Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sample code for public key encryption/decryption on Mac?

Tags:

security

macos

openssl

Where can I find some simple sample code for public key encryption and decryption on Mac OS X? I'm frustrated that Apple's "Certificate, Key, and Trust Services Programming Guide" shows how to do this stuff on iOS, but the needed APIs (SecKeyEncrypt, SecKeyDecrypt) are apparently not available on Mac OS X. There's probably a way to do it in "CryptoSample", but it doesn't look clear or simple, and the sample project is too old to open with the current version of Xcode.

like image 979
JWWalker Avatar asked Nov 10 '10 02:11

JWWalker

People also ask

How do I decrypt encrypted files on a Mac?

Disk utility can also be used for decrypting the password-protected hard drive. Here are the steps to proceed with. Step 1: Launch disk utility and select the targeted encrypted drive. Step 2: Now to unlock the drive, select the option of the file, and proceed to Unlock Drive Name.

Can public key encryption be decrypted?

Data encrypted with the public key can only be decrypted with the private key. Because of this use of two keys instead of one, public key cryptography is also known as asymmetric cryptography. It is widely used, especially for TLS/SSL, which makes HTTPS possible.

1 Answers

The Security Framework APIs change rather frequently between Mac OS releases. The best approach depends on what version you target:

  1. If your code only needs to run on 10.7 and above, you can use Security Transforms, a new high-level public API for cryptography transformations. The Security Transforms Programming Guide has useful (and simple!) example code:

https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecTransformPG/SecurityTransformsBasics/SecurityTransformsBasics.html

You'll want to create a transform using SecEncryptTransformCreate or SecDecryptTransformCreate, set its input using SecTransformSetAttribute and execute it with SecTransformExecute.

  1. If you need to support Mac OS 10.6 or below, you must use the low-level and rather scary CDSA APIs. CryptoSample's cdsaEncrypt is a concise example.

https://developer.apple.com/library/archive/samplecode/CryptoSample/Listings/libCdsaCrypt_libCdsaCrypt_cpp.html

You can get a CSSM_CSP_HANDLE and a CSSM_KEY from a SecKeyRef by using SecKeyGetCSPHandle and SecKeyGetCSSMKey, respectively.

To learn more about CDSA, the full specification is available from the Open Group (free, but requires registration):

https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=11287

Good luck!

  1. If the private key was created exportable, you can export it in an unprotected format and use openssl directly. This puts the raw key data directly in the address space of your application, so it defeats one of the primary purposes of the Keychain. Don't do this.

  2. Finally, you can mess around with private functions. Mac OS 10.6 and 10.7 include, but do not publicly declare, SecKeyEncrypt and SecKeyDecrypt, with the same arguments as on iOS. The quick'n'dirty solution is to simply declare and use them (weakly linked, with the usual caveats). This is probably a bad idea to do in code that you plan to distribute to others.

like image 194
Karoy Lorentey Avatar answered Oct 26 '22 06:10

Karoy Lorentey
Sign in to Comment

Related questions

How to secure ajax content
Facebook Javascript SDK security issue?
Security issues I should be aware of with jupyter notebook?
Using innerHTML, and what are security concerns?
Win32: How to use RegisterTypeLib API from standard user
What is the best way to restrict access to a development website?
Sandboxing Java / Groovy / Freemarker Code - Preventing execution of specific methods
Restrict access to .NET assembly?
Secure Python intepreter?
Is there a way to modify a process DACL in C#
Using MS Anti XSS library for sanitizing HTML
Memory randomization as application security enhancement?
Authentication and authorization for RESTfull API (java jersery)
Deploying software on compromised machines
How to design authentication in a thick client, to be fail safe?
Apache Shiro combined with LDAP
Add Signing Time to PKCS7 Signed CMS?
Does my PHP security algorithm effectively store user credentials?
Mercurial - HTTPS or SSH?
canvas getImageData doesn't work when running locally on Windows? (security exception)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!