diff -r 0a6527af039b -r 8982b8fada63 MYPublicKey.h --- a/MYPublicKey.h Sat Apr 04 20:42:03 2009 -0700 +++ b/MYPublicKey.h Tue Apr 07 10:56:58 2009 -0700 @@ -14,13 +14,12 @@ #endif -/** Error domain for CSSM (low-level crypto) errors */ -extern NSString* const MYCSSMErrorDomain; - - -/** A public key, which can be used for encrypting data and verifying signatures. */ +/** A public key, which can be used for encrypting data and verifying signatures. + MYPublicKeys are created as part of generating a MYKeyPair, + or by being imported into a MYKeychain. */ @interface MYPublicKey : MYKey { + @private MYSHA1Digest *_digest; } @@ -33,7 +32,7 @@ @property (readonly) MYPublicKey *asPublicKey; /** Encrypts a short piece of data using this key, returning the raw encrypted result. - RSA can encrypt only short pieces of data, smaller than the key size in bits; this + An RSA key can encrypt only blocks smaller than its own key size; this method will fail and return nil if the data is too long. RSA encryption is also much slower than regular symmetric-key encryption, so the correct way to encrypt a large block of data using a public key is to first generate a random @@ -43,9 +42,10 @@ - (NSData*) encryptData: (NSData*)data; /** Verifies the signature of a block of data. If the result is YES, you can be assured that - the signature was generated from the data using this key's matching private key. + the signature was generated from the data by using this key's matching private key. If the result is NO, something is wrong: either the data or the signature was modified, - or the signature was generated by a different private key. */ + or the signature was generated by a different private key. + (What's actually verified using RSA is the SHA-256 digest of the data.) */ - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data; @end