snej@0: //
snej@0: //  MYPublicKey.h
snej@0: //  MYCrypto
snej@0: //
snej@0: //  Created by Jens Alfke on 3/25/09.
snej@0: //  Copyright 2009 Jens Alfke. All rights reserved.
snej@0: //
snej@0: 
snej@0: #import "MYKey.h"
snej@0: @class MYSHA1Digest;
snej@0: 
snej@0: #if !TARGET_OS_IPHONE
snej@0: #import <Security/SecKey.h>
snej@0: #endif
snej@0: 
snej@0: 
snej@1: /** A public key, which can be used for encrypting data and verifying signatures.
snej@3:     MYPublicKeys are created as part of generating a key-pair, 
snej@3:     or by being imported from data into a MYKeychain. */
snej@0: @interface MYPublicKey : MYKey <MYEncryption>
snej@0: {
snej@1:     @private
snej@0:     MYSHA1Digest *_digest;
snej@0: }
snej@0: 
snej@0: /** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */
snej@0: @property (readonly) MYSHA1Digest *publicKeyDigest;
snej@0: 
snej@0: /** Encrypts a short piece of data using this key, returning the raw encrypted result.
snej@1:     An RSA key can encrypt only blocks smaller than its own key size; this
snej@0:     method will fail and return nil if the data is too long.
snej@0:     RSA encryption is also much slower than regular symmetric-key encryption, so the correct
snej@0:     way to encrypt a large block of data using a public key is to first generate a random
snej@0:     symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the 
snej@0:     public key, and then encrypt your data with the session key. Send the encrypted session key
snej@0:     and the encrypted data. */
snej@0: - (NSData*) encryptData: (NSData*)data;
snej@0: 
snej@0: /** Verifies the signature of a block of data. If the result is YES, you can be assured that
snej@1:     the signature was generated from the data by using this key's matching private key.
snej@0:     If the result is NO, something is wrong: either the data or the signature was modified,
snej@1:     or the signature was generated by a different private key.
snej@1:     (What's actually verified using RSA is the SHA-256 digest of the data.) */
snej@0: - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data;
snej@0:     
snej@0: @end