• Overview
• Downloads (0)
• Source
• Changesets
• Wiki
• Issues (3) »
  • New issues
  • Open issues
  • Closed issues
  • All issues
  • Advanced query
  • Create new issue
• Forks/Queues (1)
• Followers (11)

MYCrypto

Version 0.4 — 6 June 2009

By Jens Alfke

Introduction

MYCrypto is a high-level cryptography API for Mac OS X and iPhone. It's an Objective-C wrapper around the system Keychain and CSSM APIs, which are notoriously hard to use, as well as CommonCrypto, which is easier but quite limited.

MYCrypto gives you easy object-oriented interfaces to:

• Symmmetric cryptography (session keys and password-based encryption)
• Asymmetric cryptography (public and private keys; digital signatures)
• Creating and managing identity certificates (for use with SSL and CMS)
• Cryptographic digests/hashes (effectively-unique IDs for data)
• The Keychain (a secure, encrypted storage system for keys and passwords)
• Cryptographic Message Syntax [CMS] for signing/encrypting data
• Parsing and generating ASN.1, BER and DER (the weird binary data formats used by crypto standards)

It's open source, released under a friendly BSD license.

Setup

Kindly direct your eyes to the Setup page...

Overview

The class hierarchy of MYCrypto looks like this:

• MYKeychain
• MYKeychainItem
  • MYKey
    • MYSymmetricKey
    • MYPublicKey
    • MYPrivateKey
    • MYCertificate
      • MYIdentity
• MYDigest
  • MYSHA1Digest
  • MYSHA256Digest
• MYCryptor
• MYEncoder
• MYDecoder
• MYSigner
• MYCertificateInfo
  • MYCertificateRequest

(Italicized classes are abstract.)

Examples

Please see the Examples page.

Current Limitations

First off, the biggest caveat of all:

• MYCrypto 0.4 is new code and has not yet been used in any real projects. Expect bugs. (I'm talking about my wrapper/glue code. The underlying cryptographic functionality provided by the OS is robust.)

Further issues with the 0.4 release:

• MYCrypto does not yet work on the iPhone. It currently builds, but runs into problems at runtime. I'm currently trying to figure these out. (The iPhone OS Security APIs are very different from the Mac OS X ones, and I'm much less familiar with them.) However, it does work in the iPhone Simulator, which uses the OS X APIs.

Current API limitations, to be remedied in the future:

• No API for accessing passwords; fortunately there are several other utility libraries that provide this. And if your code is doing cryptographic operations, it probably needs to store the keys themselves, not passwords.
• No evaluation of trust in certificates (i.e. SecTrust and related APIs.)
• Error reporting is too limited. Most methods indicate an error by returning nil, NULL or NO, but don't provide the standard "out" NSError parameter to provide more information. Expect the API to be refactored in the near future to remedy this.

References

• Security Overview (Apple)
• Secure Coding Guide (Apple)

• Common Security: CDSA and CSSM, Version 2 (The Open Group)
• A Layman's Guide to a Subset of ASN.1, BER, and DER (Burton S. Kaliski Jr.)
• X.509 Style Guide (Peter Gutmann)

• Practical Cryptography (Ferguson and Schneier)
• Handbook of Applied Cryptography (Menezes, van Oorschot, Vanstone) — free download!
• The Devil's InfoSec Dictionary (CSO Online)