Comments (26)
I can take a look at it.
from bluecryptor.
@billabt that would be really helpful, thanks!
from bluecryptor.
@collinhundley: What exactly are you looking for? RSA key generation, signing/verification and public/private encryption/decryption? These appear to be the most common and are available with macOS/CommonCrypto and OpenSSL...
from bluecryptor.
I'd like to sign JWT tokens using RSA. I'm no crypto expert, but I use BlueCryptor for a JWT library and it currently uses HMAC. Google'a APIs only support RSA signing though.
from bluecryptor.
Ok. I'll see what I can do... No sure how soon I can get to it. Might have some time this weekend or maybe sooner.
from bluecryptor.
@billabt any luck here?
from bluecryptor.
I haven't had the chance to look at it yet. Possibly this weekend. Been busy with another project. Sorry.
from bluecryptor.
After doing some research over the weekend, I found that a key header on macOS is NOT included in the macOS SDK. This header is CommonRSACryptor.h
. Not sure why it's not included along with the other CommonCrypto APIs. Without this header, there's no way, other than using the platform specific (i.e. they're different on iOS versus macOS) keychain APIs. I'm not sure why this header is excluded from the CommonCrypto bundle. I've opened a bug/enhancement request with Apple regarding this. Let's see what they suggest. Doing the RSA operations using OpeSSL is not an issue.
from bluecryptor.
I'm still exploring other options...
from bluecryptor.
Hmm, that is strange. Could we implement the OpenSSL side first while we wait to hear back from Apple? For my particular use I only need the Linux code anyway.
from bluecryptor.
I'll have to think about that one... Let me finish exploring other options. I'd prefer to build an API that's going to work for both macOS (and friends) and Linux rather than build one based on the OpenSSL implementation and then have to change it later to make it more generic to accommodate the macOS implementation. I don't think Apple is going to give us access to the CommonRSACryptor.h
header anytime soon.
from bluecryptor.
Makes sense. I might look into the OpenSSL API to get familiar with it, since my project is a bit time sensitive. Might be able to patch something together until we build something more robust.
from bluecryptor.
The OpenSSL API for signing is pretty simple. Since you're using BlueCryptor already, you've already go the OpenSSL module available. It should be just a simple matter of calling the API at the appropriate point. Let me know if you run into any issues calling the API, maybe I can help.
from bluecryptor.
Hey @billabt any progress on this? I'm looking at the OpenSSL API now and noticed that you started an RSA implementation.
from bluecryptor.
Still investigating. Trying to avoid use of keychain APIs on macOS.
from bluecryptor.
I've got an implementation working with OpenSSL on macOS. The advantage is that the API is the same as Linux, but it requires us to import IBM-Swift/OpenSSL-OSX
from bluecryptor.
If you want to check out my initial (rough) implementation, you can find it here.
It doesn't follow the Updatable
protocol, so I won't submit a PR for it yet. But it's a working example using OpenSSL.
from bluecryptor.
Ok, cool. I took a quick look at it. Unfortunately, the way it's implemented forces both CommonCrypto AND OpenSSL to be linked into the binary. This is NOT acceptable. Way too heavyweight. If all you're looking for is signing, I'd suggest that you use an extension
to BlueCryptor for your application. This lets you add the functionality to the BlueCryptor framework for your app without forcing BlueCryptor to link both libraries into the framework on macOS. This won't affect your app since you've stated that you're targeting Linux as your platform. All you'd have would be OpenSSL. This'll give you a solution for your app without having to modify the BlueCryptor framework. This'll hold you over until I figure out the best way to provide FULL RSA support in the BlueCryptor framework. Make sense?
from bluecryptor.
Yeah, the idea isn't to keep the OpenSSL implementation on macOS - it's just an easy way to develop with code completion (especially since I'm not super familiar with the OpenSSL API). However, this implementation is a starting point for the Linux version regardless of the direction you choose to take for macOS. It can be easily modified if you want RSA
to adopt Updatable
.
from bluecryptor.
Explanation about RS256 of JSONWebToken
JWSAlgorithm.RS256 - RSA PKCS#1 signature with SHA-256
from bluecryptor.
There's another framework that I'm working on that will do what you want. It's just not ready yet. I've still got to add Linux support to it. I'll leave this issue open until it's released and then let you know.
from bluecryptor.
Hey @billabt, any update here? I've got a new application that needs to be signed using RSA-SHA1. Would love to hear about your new framework, if you've made any progress with it.
from bluecryptor.
@collinhundley: This is still a work in progress. The macOS portion is complete. The Linux side is still a work in progress but we hope to make it available shortly. Look for BlueRSA, currently set up as private but will go public upon completion.
from bluecryptor.
FWIW, it's possible to use SecKeyCreateEncryptedData
and SecKeyCreateDecryptedData
directly on (mac|i)OS; with suitable parameters, it'll do RSA. (Unfortunately, I'm not at the liberty to share code at this point, sorry.) I'd assume signing is available in a similar way.
Looking forward for BlueRSA, though!
from bluecryptor.
Another vote for BlueRSA. Looking forward to it. I need to verify RSA signatures.
from bluecryptor.
BlueRSA should provide what you need.
from bluecryptor.
Related Issues (20)
- Replace some fatalError's by optional/Result/throws HOT 4
- Request: OpenSSL 1.1 support
- Minor release for swift 4.1 HOT 2
- CMS Signatures HOT 1
- Xcode 10 Support HOT 1
- Swift 4.2 macOS CommonCrypto conflict HOT 2
- Fresh checkout won't build HOT 2
- Cryptor-iOS Scheme is not Shared HOT 4
- Installing via CocoaPods results in error "No such module 'CommonCrypto'" HOT 2
- ECDSA support HOT 9
- Version-specific manifest not support latest Swift 5 HOT 1
- PBKDF derivation compiler warning HOT 1
- swift build warning (misuse EVP_DecryptFinal | EVP_EncryptFinal) HOT 2
- Request: bcrypt implementation HOT 5
- How can I get the same output with openssl? HOT 1
- custom framework build failing with no full bitcode error HOT 1
- Invalid Exclude in Xcode 13 HOT 15
- Invalid Triple-DES encryption result
- Getting " " (empty) Decrypted string from update function
- Remove support for deprecated cryptographic options (MD2, MD4, MD5) & release to cocoapods
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bluecryptor.