MercurialMYCrypto / file revision
summary | shortlog | changelog | graph | tags | branches | files | changeset | file | latest | revisions | annotate | diff | raw
MYPublicKey.h
author Jens Alfke <jens@mooseyard.com>
Thu Jun 04 18:36:30 2009 -0700 (2009-06-04)
changeset 19 f6c91b9da05b
parent 13 6fd9177eb6da
child 21 2c300b15b381
permissions -rw-r--r--
Whew! MYParsedCertificate can now generate certs from scratch. Also added improvements and fixes to the BER/DER codecs. 
     1 //

     2 //  MYPublicKey.h

     3 //  MYCrypto

     4 //

     5 //  Created by Jens Alfke on 3/25/09.

     6 //  Copyright 2009 Jens Alfke. All rights reserved.

     7 //

     8 

     9 #import "MYKey.h"

    10 @class MYSHA1Digest, MYSymmetricKey;

    11 

    12 #if !TARGET_OS_IPHONE

    13 #import <Security/SecKey.h>

    14 #endif

    15 

    16 

    17 /** A public key, which can be used for encrypting data and verifying signatures.

    18     MYPublicKeys are created as part of generating a key-pair, 

    19     or by being imported from data into a MYKeychain. */

    20 @interface MYPublicKey : MYKey

    21 {

    22     @private

    23     MYSHA1Digest *_digest;

    24 }

    25 

    26 /** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */

    27 @property (readonly) MYSHA1Digest *publicKeyDigest;

    28 

    29 /** Encrypts a short piece of data using this key, returning the raw encrypted result.

    30     An RSA key can encrypt only blocks smaller than its own key size; this

    31     method will fail and return nil if the data is too long.

    32     RSA encryption is also much slower than regular symmetric-key encryption, so the correct

    33     way to encrypt a large block of data using a public key is to first generate a random

    34     symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the 

    35     public key, and then encrypt your data with the session key. Send the encrypted session key

    36     and the encrypted data. */

    37 - (NSData*) rawEncryptData: (NSData*)data;

    38 

    39 /** Verifies the signature of a block of data. If the result is YES, you can be assured that

    40     the signature was generated from the data by using this key's matching private key.

    41     If the result is NO, something is wrong: either the data or the signature was modified,

    42     or the signature was generated by a different private key.

    43     (What's actually verified using RSA is the SHA-256 digest of the data.) */

    44 - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;

    45 

    46 

    47 /** @name Expert

    48  *  Advanced methods. 

    49  */

    50 //@{

    51 #if !TARGET_OS_IPHONE

    52 

    53 /** Encrypts a session key using this public key. 

    54     The holder of the private key can then unwrap the session key from this data.

    55     @param sessionKey  The symmetric session key to wrap/encrypt

    56     @return  The encrypted data representing the session key */

    57 - (NSData*) wrapSessionKey: (MYSymmetricKey*)sessionKey;

    58 

    59 #endif

    60 //@}

    61 

    62 @end
MYCrypto