I have to encrypt a string and have a .CER (x.509) in the Resources folder of my xCode project. The last two days I have spent to imagine how, but no success, so it's time to ask.

The documentation of Apple is very difficult to read... and I see this framework is probably the hardest one to understand... neither the samples have helped.

So, I have tried with the following code: obviously it does not work:

On my Mac I used OPENSSL but I found no way to recreate OPENSSL commands in the SDK. So, I'm pretty confused... anyone???

Thanks a lot :)

NSString *certPath = [[NSBundle mainBundle] pathForResource:@"Certificate" ofType:@"cer"]; 
    SecCertificateRef myCertificate = nil;

    NSData *certificateData = [[NSData alloc] initWithContentsOfFile:certPath]; 
    myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certificateData);

    SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
    SecTrustRef myTrust;
    SecTrustCreateWithCertificates(myCertificate, myPolicy, &myTrust);
    SecKeyRef publicKey = SecTrustCopyPublicKey(myTrust);



        uint8_t *pPlainText = (uint8_t*)"This is a test";
        uint8_t aCipherText[1024];
        size_t iCipherLength = 1024;
        OSStatus status = SecKeyEncrypt(publicKey,
                                        kSecPaddingPKCS1,
                                        pPlainText,
                                        strlen( (char*)pPlainText ) + 1,
                                        aCipherText,
                                        &iCipherLength);


        }

I tried your updated code with the addition of two lines at the end:

NSData *cipherData = [NSData dataWithBytes:aCipherText length:iCipherLength];
NSLog(@"(%d) %@", status, cipherData);

That works fine:

2011-02-17 22:24:04.204 Untitled[45121:207] (0) <87a2eb07 25ab693a 7fe88329 974b6820
843c5c33 8c5d4606 aecea682 0176e4cb 10482c9b fd2e2242 1c77d349 d3037e91 8d704783
f2e04c82 ef273815 bdb6aa73 f8646542 243f3e12 518147ba 53636441 fd9399d3 b198ed6a
615d51d1 4105fb75 27180f0d 09835551 5162e156 33dedf39 a87e17f8 16881990 c5e57a38
7cd7ec63>

Now one difference is that the public key I'm using is in my keychain. If yours isn't, you may want to look at the importing-an-ssl-cert-under-the-iphone-sdk link below. So far I've only tested on Simulator, which also can be different, but I believe this is correct.

If you still have trouble, make sure to check the result of each call (and if it returns OSStatus, check that). Which piece is failing?

You forgot to call SecTrustEvaluate() on your SecTrustRef before calling SecTrustCopyPublicKey(). Check the docs on SecTrustCopyPublicKey() which explains this.

Old information that wasn't as useful:

I believe these posts should point you in the right direction:

http://greghaygood.com/2009/01/17/asymmetric-encryption-with-the-iphone-sdk-and-securityframework

Importing an SSL cert under the iPhone SDK

Also note that if you have OpenSSL code for Mac already, you can compile OpenSSL for iPhone. This post was useful for me when I developed my build scripts:

http://www.therareair.com/2009/01/01/tutorial-how-to-compile-openssl-for-the-iphone/