Re: [aerogear-dev] iOS Crypto findings

Aloha, looks like Apple wants to hide all the good crypto! Have you got the chance to look at this? https://github.com/rnapier/RNCryptor I also see some developers using OpenSSL as an alternative. My suggestion: a) If you think this item is tricky to implement atm consider AES with CBC or AES with CCM (We can support it on the server if necessary). I was trying to find which modes is currently supported but looks like the documentation is super safe, because I can't find it b) It can be done with OpenSSL in the worst case scenario (not saying is a piece of cake to do, just possible). Let's start simple first. Regarding http://www.cryptopp.com/ looks like they have all that we need, maybe worth to take a look at this. What do you think? Off the top of my head I only can see 3 alternatives: 1- Implement encryption with what CommonCrypto provides 2- Try cryptopp or another alternative 3- Implement it with OpenSSL. For example SilentCircle make use of PolarSSL https://github.com/SilentCircle/silent-phone-base/tree/master/libs. I'm not saying to do the same, just an example. > Christos Vasilakis <mailto:cvasilak@gmail.com> > October 10, 2013 2:29 PM > Hi team, > > I am digging on the CommonCrypto API and I found some issues. > Specifically: > > a) GCM mode for AES symmetric encryption is part of a private API. > See [1] the public interface of the current definitions of supported > modes of operation. 'kCCModeGCM' is missing _although_ digging on the > source code of the apple's web site it is defined in [2] 'private' > (The file is included from a private interface here [3]). Also here > is the implementation of the GCM mode in [4] and test cases that > exercise it [5]. Not sure why Apple left it out in public. On my > search, one area in which they use this mode is on the KeyChain from > iOS 5 onwards, see 'KeyChain' section here [6] > > b) Generation of asymmetric ECC keys and encryption is supported by > CommonCrypto but _again_ under a private interface, see [7] and [8]. > ECC is used in the protection class > 'NSFileProtectionCompleteUnlessOpen' according to the iOS Security doc > here [9]. In the meeting there was a plan B for it, RSA with Diffie > Hellman. I am looking at it, but to my current knowledge is supported > if you trust the apple docs here [10] > > My worry is how can we proceed with the first issue. > > As a side note, during my search I discovered Crypto++ [11] , which > seems to offer many of the features we are trying to support. Con is a > C++ interface although an iOS distribution of it exists (see [12]), > and there is an iOS wiki page in the library home page [13]. Needs > more research. > > Thanks, > Christos > > > [1] https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-... > [2] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/Comm... > [3] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/Comm... > [4] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/... > [5] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegressio... > [6] http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates > [7] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/Comm... > [8] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/... > [9] http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf > [10]https://developer.apple.com/library/ios/documentation/security/concept... > [11] http://www.cryptopp.com <http://www.cryptopp.com/> > [12] https://github.com/noloader/cryptopp-5.6.2-ios > [13] http://www.cryptopp.com/wiki/IOS_(Xcode) > <http://www.cryptopp.com/wiki/IOS_%28Xcode%29> > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev -- abstractj _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev