hohl / mihcrypto Goto Github PK

Add some kind of MIHBigIntegerFactory which allows to generate random (between range or prime only) MIHBigIntegers.

Hi,

I generate the keys as below:

MIHRSAKeyFactory *factory=[[MIHRSAKeyFactory alloc]init];
MIHKeyPair *keys = [factory generateKeyPair];

Now, I need to get string value of public key for sending it to our web services.
How can I get it?

Appreciate any help,

Allow the exporting and importing of private and public keys as files. It would be good design to add these two interface:

• MIHExporter
• MIHImporter

...providing the ability to import/export MIHPrivateKey, MIHPublicKey and MIHSymmetricKey. Every file format could be one implementation for these interfaces.

There should also be the ability to set passwords when it is supported by the file format (like it is with P12).

I tried to get the RSA public key (PEM/DER) from the certificate which stored locally. For getting data from the path, I used the following code.

    NSString *publicKeyPath = [[NSBundle mainBundle] pathForResource:@"Public_Certificate" ofType:@"cer"];
    NSData *certData = [NSData dataWithContentsOfFile:publicKeyPath];

After I got the data from the path, I tried to get the RSA public key like this.
MIHRSAPublicKey *key = [[MIHRSAPublicKey alloc] initWithData:certData];
I'm getting an error in this

            if (!PEM_read_bio_PUBKEY(publicBIO, &pkey, NULL, NULL)) {
                @throw [NSException openSSLException];
            }

This condition failed and it throws an error. In the console, the error says that

Terminating app due to uncaught exception 'MIHCryptoException', reason: '[OpenSSL] ERROR: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag'

I tried by changing the certificate type also. Tried with pem, der, etc. but for all those certificate types, I'm getting the same error.

Instead of getting data from path, I'm passed the public key string directly which I got from that data by this code.

NSString *publicCertificate = [certData base64EncodedStringWithOptions:NSDataBase64EncodingEndLineWithLineFeed];

The public key string was in this format.

NSString *publicCertificate = @"-----BEGIN CERTIFICATE-----"
"..."
"..."
"...="
"-----END CERTIFICATE-----";
NSData *publicStringData = [publicCertificate dataUsingEncoding:NSUTF8StringEncoding];

I got the same error.
Tried by converting the string into Base64EncodedString and passed it to MIHRSAKey.

NSData *data = [[NSData alloc] initWithBase64EncodedString:publicCertificate options:NSDataBase64DecodingIgnoreUnknownCharacters];

Here I'm getting the data as nil value.
So tried by removing the "---BEGIN CERTIFICATE---" and "---END CERTIFICATE---" from the publicCertificate string and tried. Now I'm getting the data value. But when I passed the data in MIHRASKey, I'm getting the same error.

In MIHRSAKey, I'm getting the base64 data from this code.

        NSString *base64DataString = [dataValue MIH_base64EncodedStringWithWrapWidth:64];
        base64DataString = [@"-----BEGIN PUBLIC KEY-----\n" stringByAppendingString:base64DataString];
        base64DataString = [base64DataString stringByAppendingString:@"\n-----END PUBLIC KEY-----"];
        NSData *base64Data = [base64DataString dataUsingEncoding:NSUTF8StringEncoding];

When I tried to remove the 'BEGIN PUBLIC KEY' and 'END PUBLIC KEY' line [Since it was already present in my data] and just send it as a base64 encoded data, I got this error.

Terminating app due to uncaught exception 'MIHCryptoException', reason: '[OpenSSL] ERROR: error:0906D06C:PEM routines:PEM_read_bio:no start line'

P.S The public certificate was from windows, so I used dos2unix & fold to correct it to _unix file and tested it using _openssl x509 -in certificate.crt -text -noout* . The above error remains the same nevertheless of which certificate I use.

Resolving this error is kind of crucial to me, can anyone please tell me how to resolve this error and successfully encrypt a data using RSA algorithm via MIHCrypto library.

Thanks.

I can't find it, is it wrapped already?

Hi，i got many warnings with XCode 7 & OSX 10.11

so how can i do RSA encrypt in OSX 10.11 El Capitan？

Hi I've got the same bug as in #17 here ("MIHCrypto", "~> 0.3.2"). These are my lines of code:

NSString *encrypted_text = @"BdhFH0sd7e9DExiCd50Ykh4spm2BX126skjJ1o8HHjKsN+J7r9IoI9kbB9AAacEpJsAfyesiJsq5gDBhQtcNbB6l88aSgPrEoVwR9ilzuzVcv1q3J1dxs4uIEMuhzoWT+R8//dD2jDdXPyFsdGWJc10CEizPFKpmy2jWhvU8CVs=";
NSBundle *myBundle = [NSBundle mainBundle];
NSString *privateKeyPath= [myBundle pathForResource:@"rsa_1024_priv" ofType:@"pem"];    
NSData *privateKeyData = [[NSFileManager defaultManager] contentsAtPath:privateKeyPath];
MIHRSAPrivateKey *privateKey = [[MIHRSAPrivateKey alloc] initWithData:privateKeyData];
NSError *decryptionError = nil;

// decryption
NSData *encData = [encrypted_text dataUsingEncoding:NSUTF8StringEncoding];
NSData *decryptedEncData = [privateKey decrypt:encData error:&decryptionError];
NSString* decryptedText = [[NSString alloc] initWithData:decryptedEncData encoding:NSUTF8StringEncoding]; // iOS 7+, by iOS Core API

if(decryptionError){
    DDLogDebug(@"error: %@",[encryptionError localizedDescription]);
}
DDLogDebug(@"decrypted: %@",decryptedEncData);

The problem is the same as in #17:

error: OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)

Do you have any Idea??

Any plans for Carthage support?

Hi, I have to encrypt a text with RSA PKCS#1 and I have got modulus and exponent (both of them in hexadecimal and decimal format), ¿How can I set up modulus to encrypt with public key?

Hello,
I'm installing using MIHCrypto this pod file:

target 'MIHCryptoProject' do
pod 'MIHCrypto', '~> 0.4'
end

and when i compile the project i get this error:
linker command failed with exit code 1

duplicate symbol _llvm.embedded.module in:
/Users/dtokos/Documents/dobro/Xcode/fsjgh/Pods/OpenSSL-Universal/lib-ios/libcrypto.a(bio_lib.o)
/Users/dtokos/Documents/dobro/Xcode/fsjgh/Pods/OpenSSL-Universal/lib-ios/libcrypto.a(gost_sign.o)
ld: 888 duplicate symbols for architecture x86_64

I'm using Xcode 6.2 on OSX 10.9.5

Can you help me? I'm new to Cocoapods, maybe it's my fault. Anyway thanks for help.

Have a nice day

Hi, i gotta say this is the only library I found in months or research that allows to -easily- handle keys, signature and encryption in iOS: great job!
I'm using it to sign data that must be sent (signed) together with public key to a cloud service for authentication.
Unfortunately, I'm having troubles "exporting" the public key in a format that can be used by .NET.
As a matter of fact, I also tried to copy+paste the signed data and the result of calling dataValue on the public key to a file and then use command line openssl verify:

openssl rsautl -verify -inkey ~/Desktop/pubkey.pem -in ~/Desktop/datasigned.txt -pubin -raw -hexdump

Resulting in: unable to load Public Key
I guess what is missing is the algorithm OID, which would be useful.

Did you test the dataValue result agains out-of-project signature verification tools? Thanks!

Hi,
Is it possible to use AES / GCM encryption?

Hey,
After a quick google search, I find this SO. So I looked in the manual and seems like the guy is correct and OpenSSL should be seeded before generating keys. My question is - did I understand it correctly? Becuase I looked up and it seems there is no call to RAND_add in this library...
Thanks,
Omer

At the moment only SHA256 (which is the more recent one and preferred one) implemented. For backwards compatibility SHA would highly be appreciated.

I am getting the error:

'openssl/evp.h' file not found

any idea why it is not there??

Is it alive?

I need to encrypt a NSString using a public from a webserver certificate on iOS and your library will be very useful, but I am having some problems.

Here's what i am doing:

NSString *publicKey = @"Public Key From My WebServer Certificate";
NSData *data = [[NSData alloc] initWithBase64EncodedString:publicKey options:NSDataBase64DecodingIgnoreUnknownCharacters];

id<MIHPublicKey> symmetricKey = [[MIHRSAPublicKey alloc] initWithData:data];

NSError *encryptionError = nil;
NSData *messageData = [@"My Password" dataUsingEncoding:NSUTF8StringEncoding];
NSData *encryptedData = [symmetricKey encrypt:messageData error:&encryptionError];
NSString* newStr = [[NSString alloc] initWithData:encryptedData encoding:NSUTF8StringEncoding];

newStr is always null. What I am doing wrong?

Xcode have nice feature "Analyze":

It show potential leaks like this:

pod "MIHCrypto", "~> 0.5.0" failed

I can't add the certificate in my application bundle. I need to download the SSL certificate and extract the public key in real time. Is there a way to do this?

Hello,
I'm using this framework to generate the key pair and sign a message.
I'm creating the key pair with:
self.rsaKeyFactory = [[MIHRSAKeyFactory alloc] init];
self.rsaKeyFactory.preferedKeySize = MIHRSAKey1024;
self.keyPair = [self.rsaKeyFactory generateKeyPair];

and then sign with:
- (NSString *)signMessageData:(NSData *)data withKey:(MIHRSAPrivateKey *)privKey {
NSError *signingError = nil;
NSData *signatureData = [privKey signWithSHA256:data error:&signingError];
if (signingError != nil) {
NSLog(@"Error al firmar el mensaje: %@", signingError.localizedDescription);
}
NSString *signString = [signatureData MIH_base64EncodedString];
return signString;
}

For what I know, signing with a 1024 private key should give a 128byte signature, but I get just 86 bytes.
I've been told to generate a 128 bytes signature, so any help would be really apreciated.

Thanks.

@hohl hey! my server returns a public key string that needs to be decrypted through it, but it crashes when it is initialized by the following method

// The public key string returned by the Java server                
// MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsD2JQlxPCHm1+g1faPDKAdf9bOL4DmeO2YRdT/UCAGESXortYb7TyPtUI9s3gQZG3QsgP1Op59OlVTqrIbeUJ0rHl1q3As7Tm064IuaVL2ocvIkIW2Dx5bSqA2wKwvoRs7O0cAFxspDA8xZesp8DRNZ28LQdF/s8+TMQYecOcGQIDAQAB

NSString *webPublicKey = [self getTokenInfo].rsaPublicKey;
NSData *publicData = [webPublicKey dataUsingEncoding:NSUTF8StringEncoding];
MIHRSAPublicKey *rsaPublicKey = [[MIHRSAPublicKey alloc] initWithData:publicData];

Hope to get your help, be grateful, wish you a happy life

Add a wrapper for X509 implementation of OpenSSL. This will allows to extract keys from common certificate files.

as titled, can i create a self-signed certificate?

Hello Everobody,how can I create digital singnature SHA256 with RSA algoritm where padding is PKCS8

The 'Pods' target has transitive dependencies that include static binaries: (/Users/xxx/workspace/xcode/iBBS-Swift/Pods/OpenSSL/lib/libcrypto.a and /Users/xxx/workspace/xcode/iBBS-Swift/Pods/OpenSSL/lib/libssl.a)in

I want to send the public key to the server.
This is how I tried to get the public key string, but it returns null:

 MIHRSAKeyFactory *factory = [[MIHRSAKeyFactory alloc] init];
 factory.preferedKeySize = MIHRSAKey512;
 MIHKeyPair *keyPair = [factory generateKeyPair];

 NSString *publicKeyStr = [keyPair.public description];
 NSLog(@"%@", publicKeyStr);// logs null

 NSData *data = [keyPair.public dataValue];
 publicKeyStr = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
 NSLog(@"%@", publicKeyStr);// logs null

Any suggestions?

I think there's a mistake in the introduction, should be
pod 'MIHCrypto', '~> 0.2.0'

I was building a framework by a template named "iOS-Universal-Framework"(https://github.com/kstenerud/iOS-Universal-Framework) I can add some other 3rd-party static library in my framework project.But I don't know how to add your code in it.So I just want to know that if I can build your source code into a static library without using Cocoapods.

I cannot get CocoaPods to install MIHCrypto with the "use_frameworks!" option in my Podfile.

!] The 'Pods' target has transitive dependencies that include static binaries: (Pods/OpenSSL-Universal/lib-ios/libcrypto.a and Pods/OpenSSL-Universal/lib-ios/libssl.a)

Are there any workarounds? I know I can remove the use_frameworks! option, but I need it for other target dependencies using Swift.

Thanks!

I'm trying to create instances of MIHRSAPublicKey and MIHRSAPrivateKey using initWithData: after they have been encoded as strings from their data values, and decoded back into data values.

See following code example. The asserts on data equality succeed but the asserts on key and keypair equality fail.

Not sure if this is a bug, or me misunderstanding the intended usage of these APIs. Would you be able to help?

  MIHRSAKeyFactory *keyFactory = [[MIHRSAKeyFactory alloc] init];
  MIHKeyPair *keyPair = [keyFactory generateKeyPair];
  MIHRSAPublicKey *publicKey = keyPair.public;
  MIHRSAPrivateKey *privateKey = keyPair.private;
  NSData *publicKeyData = [publicKey dataValue];
  NSData *privateKeyData = [privateKey dataValue];

  NSString *publicKeyString = [publicKeyData MIH_base64EncodedString];
  NSString *privateKeyString = [privateKeyData MIH_base64EncodedString];

  NSData *testPublicKeyData = [NSData MIH_dataByBase64DecodingString:publicKeyString];
  NSData *testPrivateKeyData = [NSData MIH_dataByBase64DecodingString:privateKeyString];

  assert([testPublicKeyData isEqualToData:publicKeyData]); // succeeds
  assert([testPrivateKeyData isEqualToData:privateKeyData]); // succeeds

  MIHRSAPublicKey *testPublicKey = [[MIHRSAPublicKey alloc] initWithData:testPublicKeyData];
  MIHRSAPrivateKey *testPrivateKey = [[MIHRSAPrivateKey alloc] initWithData:testPrivateKeyData];

  assert([testPublicKey isEqual:publicKey]); // fails
  assert([testPrivateKey isEqual:privateKey]); // fails

  MIHKeyPair *testKeypair = [[MIHKeyPair alloc] init];
  testKeypair.public = testPublicKey;
  testKeypair.private = testPrivateKey;

  assert([testKeypair isEqualToPair:keyPair]); // fails

How could I go about sharing and then using a generated public key?

I have wrote the functions:

-(NSString*)keyTo64String:(id)key{
    NSData *key_data = [NSKeyedArchiver archivedDataWithRootObject:key];
    return [key_data base64EncodedStringWithOptions:0];
}

-(id)string64ToKey:(NSString*)key{
    NSData* priv_actual_data = [[NSData alloc] initWithBase64EncodedString:key options:0];
    return [NSKeyedUnarchiver unarchiveObjectWithData:priv_actual_data];
}

The first function will return a string representation of the MIHPublicKey or MIHPrivateKey object.
And the second from the string to the object.

It would be cool if I could export the key in a format similar to a .pem file. It would also be great if I could read that format and turn it back into the object.

How would you recommend doing it?

MIHCripto don't have #import <Foundation/Foundation.h> in root header. For example MIHCoding.h is NSObject protocol child. But in this file I can't find any way for loading <Foundation/Foundation.h>. I have a lot of build errors.

[NSData MIH_dataByBase64DecodingString:] is behaving weird. Below code will return nil while it is a valid base64 encoded string

NSString *derString = @"MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAmZruJYeMsKl6IceG\n"
                      "TB/8gZW0m+sdVb8X617zeEHzliIK4A6q9obsizLh1hvAFkqS4ir3H4VVn7pKuxpF\n"
                      "C5oVKQIDAQABAkApWzJVPmqdwfOVFrBM3KvSg+kNtb6/MGUTRQxOS4t21ybGi2Rn\n"
                      "eXU8bucIhUjETTnwgdkRr56/e/C3Mn7BOnq1AiEAyKg/sFruB0be/VW8x4dAuM/V\n"
                      "YlOk6TGRXuE2cm4uAysCIQDD+H3ZU9r8P+3+XRxucfa9p1Lf02zuQ5yBqZaq/yHu\n"
                      "+wIgeUdP70yWT6mjP6Vhi4uRL+LWSy7ZHuUJwzoGCZXUk68CIQCzo1ZhYG/NaSDV\n"
                      "WS7VwxvmD7p1OE6TPmD5rqZRSxwk/wIhAKaDoovCCJuBlVWQlAypZ+PriMqsUHVP\n"
                      "Zg54vniNK3Yv";
NSData *der = [NSData MIH_dataByBase64DecodingString:derString];

while below code decodes it correctly

NSData *der = [[NSData alloc] initWithBase64EncodedString:derString options:NSDataBase64DecodingIgnoreUnknownCharacters];

Drilling down the code, I found out that you have used 0 for NSDataBase64DecodingOptions. And for me to get it working I had to use options:NSDataBase64DecodingIgnoreUnknownCharacters. Did you use 0 beacuse of any particular reason or is it a bug?

Using RSA with large blocks of data seems to be a common issue. Some wrappers handle this by splitting the data into smaller blocks and encrypting every block separately. But since RSA isn't intended to encrypt large blocks of data this won't be implemented in this wrapper. (Better combine RSA with something like AES if you need features of both worlds.)

At the moment (RELEASE-0.3.2) the error message is:

 error: Error Domain=MIHOpenSSLErrorDomain Code=67522668 "OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)" UserInfo=0x170275700 {NSLocalizedDescription=OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)}

But it would be more informative if it would be something more descriptive.

Writing some sample and/or wiki page on how to use AES and RSA in combination would be a good idea too.

Hi,

First, thanks for your awesome tool.
I'm trying to sign a string with SHA256 as below.
,,,

NSData *messageData = [message dataUsingEncoding:NSUTF8StringEncoding];
NSData *signature = [[keyPair private] signWithSHA256:messageData error:&signingError];

,,,

There is no signing error and the signature variable in not nil.
I need the signature as a base64 encoded string but when I wanna convert the signature to string none of the below solutions works and all of them returns nil.

,,,

NSString *str1=[[NSString alloc]initWithData:signature encoding:NSUTF8StringEncoding];
NSString* str2 = [NSString stringWithUTF8String:(char *)[signature bytes]];
NSString* str3 = [NSString stringWithUTF8String:[signature bytes]];

,,,

Appreciate any help,
Thanks

Hi!
Is it possible to decode / encode data with OAEPWithSHA1AndMGF1Padding?

Hi,
could you pls help me to resolve the issue - the real device works perfect, but when I'm trying to run my project with this lib on a Simulator there is an error:
...MyProject/Pods/OpenSSL-Universal/lib-ios/libcrypto.a(cryptlib.o), building for iOS simulator, but linking in object file built for OSX, for architecture x86_64

Thank you!

This is how I generated keys:

MIHRSAKeyFactory *factory = [[MIHRSAKeyFactory alloc] init];
factory.preferedKeySize = MIHRSAKey1024;
MIHKeyPair *pair = [factory generateKeyPair];
NSData *publicKeyData = [pair.publicKey dataValue];
NSData *privateKeyData = [pair.privateKey dataValue];

This is how I am crypting data:

MIHRSAPublicKey *key = [[MIHRSAPublicKey alloc] initWithData:publicKeyData];
NSError *error = nil;
NSData *encryptedData = [key encrypt:uncryptedData error:&error];
if (error) {
    NSLog(@"RSA encryption error: %@", error);
}

With this values:

publicKeyData: <30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00b2ebde 4d1102b1 e68f7c45 6f60da11 b302e42e 0e9edb2f 14679fd5 a2014d28 2c57e6f3 720d4b10 e8bdbeb5 3908adf4 c2fcc554 8e6ec71e 57ef890d 47eb4002 89347c72 1b0d9726 c0f6a887 62f966ac 4af23f73 975d7bde c23a5a5e bb0489b0 af55b4fe 6c227176 d85b930d 2e5d14d8 b8ce3422 2a0f5c9a 8a72cd27 72a37639 41020301 0001>
uncryptedData: <48656c6c 6f20776f 726c6421>
encryptedData: <6b23f42f d4bfe6ea fc86eb17 ac74823b 33eea0f1 341c455e b5db77f8 d9a16ad8 4ca76823 ac06392f 288eddb5 ecc4a30e 989611ff 666fbcec 6851900b 2db8e193 654e09c1 577b4346 fea540d0 ee90c689 08b48306 a663a1a8 3adb8d1d 571b1e4b 101075c7 7afde10b 5339ac96 7a64334f 213dc282 0d6d5401 8e85dcb3 8327ef53>
error: nil

This is how I am trying to decrypt data:

MIHRSAPrivateKey *key = [[MIHRSAPrivateKey alloc] initWithData:privateKeyData];
NSError *error = nil;
NSData *decryptedData = [key decrypt:encryptedData error:&error];
if (error) {
    NSLog(@"RSA decryption error: %@", error);
}

With this values:

privateKeyData: <2d2d2d2d 2d424547 494e2050 52495641 5445204b 45592d2d 2d2d2d0a 4d494943 64674942 4144414e 42676b71 686b6947 39773042 41514546 41415343 416d4177 67674a63 41674541 416f4742 414c4c72 336b3052 4172486d 6a337846 0a623244 6145624d 43354334 4f6e7473 76464765 66316149 42545367 73562b62 7a636731 4c454f69 39767255 35434b33 3077767a 46564935 75787835 5837346b 4e0a522b 7441416f 6b306648 4962445a 636d7750 616f6832 4c355a71 784b386a 397a6c31 31373373 4936576c 36374249 6d777231 57302f6d 77696358 62595735 4d4e0a4c 6c305532 4c6a4f4e 43497144 31796169 6e4c4e4a 334b6a64 6a6c4241 674d4241 41454367 59417764 4266626e 774f7630 64534276 76774f71 6e2b6f6a 74766b0a 62536b77 436d766f 4e437a53 6c712b69 64582f49 6c353048 5a4a444c 74726279 744f4e59 324c5146 61427369 42335839 44617463 33692f66 305a4864 796c2f66 0a723437 716b4f74 37683550 4a676862 3562674f 2b6a7057 4f697974 367a6e66 6f66566f 744b5763 4c5a5867 50747537 6e454e58 362b4239 6e4f6f62 68506b4c 350a316e 4e6d7451 59724438 4d2f3135 644c7751 4a42414e 69576642 67655075 7963464f 4f4d7973 68306655 4d66566d 3056386e 456b5935 44555252 43586c58 48390a75 644a5a51 78413257 78646330 48585a4f 57727073 35745366 65396642 46457156 524d6b7a 63665a4a 47554351 51445465 72736367 38523336 466f4631 7672690a 45566a4a 35662f6c 75334857 3865637a 75632b38 39796979 664f7564 572f766f 78466344 47625550 54712f48 39705432 5772374f 6a436342 377a5061 734f532b 0a715932 74416b41 37635a6e 66654c57 6d645051 61752f4b 50373844 4e596c56 7a48526e 7353614e 32425878 72494639 6f364d31 4f575364 5a314d46 4e655444 520a6c32 76313175 78766a63 56347043 686f4b6d 6b744675 58506d74 3474416b 4541752b 51594b44 352b4b52 6138484f 496a4a77 58496743 456b4759 56506f47 78750a51 55752b59 534b712b 7548344b 47675953 58646634 335a4d6f 7077446d 304c656d 48364a64 6c4f5a4f 4b504179 33564d31 6f556f52 514a4142 55722b61 49327a0a 4e4f4263 37325a38 4c78446c 7948396e 63503641 78367959 3366782f 6b446356 76652f63 4d78534d 39416a70 686a5333 516d654f 4c5a3059 52472f75 694d5058 0a4b4246 73583739 6a767369 6442673d 3d0a2d2d 2d2d2d45 4e442050 52495641 5445204b 45592d2d 2d2d2d0a>
encryptedData: <6b23f42f d4bfe6ea fc86eb17 ac74823b 33eea0f1 341c455e b5db77f8 d9a16ad8 4ca76823 ac06392f 288eddb5 ecc4a30e 989611ff 666fbcec 6851900b 2db8e193 654e09c1 577b4346 fea540d0 ee90c689 08b48306 a663a1a8 3adb8d1d 571b1e4b 101075c7 7afde10b 5339ac96 7a64334f 213dc282 0d6d5401 8e85dcb3 8327ef53>
decryptedData: nil
error: Error Domain=MIHOpenSSLErrorDomain Code=67522668 "OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)" UserInfo=0x170275700 {NSLocalizedDescription=OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)}

Can you help me with this error?

Hi,

I have to exchange keys with the server (in JAVA using bouncycastle) and my iOS app. So the server has the key size issue and send me the key in blocks (each one encrypted with my public key). The problem is that when I want to decrypt one of these blocks I get the error

"Size of data to encrypt must not exceed size of RSA key. ...."

But I don't really understand why because each block is smaller that the size of my key. Here is my code:

MIHRSAKeyFactory* factory = [[MIHRSAKeyFactory alloc] init];
factory.preferedKeySize = MIHRSAKey1024;
MIHKeyPair *keyPair = [factory generateKeyPair];
clientPrivateKey = keyPair.private;
clientPublicKey = keyPair.public;
...
[self postOperation:@"exchangekey" params:params onCompletion:^(NSDictionary *json)
 {
     NSError *error = nil;
     NSString* dataStr = [[[json objectForKey:@"chains"] objectAtIndex:0] objectForKey:@"chain"];
     NSData* data2 = [dataStr dataUsingEncoding:NSUTF8StringEncoding];
     [self log:[NSString stringWithFormat:@"Server response (%ld): %@",data2.length,data2]];
     //NSData* data = [NSData dataWithData:[[[json objectForKey:@"chains"] objectAtIndex:0] objectForKey:@"chain"]];
     [clientPrivateKey decrypt:data2 error:&error];
     [self log:[NSString stringWithFormat:@"Decript error: %@",error.description]];
 }];

And the log shows this

Server response (256): <37653734 38363964 65386134 36663930 66656530 35356230 65393937 64626432 66343032 65333061 35373437 62626361 34316133 61643262 39373037 36353230 65343765 66656266 33666433 63323537 62303634 39613461 30613034 37666161 32303862 34313331 30353239 30323163 35303966 39333833 30383332 64366662 65323433 33623862 33326532 61616330 62613239 63653161 33356230 39373831 65316430 33373961 33623838 30633532 37393732 39663235 63363332 34653732 32333031 64326662 35366264 33633835 61323533 37363235 35613836 30613863 65396533 33633835 61363330 35666333 33386263 63383962 30636632 30336535>
Decript error: Error Domain=MIHOpenSSLErrorDomain Code=67522668 "Size of data to encrypt must not exceed size of RSA key. If you want to securly encrypt large blocks of data combine RSA with AES. (See #24 for more details about that topic.)" UserInfo=0x7fb4edb8f390 {NSLocalizedDescription=Size of data to encrypt must not exceed size of RSA key. If you want to securly encrypt large blocks of data combine RSA with AES. (See #24 for more details about that topic.)}

Any ideas on what I'm doing wrong?

Is my first try with this lib and this kind of encryption so apologies in advance if this is a simple newbie error.

I am getting the error message when installing the pods:

[!] The 'Pods-...' target has transitive dependencies that include static binaries: (.../OpenSSL-Universal/lib-osx/libcrypto.a and .../OpenSSL-Universal/lib-osx/libssl.a)

My podfile is:

target 'Transfer' do
  pod 'MIHCrypto'
  use_frameworks!
end

Hi @hohl ,

I know CBC mode for AES encryption is much secure than ECB mode, but as the server I'm connecting to has ECB mode of encryption/decryption I'm forced to use the same on the iOS client. Can you give me some pointers on implementing ECB mode in the MIHCrypto ?

Due to the documentation there shouldn't be any breaking changes in OpenSSL-1.0.1.l. If all unit tests run fine, update should be done.

Hello,
I'm trying to use MIHCrypto and so far seems good for me.
The only problem I'm having right now is saving the key pair somewhere.
In my app I'm using an encrypted database, so my first thinking was saving there the keys. No problems with the public key, but when I try to save the private key it just does not work.
I'm trying to save the 'privateKey.dataValue' to the DB but for some reasons it doesn't work.
I've tried to save it as [NSKeyedArchiver archivedDataWithRootObject:privateKey] or [NSKeyedArchiver archivedDataWithRootObject:privateKey.dataValue], both with no success.
the DB column type is blob.
Any help would be greatly appreciated.
Thanks.