RSA Signing about bluecryptor HOT 26 CLOSED

I can take a look at it.

from bluecryptor.

@billabt that would be really helpful, thanks!

from bluecryptor.

@collinhundley: What exactly are you looking for? RSA key generation, signing/verification and public/private encryption/decryption? These appear to be the most common and are available with macOS/CommonCrypto and OpenSSL...

from bluecryptor.

I'd like to sign JWT tokens using RSA. I'm no crypto expert, but I use BlueCryptor for a JWT library and it currently uses HMAC. Google'a APIs only support RSA signing though.

from bluecryptor.

Ok. I'll see what I can do... No sure how soon I can get to it. Might have some time this weekend or maybe sooner.

from bluecryptor.

@billabt any luck here?

from bluecryptor.

I haven't had the chance to look at it yet. Possibly this weekend. Been busy with another project. Sorry.

from bluecryptor.

After doing some research over the weekend, I found that a key header on macOS is NOT included in the macOS SDK. This header is CommonRSACryptor.h. Not sure why it's not included along with the other CommonCrypto APIs. Without this header, there's no way, other than using the platform specific (i.e. they're different on iOS versus macOS) keychain APIs. I'm not sure why this header is excluded from the CommonCrypto bundle. I've opened a bug/enhancement request with Apple regarding this. Let's see what they suggest. Doing the RSA operations using OpeSSL is not an issue.

from bluecryptor.

I'm still exploring other options...

from bluecryptor.

Hmm, that is strange. Could we implement the OpenSSL side first while we wait to hear back from Apple? For my particular use I only need the Linux code anyway.

from bluecryptor.

I'll have to think about that one... Let me finish exploring other options. I'd prefer to build an API that's going to work for both macOS (and friends) and Linux rather than build one based on the OpenSSL implementation and then have to change it later to make it more generic to accommodate the macOS implementation. I don't think Apple is going to give us access to the CommonRSACryptor.h header anytime soon.

from bluecryptor.

Makes sense. I might look into the OpenSSL API to get familiar with it, since my project is a bit time sensitive. Might be able to patch something together until we build something more robust.

from bluecryptor.

The OpenSSL API for signing is pretty simple. Since you're using BlueCryptor already, you've already go the OpenSSL module available. It should be just a simple matter of calling the API at the appropriate point. Let me know if you run into any issues calling the API, maybe I can help.

from bluecryptor.

Hey @billabt any progress on this? I'm looking at the OpenSSL API now and noticed that you started an RSA implementation.

from bluecryptor.

Still investigating. Trying to avoid use of keychain APIs on macOS.

from bluecryptor.

I've got an implementation working with OpenSSL on macOS. The advantage is that the API is the same as Linux, but it requires us to import IBM-Swift/OpenSSL-OSX

from bluecryptor.

If you want to check out my initial (rough) implementation, you can find it here.

It doesn't follow the Updatable protocol, so I won't submit a PR for it yet. But it's a working example using OpenSSL.

from bluecryptor.

Ok, cool. I took a quick look at it. Unfortunately, the way it's implemented forces both CommonCrypto AND OpenSSL to be linked into the binary. This is NOT acceptable. Way too heavyweight. If all you're looking for is signing, I'd suggest that you use an extension to BlueCryptor for your application. This lets you add the functionality to the BlueCryptor framework for your app without forcing BlueCryptor to link both libraries into the framework on macOS. This won't affect your app since you've stated that you're targeting Linux as your platform. All you'd have would be OpenSSL. This'll give you a solution for your app without having to modify the BlueCryptor framework. This'll hold you over until I figure out the best way to provide FULL RSA support in the BlueCryptor framework. Make sense?

from bluecryptor.

Yeah, the idea isn't to keep the OpenSSL implementation on macOS - it's just an easy way to develop with code completion (especially since I'm not super familiar with the OpenSSL API). However, this implementation is a starting point for the Linux version regardless of the direction you choose to take for macOS. It can be easily modified if you want RSA to adopt Updatable.

from bluecryptor.

Explanation about RS256 of JSONWebToken

JWSAlgorithm.RS256 - RSA PKCS#1 signature with SHA-256

from bluecryptor.

There's another framework that I'm working on that will do what you want. It's just not ready yet. I've still got to add Linux support to it. I'll leave this issue open until it's released and then let you know.

from bluecryptor.

Hey @billabt, any update here? I've got a new application that needs to be signed using RSA-SHA1. Would love to hear about your new framework, if you've made any progress with it.

from bluecryptor.

@collinhundley: This is still a work in progress. The macOS portion is complete. The Linux side is still a work in progress but we hope to make it available shortly. Look for BlueRSA, currently set up as private but will go public upon completion.

from bluecryptor.

FWIW, it's possible to use SecKeyCreateEncryptedData and SecKeyCreateDecryptedData directly on (mac|i)OS; with suitable parameters, it'll do RSA. (Unfortunately, I'm not at the liberty to share code at this point, sorry.) I'd assume signing is available in a similar way.

Looking forward for BlueRSA, though!

from bluecryptor.

Another vote for BlueRSA. Looking forward to it. I need to verify RSA signatures.

from bluecryptor.

BlueRSA should provide what you need.

from bluecryptor.