1.1 --- a/MYPublicKey.h Sat Apr 04 20:42:03 2009 -0700
1.2 +++ b/MYPublicKey.h Sat Apr 04 22:56:13 2009 -0700
1.3 @@ -14,13 +14,12 @@
1.4 #endif
1.5
1.6
1.7 -/** Error domain for CSSM (low-level crypto) errors */
1.8 -extern NSString* const MYCSSMErrorDomain;
1.9 -
1.10 -
1.11 -/** A public key, which can be used for encrypting data and verifying signatures. */
1.12 +/** A public key, which can be used for encrypting data and verifying signatures.
1.13 + MYPublicKeys are created as part of generating a MYKeyPair,
1.14 + or by being imported into a MYKeychain. */
1.15 @interface MYPublicKey : MYKey <MYEncryption>
1.16 {
1.17 + @private
1.18 MYSHA1Digest *_digest;
1.19 }
1.20
1.21 @@ -33,7 +32,7 @@
1.22 @property (readonly) MYPublicKey *asPublicKey;
1.23
1.24 /** Encrypts a short piece of data using this key, returning the raw encrypted result.
1.25 - RSA can encrypt only <i>short</i> pieces of data, smaller than the key size in bits; this
1.26 + An RSA key can encrypt only blocks smaller than its own key size; this
1.27 method will fail and return nil if the data is too long.
1.28 RSA encryption is also much slower than regular symmetric-key encryption, so the correct
1.29 way to encrypt a large block of data using a public key is to first generate a random
1.30 @@ -43,9 +42,10 @@
1.31 - (NSData*) encryptData: (NSData*)data;
1.32
1.33 /** Verifies the signature of a block of data. If the result is YES, you can be assured that
1.34 - the signature was generated from the data using this key's matching private key.
1.35 + the signature was generated from the data by using this key's matching private key.
1.36 If the result is NO, something is wrong: either the data or the signature was modified,
1.37 - or the signature was generated by a different private key. */
1.38 + or the signature was generated by a different private key.
1.39 + (What's actually verified using RSA is the SHA-256 digest of the data.) */
1.40 - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;
1.41
1.42 @end