I would like to decrypt a RSA-encoded blob on iPhone, by having an exponent and modulus as private key. In Java (with javax.crypto), this could be easily achieved by code like this:
// 1) key
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(myModulus, myPublicExponent);
KeyFactory fact = KeyFactory.getInstance("RSA");
Key pubKey = fact.generatePublic(keySpec);
// 2) cypher
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
// 3) use cypher to decode my block to an output stream
But with the iPhone security API I can't create a SecKeyRef (key) other than by generating a pair or importing a certificate, which I don't have/want.
Is there a way to create a key manually having a modulus + exponent? If so, can you give me a clue on how?
Thanks in advance
How are your exponent and modulus encoded? If they're in a PKCS#12 blob, you can use SecPKCS12Import()
and SecIdentityCopyPrivateKey()
to achieve what you want.
EDIT: Given that you have the raw keys, you might be interested in looking at the -[SecKeyWrapper addPeerPublicKey:keyBits:]
example provided by Apple.
I have a library that lets you create the binary data to import RSA keys in modulus and exponent now:
https://github.com/StCredZero/SCZ-BasicEncodingRules-iOS
SCZ-BasicEncodingRules-iOS
Implementation of Basic Encoding Rules to enable import of RSA keys to iOS
KeyChain using exponent. Code targets iOS 5 with ARC.
Let's say you already have a modulus and exponent from
an RSA public key as an NSData in variables named pubKeyModData and
pubKeyExpData. Then the following code will create an NSData containing that RSA
public key, which you can then insert into the iOS or OS X Keychain.
NSMutableArray *testArray = [[NSMutableArray alloc] init];
[testArray addObject:pubKeyModData];
[testArray addObject:pubKeyExpData];
NSData *testPubKey = [testArray berData];
This would allow you to store the key using the addPeerPublicKey:keyBits: method from SecKeyWrapper in the Apple CryptoExercise example. Or, from the perspective of the low-level API, you can use SecItemAdd().
NSString * peerName = @"Test Public Key";
NSData * peerTag =
[[NSData alloc]
initWithBytes:(const void *)[peerName UTF8String]
length:[peerName length]];
NSMutableDictionary * peerPublicKeyAttr = [[NSMutableDictionary alloc] init];
[peerPublicKeyAttr
setObject:(__bridge id)kSecClassKey
forKey:(__bridge id)kSecClass];
[peerPublicKeyAttr
setObject:(__bridge id)kSecAttrKeyTypeRSA
forKey:(__bridge id)kSecAttrKeyType];
[peerPublicKeyAttr
setObject:peerTag
forKey:(__bridge id)kSecAttrApplicationTag];
[peerPublicKeyAttr
setObject:testPubKey
forKey:(__bridge id)kSecValueData];
[peerPublicKeyAttr
setObject:[NSNumber numberWithBool:YES]
forKey:(__bridge id)kSecReturnPersistentRef];
sanityCheck = SecItemAdd((__bridge CFDictionaryRef) peerPublicKeyAttr, (CFTypeRef *)&persistPeer);