3

How could you load a public or private key from a file, and then encrypt or decrypt data with it in Swift while using no libraries or APIs?

Bennett
  • 1,007
  • 4
  • 15
  • 29
  • is this for iOS or OSX? Also, why the restriction for no libraries or API's? If you want to encrypt, you're gonna have to use *some* library or API. – Michael Dautermann Aug 01 '15 at 05:57
  • @MichaelDautermann Either. Why? – Bennett Aug 01 '15 at 05:57
  • Why? I wasn't sure what you were targeting. And I was about to suggest [using some library or he openssl library](http://stackoverflow.com/questions/31380713/how-to-add-openssl-to-a-swift-project), but then I noticed your "use no libraries or API's" comment, so I feel like my hands are tied in giving you an answer. – Michael Dautermann Aug 01 '15 at 06:00

2 Answers2

4

You could use OS X’s built-in OpenSSL to generate and encrypt or a combo of OS X and Swift.

OpenSSL commands:

  1. openssl genrsa -out rsaPrivateKey.pem 4096 (2048 is likely fine too – dealers choice)
  2. openssl rsa -in rsaPrivateKey.pem -out rsaPrivateKey.key
  3. openssl req -new -key rsaPrivateKey.key -out rsaCertReq.crt (this step requires basic info, and iOS requires a password, so set one when it asks)
  4. openssl x509 -req -days 10000 -in rsaCertReq.crt -signkey rsaPrivateKey.key -out rsaCert.crt
  5. openssl x509 -outform der -in rsaCert.crt -out publicKey.der
  6. openssl pkcs12 -export -out privateKey.pfx -inkey rsaPrivateKey.key -in rsaCert.crt

In the end, the important files from an iOS standpoint are publicKey.der and privateKey.pfx. You will use publicKey.der to encrypt data, and privateKey.pfx to decrypt.

Encryption in iOS

In iOS, in addition to providing support functions for encoding and decoding keys, the Certificate, Key, and Trust Services API also provides basic encryption, decryption, signing, and verifying of blocks of data using the following SecKey functions:

SecKeyEncrypt—encrypts a block of data using the specified key.

SecKeyDecrypt—decrypts a block of data using the specified key.

SecKeyRawSign—signs a block of data using the specified key.

SecKeyRawVerify—verifies a signature against a block of data and a specified key.

Apple Docs
Encrypting and Hashing Data

You can find examples of how to use these functions in Apple docs Certificate, Key, and Trust Services Tasks for iOS

import UIKit
import CoreFoundation

Use a bridging header file for Security.h

#import <Security/Security.h>
Edison
  • 11,881
  • 5
  • 42
  • 50
1

Okay, I did some research for you and here's what I've come up with (based on the answers I see in this related question).

There is an open source GitHub project in Swift called Heimdall which is a nice wrapper around Apple's security framework. The ReadMe on the GitHub page says "Swift 1.2" but Xcode 7 & Swift 2.0 will be finalized any day now so hopefully that will be updated soon.

If you want to skip using the open source stuff, then you need to call into Apple's security framework directly. Look for these sample code which includes these calls: SecKeyEncrypt and SecKeyDecrypt.

These two calls (and everything in SecKey.h) appear to be C functions but the Apple documentation I've linked to seems to indicate there may be Swift API's available.

Community
  • 1
  • 1
Michael Dautermann
  • 88,797
  • 17
  • 166
  • 215
  • APIs are everywhere but the OP doesn't want to use an API/framework and Heimdall is an API. It can create RSA keypairs using the iOS/OS X keychain for storing the keys, so the keys are stored in a secure way BUT again it's an API. CkoRsa is another API. – Edison Aug 01 '15 at 20:00
  • @tymac Talked with him in the OP. It's fine with me, and the SecKeyEncrypt and SecKeyDecrypt functions are nice. – Bennett Aug 02 '15 at 01:11