Changed the X.509 version number in generated certs from 1 to 3, so that SecCertificateCreateFromData on iPhone will accept them. :-/
5 // Created by Jens Alfke on 4/7/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
10 #import <CommonCrypto/CommonCryptor.h>
11 @class MYPublicKey, MYSHA1Digest, MYIdentity, MYSymmetricKey;
14 /** A private key, used for signing and decrypting data.
15 Always paired with a matching public key in a "key-pair".
16 MYPublicKeys are instantiated by MYKeychain: either by generating a new key-pair, by
17 looking up a key-pair by its attributes, or by importing a key-pair from data. */
18 @interface MYPrivateKey : MYKey
21 MYPublicKey *_publicKey;
24 /** The matching public key. Always non-nil. */
25 @property (readonly) MYPublicKey *publicKey;
27 /** The public key's SHA-1 digest.
28 This is a convenient short (20-byte) identifier for the key pair. You can store it in your
29 application data, and then later look up either key using MYKeychain methods. */
30 @property (readonly) MYSHA1Digest *publicKeyDigest;
33 /** Decrypts data that was encrypted using the public key.
34 See the description of -[MYPublicKey encryptData:] for warnings and caveats.
35 This method is usually used only to decrypt a symmetric session key, which then decrypts the
37 - (NSData*) rawDecryptData: (NSData*)data;
39 /** Generates a signature of data.
40 (What's actually signed using RSA is the SHA-256 digest of the data.)
41 The resulting signature can be verified using the matching MYPublicKey's
42 verifySignature:ofData: method. */
43 - (NSData*) signData: (NSData*)data;
47 * Functionality not available on iPhone.
52 /** Exports the private key as a data blob, so that it can be stored as a backup, or transferred
53 to another computer. Since the key is sensitive, it must be exported in encrypted form
54 using a user-chosen passphrase. This method will display a standard alert panel, run by
55 the Security agent, that prompts the user to enter a new passphrase for encrypting the key.
56 The same passphrase must be re-entered when importing the key from the data blob.
57 (This is a convenient shorthand for the full exportPrivateKeyInFormat... method.
58 It uses OpenSSL format, wrapped with PEM, and a default title and prompt for the alert.) */
59 - (NSData*) exportKey;
61 /** Exports the private key as a data blob, so that it can be stored as a backup, or transferred
62 to another computer. Since the key is sensitive, it must be exported in encrypted form
63 using a user-chosen passphrase. This method will display a standard alert panel, run by
64 the Security agent, that prompts the user to enter a new passphrase for encrypting the key.
65 The same passphrase must be re-entered when importing the key from the data blob.
66 @param format The data format: kSecFormatOpenSSL, kSecFormatSSH, kSecFormatBSAFE or kSecFormatSSHv2.
67 @param withPEM YES if the data should be encoded in PEM format, which converts into short lines
68 of printable ASCII characters, suitable for sending in email.
69 @param alertTitle An optional title for the alert panel. (Currently ignored by the OS?)
70 @param prompt An optional prompt message to display in the alert panel. */
71 - (NSData*) exportKeyInFormat: (SecExternalFormat)format
72 withPEM: (BOOL)withPEM
73 alertTitle: (NSString*)alertTitle
74 alertPrompt: (NSString*)prompt;
76 /** Decrypts a session key that was wrapped (encrypted) using my matching public key.
77 @param wrappedData The wrapped/encrypted session key
78 @param algorithm The algorithm of the original session key
79 @param sizeInBits The key size (in bits) of the original session key
80 @return The reconstituted session key */
81 - (MYSymmetricKey*) unwrapSessionKey: (NSData*)wrappedData
82 withAlgorithm: (CCAlgorithm)algorithm
83 sizeInBits: (unsigned)sizeInBits;