompt for the alert. */
    1.61 -- (NSData*) exportPrivateKey;
    1.62  #endif
    1.63  
    1.64 -/** The underlying Keychain key reference for the private key. */
    1.65 -@property (readonly) SecKeyRef privateKeyRef;
    1.66 -
    1.67 -/** Decrypts data that was encrypted using the public key. */
    1.68 -- (NSData*) decryptData: (NSData*)data;
    1.69 -
    1.70 -/** Generates a signature of data, using the private key.
    1.71 -    The resulting signature can be verified using the matching MYPublicKey's
    1.72 -    verifySignature:ofData: method. */
    1.73 -- (NSData*) signData: (NSData*)data;
    1.74 -
    1.75  @end