Hey there,

I've been using your swcrypt code in my app. Its very useful, so thank you very much. Its the only one that seems to include both pub key and symmetric algs together, without forcing me to use the keychain (like Heimdall does).

However I was signing some data and found that the signature kept failing.

Your doc says:

        let sign = try? CC.RSA.sign(testMessage, derKey: privKey, padding: .pss,  digest: .sha256, saltLen: 16)

         let verified = try? CC.RSA.verify(testMessage, derKey: pubKey, padding: .pss, digest: .sha256, saltLen: 16, signedData: sign!)

which kind of implies that you pass the message data in to the sign and verify function. But I found it fails with more than about 100 bytes. Looking at your code for sign, the first parameter is actually:

        func sign(hash: NSData, derKey: NSData...

It seems that the code is actually used to sign a hash rather than to sign raw data. Do your sample code probably should be something like this:(from my unit tests)

        let data = randomLargeData(10240)

        let hash = CC.digest(data, alg: .sha256)

        let sign = try? CC.RSA.sign(hash, derKey: privateKey, padding: .pkcs1,
                                    digest: .sha256)

        XCTAssertNotNil(sign, "Failed to sign")

        let verified = try? CC.RSA.verify(hash, derKey: publicKey, padding: .pkcs1, digest: .sha256, signedData: sign!)

        XCTAssertNotNil(verified, "Failed to calculate verification")

        XCTAssertTrue(verified!, "Failed to verify")

This raises a question... why are we passing a digest name to the signing function? Is it required? The call to CCRSACryptorSign does seem to require it, but why? Does the digest passed in to sign() need to be the same as the digest used to hash the message?

Also... note that your doc indicates "padding: .pss". That doesn't exist.
lastly the saltLen parameter is no longer used.

Again... thanks for the library.

Upon inspection of the code I saw that quite some CommonCrypto-function are used that aren't in the official CommonCrypto-headers.

It is especially the Diffie-Hellmann stuff I am interested in.

Has somebody used these recently in AppStore released apps?

Hi there,

I'm preferring this lib for doing my RSA Private key encryption by calling this method:
SwKeyConvert.PrivateKey.encryptPEM(privateKeyPEM,...)
and share the result with web js which using forge js to decrypt and vice versa. But unfortunately, it always runs into an issue PKCS8.PrivateKey.hasCorrectHeader badPassphrase in swift and Only 8, 16, 24, or 32 bits supported: 200 in JS that causes decryption getting failed.
Note: The encrypted result format is the same between 2 sides:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,176B126DA24E0AF336D4C4753761DF17

3IeIljjYUL6qWWoFjGerepDPuZdN0WoMCm7smNXII2fy0xfMEXekrYvsz6KajQ7l
xxxxxxxxxxxxxx
UIdsADuuCrk2IFyDwBt3zCX4Zy12QqgbsNmaDcubo1DbwrWeKKjYka7Za85hb4Ua
-----END RSA PRIVATE KEY-----

Is there any idea to make this encryption working on both these sides?
Thanks.

I've been using the this package with great success under Vapor & Xcode producing Server Side services. Now that I am trying to move it to a docker container under linux I am getting a number of build errors that I never had before.

Has anyone got this running on swift under linux and a docker container? (Using Swift 4.2, Vapor 3.1)

This issue can be reproduced by calling CC.available() on an actual iPhone device.
SwCrypt version: 5.0.1 and newer

now,I have a two file (public.cer, private.p12), and private.p12 have a password.
How can I do with the Swcrypt?

After I try to generate PKCS1PEM, how do I generate ssh-rsa? Thank you very much!

Hi @soyersoyer, first of all: great work, I really appreciate!
So happy to find you repo, I was wasting endless hours till I found you :)

My problem is getting the shared secret for a elliptic curve - diffie-hellman - key agreement
I have the public key from a server

let serverPublicKeyString = """
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzgg42Iyyx+DZs4vql5tb/zmrF0zFnnfXOsBvmr+Q7MjXViCAiwgaxrNpGn3pN5f67qY3r7p+qUO6sVakjT82cg==
-----END PUBLIC KEY-----
"""

I created my own key pair in the app using:
let clientKeys = try! CC.EC.generateKeyPair(256)

I created a data object from the server public key string:
let serverKeyData = try! SwKeyConvert.PublicKey.pemToPKCS8DER(serverPublicKeyString)

But I can't figure why I don't get a shared secret through
let shared = try? CC.EC.computeSharedSecret(clientKeys.0, publicKey: serverKeyData)
Error: [generateKeyPair(_:)] SwCrypt.CC.CCError: paramError (-4300)

What I know about the server public key:

• Created in Java ECGenParameterSpec("secp256r1")
• Exported as base64. I added -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- myself in the iOS client

Am I missing a step? Looking forward to hear from you and once again: I really appreciate your great work!

Cheers
Nick

I have tried to use the way invoke swift code from object-c, but as RSA is an inner class, seems not easy to make it work. Does anyone has any idea?
What I really like is the function of RSA public/private key generation.

Hi @soyersoyer,

The API i am working with wants a string of the hashed message.

So I am using let sign = CC.HMAC(data, alg: .sha512, key: key)
but then I need to convert sign which is of type Data, into a String.

But no matter how I do it, I can't get a string that works.

If I am using `let signString = String(describing: sign)', the string that comes to literally be the characters: "64 Bytes" (so it took the size of sign and made that the String).

When I try String(decoding: sign, as: UTF8.self) I get a string which is a row of unicodes (and not the characters they represent).

Any idea how I generate a string from the result of CC.HMAC? Is there another function I can or should be using?

Thanks

The error is:
module compiled with Swift 5.0 cannot be imported by the Swift 5.1 compiler: /my-path-to-project/Carthage/Build/iOS/SwCrypt.framework/Modules/SwCrypt.swiftmodule/arm64.swiftmodule

Is there any way to generate public key with Exponent and Modulus?

Hi 👋

Firstly thanks for the work and the great library :)

Currently in your DER encoding you are not stripping any leading 0 value octets.

When generating a PKCS8 PEM from a 4096 bit rsa key using derToPKCS8PEM the top level sequence contains leading 0's in the value of its length.

So for example:

30 83 00 02 23 . . . . . . .

The same key using OpenSSL will produce:

30 82 02 22

If you look at the DER spec it specifies that these should be stripped during DER encoding:

10.1 Length forms
The definite form of length encoding shall be used, encoded in the minimum number of octets. [Contrast with 8.1.3.2 b).]

https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

Hi,
For iOS and macOS projets it's will be great to make your component Carthage compatible

Take a look at these articles:

• Ruthlessly Simple Dependency Management with Carthage
• Carthage Tutorial: Getting Started
• Making Carthage-compatible Frameworks with Swift
• Swift Cross Platform Framework (section Configure targets for Carthage) 👍

On your README.md add on top and add section for the installation with Carthage.

Can this library be made compatible to Swift 3?

The getAES128Key and getAES256Key methods are prone to brute-force attacks.
Basically the key is computed as MD5(password + iv[0..7]). Given that the IV is a public info, the implementation can be reduced to MD5(password).

MD5 is a very fast hashing function and is also vulnerable to collisions. This means that an attacker can compute hashes fast and also needs to search a smaller space.

But even if the IV was not public, or if another hashing function would have been used (e.g. SHA2) the issue remains.

The key derivation should be based on a password based key derivation function such as bcrypt or PBKDF2 (with high number of iterations).

Anything above 192 bytes fails to encrypt.

To replicate, try running testEncryptDecryptOAEPSHA256() in SwCryptTests.swift with longer testData, for example,

	let testData = "This is a test string and I am now making it even longer lke so long that you wo'nt eve nasdf asdjf asdkjf kasdjf kasdjf kasjdf kasjdfk ajsdkf ajskdf jaskdfj askldf jalkwej faowiejf aiw asdkfj aksdjf kasdjfk asjdkf jaskdf jkasdfj kasdjf kasdjf kasjdkf ajsdkf ajskdfj aksdjfkajfiwef wef wef we f".data(using: String.Encoding.utf8)!

Hi,
I am using SwCrypt to implement GCM in my app.
Below is the list of Parameter values I pass:
opMode: .encrypt
algorithm: .aes
data: stringToEncrypt.data(using: .utf8)!
key: keyString.data(using: .utf8)!
iv: Random data of length 12 bytes
aData: Random data of length 20 bytes (I'm not sure what this parameter is for)
tagLength: 128

I get the error [crypt(_:algorithm:data:key:iv:aData:tagLength:)] AppName.CC.CCError: paramError (-4300)
I am unable to understand which parameter I am passing with wrong value

Is it possible to set params for generating RSAKey? I see some java libs with params like this :

 public RSAKeyGenerationParameters(
        BigInteger      publicExponent,
        SecureRandom    random,
        int             strength,
        int             certainty)
    {

Is apple allowing projects that use the GCM to be approved? I see you are using the private API but accessing it with dlopen.

Hello, I'm trying to encrypt a string with the RSA algorithm RSA/ECB/OAEPWithSHA-256AndMGF1Padding.

The Java code to decrypt is as follows, which is done on server:

String rsaKeyAlgorithm = "RSA";
String rsaEncryptAlgorithm = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";

PrivateKey privateKey = (RSAPrivateKey) KeyFactory.getInstance(rsaKeyAlgorithm).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(rsaPrivateKey)));

byte[] bytes = Base64.getDecoder().decode(cipherText);

Cipher decriptCipher = Cipher.getInstance(rsaEncryptAlgorithm);
decriptCipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(decriptCipher.doFinal(bytes), charset);

I tried using the following function:
try CC.RSA.encrypt(data, derKey: publicKey, tag: tag, padding: .oaep, digest: .sha256)
But server caught the following exception:

Exception in thread "main" javax.crypto.BadPaddingException: Decryption error
	at java.base/sun.security.rsa.RSAPadding.unpadOAEP(RSAPadding.java:497)
	at java.base/sun.security.rsa.RSAPadding.unpad(RSAPadding.java:292)
	at java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:366)
	at java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:392)
	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)

I tried to encrypt with digest .sha1, and decrypt on server using RSA algorithm RSA/ECB/OAEPWithSHA-1AndMGF1Padding and it worked fine. The issue seems to be related with SHA-256.

Can anyone help, please?

Given the IETF minimum recommendation of 2048-bit keys for DH key exchange:
https://tools.ietf.org/id/draft-ietf-curdle-ssh-dh-group-exchange-02.html

And the max for the DH class is only RFC 3526 Group 5, it should at minimum support Group 14:
https://www.ietf.org/rfc/rfc3526.txt

How to decrypt (RSA) a message in NodeJS, encrypted under ios?

Thkx

Hello, everyone!
Can you please help me to use SwCrypt?

The task is to:

1. Generate public and private keys
2. Covert them to String format
3. Encrypt some other string with a public key and receive another string as result of encryption
4. Decrypt string received at the previous step with the private key

To be honest, I'm new in cryptography and know a little about it's principles. Are actions mentioned above possible?

I've read all the issues and still can't get how to use the library.

1. I've generated public and private keys with.
   let (privateKey, publicKey) = try! CC.RSA.generateKeyPair(512)
let privKeyStr = privateKey.base64EncodedString()
let pubKeyStr = publicKey.base64EncodedString()

2. I have a string which i want to encode and than decode
   let testString: String = "Test string"

3. Trying to encode it:
   let testStringData = testString.data(using: .utf8)!
let pubKeyData = pubKeyStr.data(using: .utf8)!
let tagStr = "L" //still can't get what should I use there
let tag = tagStr.data(using: .utf8)!
let encryptedData = try! CC.RSA.encrypt(testStringData, derKey: pubKeyData, tag: tag, padding: .oaep, digest: .sha1)

4. Get an error:

CCError: decodeError (-4304)

Can you please help me to use the library?
Thanks!

I want to use ECC to generate a key pairs and encrypt message with public key and decrypt message with private key. How can I do this? I can't find any implementation in this library.

Hi,

I wonder if SwCrypt has the ability to load X.509 certificates, extract public key from it and verify if a certificate was signed with a particular public key?

Thanks,

Thank you for your effort, is this compatible with Swift 3.0?

Hi,

What is the content of NSData that is returned by generateKey() in DH class?
How can I convert it (Public Key) to X509 in order to be used by Java consumer?

Best Regards,
P

Ambiguous use of operator '>>'

I'm trying this:

let privateKey = "my-own-secp256k1-key-in-hex".dataFromHexadecimalString()
let publicKey = "my-own-secp256k1-key-in-hex".dataFromHexadecimalString()

But then I get a CC.CCError.memoryFailure with:

let shared = try CC.EC.computeSharedSecret(privateKey, publicKey: publicKey)

It doesn't happen when I import keys that have been generated with:

let pair = try! CC.EC.generateKeyPair(256)
let privateKey = pair.0.hex.dataFromHexadecimalString()
let publicKey = pair.1.hex.dataFromHexadecimalString()
let shared = try CC.EC.computeSharedSecret(privateKey, publicKey: publicKey)

Instead of use CC.EC.generateKeyPair to get a keypair.

• How can I import my own keypair? Is it supported?
• What kind of EC keys are generated by default?

Xcode: 9.3.1
Code:

let data = "Hello Test".data(using: .utf8)!
let (privateKey, publicKey) = try! CC.RSA.generateKeyPair(1024)
// encrypt
let encrypted = try! CC.RSA.encrypt(data, derKey: publicKey, tag: Data(), padding: .pkcs1, digest: .none)
// decrypt
do {
    let (decrypted,_) = try CC.RSA.decrypt(encrypted, derKey: privateKey, tag: Data(), padding: .pkcs1, digest: .none)
    print("decrypted:\(String(data:decrypted, encoding:.utf8)!)")
}catch{
    print("decrypt fail")
}

decypt failure on Simulator:iPhone 5s 8.1,but success on Simulator: iPhone SE 11.3.

CCCryptorStatus 
CCRSACryptorDecrypt(
    CCRSACryptorRef privateKey, 
    CCAsymetricPadding padding, 
    const void *cipherText, 
    size_t cipherTextLen,
    void *plainText, 
    size_t *plainTextLen, 
    const void *tagData, 
    size_t tagDataLen, 
    CCDigestAlgorithm digestType)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);

It should be support iOS 5.0 and upper,But why decrypt failure on iOS 8.1?

Hi,

Forgive my ignorance, but CC.HMAC(data, alg: .sha512, key: key) is asking for data of type Data, but converting a dictionary to Data is not being accepted not matter how I try to format it. Usual error is Cannot convert value of type 'String' to expected argument type 'Data'.

Any idea what I need to do with my JSON/Dictionary to pass it to CC.HMAC as Data?

Thanks

Our third party requires us to encrypt an empty String also. In this case, the content of the cipher block should be padding only. Can this please be added to SwCrypt?

There are about 38 warning in SwCrypt.swift file.

'withUnsafeMutableBytes' is deprecated: use `withUnsafeMutableBytes<R>(_: (UnsafeMutableRawBufferPointer) throws -> R) rethrows -> R` instead

since Apple just formally released Swift 4.1, I have found this library has some compile warnings.
SwCrypt.swift:742:18: Overlapping accesses to 'result', but modification requires exclusive access; consider copying to a local variable

I was confused from the brief documentation spec what is the difference between DH and Elliptic Curve code. I though these are two ways to do the same thing. It is only when I tried to get the x coordinate of the public key generated by generateKey() that I realized that this is not Elliptic Curve DH.

Add HKDF wrapper in order to use it on the ECDH derived bits.

Hi everyone,
the method: try CC.RSA.decrypt(data, derKey: privateKey, tag: tag, padding: .oaep, digest: .sha1) use a derKey to decrypt data. Is it possible to use a PEM key instead of the derKey?

Hi, could you help me? I have problem with using key in string format.

let publicKeyDER = try! SwKeyConvert.PublicKey.pemToPKCS1DER("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UKYj/9uwlfTe4r6Cz9SaOinnfKVUbWCjA9zHcPm7QfAOZ51KeYsuBauALFyF4xJRrDCbYkzz5+AK5Bu78Nz5PAzP72l+VU/mZcV/krRfAkunW+sefh+CMjckALwzSTEI3dzlVVd+ufqsw7h+tNpoYuUk5HK0QaCx8qPzEeQq98zxNgdhXMwiEZTxSKfplEVqnZCcXwfNygP9ATT5rgLpJGlIyHEGv32kxoCqqVy2iwQ7XN1CdTIJu+X/QzFJ++ZqD0kNGmX/8HP1VA2kuW8VTsKOmXvg/fx2a3BH2SYDzEQH+QrpJFxPj/tKfCmVvufVGJakHLLuMODPtJBh2GptwIDAQAB")

I have exception Error.invalidKey. How to fix it?

how can i get back plain text again after decryption?

I was wondering if I could encrypt using GCM aes 256
thanks!

Hi,

How we can add parameters to Diffie-Hellman as CCDHParameters? There is only an enum.

Best Regards,
P.S

Hello, awesome work, thanks a lot!

Have found strange behaviour, I'm not a cryptographer and don't know where to dig to. A signature created with .pss padding and some salt false verified on backend with Python/Ruby but works vice verse.

iOS:

let signature = try CC.RSA.sign(dataSign, derKey: privateKey, padding: .pss, digest: .sha384, saltLen: 16)

Backend Python returns false for this signature

public_key.verify(signature, dataSign, padding.PSS(mgf=padding.MGF1(SHA384())), salt_length=16), SHA384())

The same verification tried on Ruby

public_key.verify_pss("SHA384", signature, dataSign, salt_length: 16, mgf1_hash: "SHA384")

also gives false result.

But when create signature on backend side

Python

signature = private_key.sign(dataSign, PSS(mgf=padding.MGF1(SHA384(), salt_length=16), SHA384())

Ruby

signature  = private_key.sign_pss("SHA384", dataSign, salt_length: 16, mgf1_hash: "SHA384")

Then on iOS side

try CC.RSA.verify(dataSign, derKey: publicKey, padding: .pss, digest: .sha384, saltLen: 16, signedData: signature)

It returns true.

Am I missing something ? Or CommonCrypto and OpenSSL work different for signature creation when using pss + salt ? As using padding pkcs15 all works as expected.

Thank you one more time for your great work !

any reason the podspec targets only iOS 10+ ? if I install SwCrypt manually or through carthage I can target ios 9.0 just fine and the stuff that I'm using (elliptic curve signing and key exchange) works fine

It would have been really nice if there was an option to convert PEM or DER formats to ssh-rsa format.
Are there plans to include that function ?
Thanks, it is a great tool btw.

Please add a podspec to make it cocoapods compatible.

what is tag parameter in this method :
try CC.RSA.encrypt(data!, derKey: publicKey, tag: data!, padding: .pkcs1, digest: .none)
thanks.

I don't have a Swift5, Xcode 10.2, OS X 10.14 compatible Mac, and I don't want to buy one only for this project.

If you want to be a SwCrypt maintainer, please apply here.

Responsibilities:

• Review, test, accept pull requests
• Release new versions, push them to cocoapods
• If you want, you can write better documentation or you can add new features.

Rules:

• My GitHub account (@soyersoyer) should continue to be one of the owners of the project, but you will have full control over its future direction.

Hi

How to compute shared secret using EC public key x and y values and private key d value using the below function and i am getting back nil. I tried to decode and i can see the privateD which i am passing returns back nil from importKey method where the value of status is -4302.

Can you please help what format Data should i be passing into the computeSharedSecret for it to work in this case ?

var publicX = "2_v-MuNZccqwM7PXlakW9oHLP5XyrjMG1UVS8OxYrgA"
 var publicY = "rm1ktLmFIsP2R0YyJGXtsCbaTUesUK31Xc04tHJRolc"
 let privateD = "iyn--IbkBeNoPu8cN245L6pOQWt2lTH8V0Ds92jQmWA"
       
       let binaryPrivateData = privateDData(base64String: privateD)
       let publicKeyData = dataFromPublicXandY(x: publicX, y: publicY)
       
       let shared = try? CC.EC.computeSharedSecret(binaryPrivateData, publicKey: publicKeyData)
       print(shared) // is nil


func privateDData(base64String: String) -> Data {
       
       let base64Co = base64urlToBase64(base64url: base64String)
       //print(base64Q) // hJQWHABDBjoPHorYF5xghQ==
       let decodedDataCo = Data(base64Encoded: base64Co)
       return decodedDataCo!
   }

func dataFromPublicXandY(x: String, y:String) -> Data {
       
       var xStr = x
       var yStr = y
       
       xStr = xStr.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
       if xStr.count % 4 == 2 {
           xStr.append("==")
       }
       if xStr.count % 4 == 3 {
           xStr.append("=")
       }
       
       yStr = yStr.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
       if yStr.count % 4 == 2 {
           yStr.append("==")
       }
       if yStr.count % 4 == 3 {
           yStr.append("=")
       }
       
       
       let xBytes = Data(base64Encoded: xStr)
       /*Same with y and d*/
       let yBytes = Data(base64Encoded: yStr)
       
       //Now this bytes we have to append such that [0x04 , /* xBytes */, /* yBytes */, /* dBytes */]
       //Initial byte for uncompressed y as Key.
       let keyData = NSMutableData.init(bytes: [0x04], length: [0x04].count)
       keyData.append(xBytes!)
       keyData.append(yBytes!)
       return keyData as Data
   }

Hi there,

Do you know if iOS supports Public Key decryption?

My use case needs me to encrypt some data with the private key, and decrypt it with the public key. The opposite of normal operation

All the best!

Johnny