Initial checkin. Passes tests on Mac and in iPhone simulator.
5 // Created by Jens Alfke on 3/25/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
13 #import <Security/SecKey.h>
17 /** Error domain for CSSM (low-level crypto) errors */
18 extern NSString* const MYCSSMErrorDomain;
21 /** A public key, which can be used for encrypting data and verifying signatures. */
22 @interface MYPublicKey : MYKey <MYEncryption>
24 MYSHA1Digest *_digest;
27 /** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */
28 @property (readonly) MYSHA1Digest *publicKeyDigest;
30 /** Returns the receiver as a MYPublicKey.
31 If the receiver already is a MYPublicKey, this just returns self.
32 If it's a MYKeyPair, it returns a new MYPublicKey containing just the public key. */
33 @property (readonly) MYPublicKey *asPublicKey;
35 /** Encrypts a short piece of data using this key, returning the raw encrypted result.
36 RSA can encrypt only <i>short</i> pieces of data, smaller than the key size in bits; this
37 method will fail and return nil if the data is too long.
38 RSA encryption is also much slower than regular symmetric-key encryption, so the correct
39 way to encrypt a large block of data using a public key is to first generate a random
40 symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the
41 public key, and then encrypt your data with the session key. Send the encrypted session key
42 and the encrypted data. */
43 - (NSData*) encryptData: (NSData*)data;
45 /** Verifies the signature of a block of data. If the result is YES, you can be assured that
46 the signature was generated from the data using this key's matching private key.
47 If the result is NO, something is wrong: either the data or the signature was modified,
48 or the signature was generated by a different private key. */
49 - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;