1. Sirius Dely
  2. MYCrypto

Source

MYCrypto /

Filename Size Date modified Message
iPhone
MYCrypto.xcodeproj
Tests
113 B
* MYDigest.algorithm returns CCHmacAlgorithm type now on iOS.
184 B
Added tag v0.5 for changeset 38b63726395d
2.0 KB
Cleanup: fix header comments, remove obsolete files.
7.0 KB
Cleanup: fix header comments, remove obsolete files.
675 B
Various fixes & improvements, including ability to check signatures using algorithms other than SHA-1 (and load certs that use other algorithms), and support for accessing cert extensions like key-usage.
13.5 KB
Compatibility with Xcode 4.3
8.0 KB
Updated API docs.
17.3 KB
Commented out some overly verbose logging checking cert trust.
8.6 KB
* MYCertificateInfo refactoring: moved MYCertificateExtensions API into the main class itself, which makes more sense.
25.7 KB
Compatibility with Xcode 4.3
10.3 KB
Compatibility with Xcode 4.3
728 B
* Added MYEncoder/Decoder (CMS)
2.8 KB
* Some cleanup. Got the test cases to pass again.
272 B
* Added ASN.1 / BER / DER utilities, to be used in generating and parsing X.509 certs.
282 B
Fixed a few leaks and unnecessary variables reported by the static analyzer.
552 B
More work, mostly on documentation.
20.7 KB
Compatibility with Xcode 4.3
401 B
Fixed a few leaks and unnecessary variables reported by the static analyzer.
272 B
Cleanup: fix header comments, remove obsolete files.
5.2 KB
* MYDigest.algorithm returns CCHmacAlgorithm type now on iOS.
315 B
Fixed a few leaks and unnecessary variables reported by the static analyzer.
397 B
Cleanup: fix header comments, remove obsolete files.
4.3 KB
Cleanup: fix header comments, remove obsolete files.
11.3 KB
Compatibility with Xcode 4.3
524 B
Whew! MYParsedCertificate can now generate certs from scratch. Also added improvements and fixes to the BER/DER codecs.
15.1 KB
Compatibility with Xcode 4.3
6.0 KB
Cleanup: fix header comments, remove obsolete files.
12.0 KB
Compatibility with Xcode 4.3
4.3 KB
* MYDigest.algorithm returns CCHmacAlgorithm type now on iOS.
8.7 KB
* MYDigest.algorithm returns CCHmacAlgorithm type now on iOS.
3.2 KB
* Added MYEncoder/Decoder (CMS)
6.8 KB
* Fixed bug in MYIdentityEnumerator: if it hit an identity whose cert wouldn't verify, it wouldn't return any following valid identities. It also leaked its ref.
1.6 KB
Added certificate/identity import APIs.
7.9 KB
Compatibility with Xcode 4.3
7.1 KB
Compatibility with Xcode 4.3
3.6 KB
Oops, two of my earlier fixes actually broke the iPhone build. Fixed that. Also updated the iPhone project to update the default SDK and fix a path.
10.7 KB
Compatibility with Xcode 4.3
13.8 KB
Compatibility with Xcode 4.3
8.0 KB
* MYDigest.algorithm returns CCHmacAlgorithm type now on iOS.
17.9 KB
Compatibility with Xcode 4.3
1.1 KB
Whew, lots and lots of changes accumulated over the past few weeks. Mostly fixes for bugs I discovered while retrofitting Cloudy to use MYCrypto.
9.7 KB
Compatibility with Xcode 4.3
1.8 KB
Updated API docs.
5.0 KB
Compatibility with Xcode 4.3
672 B
Various fixes & improvements, including ability to check signatures using algorithms other than SHA-1 (and load certs that use other algorithms), and support for accessing cert extensions like key-usage.
6.1 KB
* MYDigest.algorithm returns CCHmacAlgorithm type now on iOS.
4.0 KB
* Created class MYCertificateRequest, factored out of MYCertificateInfo.
14.1 KB
Compatibility with Xcode 4.3
3.8 KB
Various fixes & improvements, including ability to check signatures using algorithms other than SHA-1 (and load certs that use other algorithms), and support for accessing cert extensions like key-usage.
8.0 KB
Various fixes & improvements, including ability to check signatures using algorithms other than SHA-1 (and load certs that use other algorithms), and support for accessing cert extensions like key-usage.
7.9 KB
Compatibility with Xcode 4.3
4.6 KB
Added MYMockKeys (unit testing helper). Fixed a Clang compile error. Took out a useless NSLog.
24.0 KB
Compatibility with Xcode 4.3
4.1 KB
Added README.md (for GitHub)
165.2 KB
Various fixes & improvements, including ability to check signatures using algorithms other than SHA-1 (and load certs that use other algorithms), and support for accessing cert extensions like key-usage.
2.1 KB
Updated API docs.

MYCrypto

Version 0.51 — 12 May 2012

By Jens Alfke

Introduction

MYCrypto is a high-level cryptography API for Mac OS X and iPhone. It's an Objective-C wrapper around the system Keychain and CSSM APIs, which are notoriously hard to use, as well as CommonCrypto, which is easier but quite limited.

MYCrypto gives you easy object-oriented interfaces to:

  • Symmmetric cryptography (session keys and password-based encryption)
  • Asymmetric cryptography (public and private keys; digital signatures)
  • Creating and managing X.509 certificates (for use with SSL, S/MIME and CMS)
  • Cryptographic digests/hashes (effectively-unique IDs for data)
  • The Keychain (a secure, encrypted storage system for keys and passwords)
  • Cryptographic Message Syntax [CMS] for signing/encrypting data
  • Parsing and generating ASN.1, BER and DER (the weird binary data formats used by crypto standards)

It's open source, released under a friendly BSD license.

Setup

Kindly direct your eyes to the Setup page...

Overview

The class hierarchy of MYCrypto looks like this:

  • MYKeychain
  • MYKeychainItem
  • MYKey
    • MYSymmetricKey
    • MYPublicKey
    • MYPrivateKey
    • MYCertificate
    • MYIdentity
  • MYDigest
  • MYSHA1Digest
  • MYSHA256Digest
  • MYCryptor
  • MYEncoder
  • MYDecoder
  • MYSigner
  • MYCertificateInfo
  • MYCertificateRequest

(Italicized classes are abstract.)

Examples

Please see the Examples page.

Current Limitations

  • Certificate generation only supports self-signed certs, not cert requests sent to an external signer.
  • Some functionality doesn't work on iPhone. The security APIs in iOS are new and rather poorly documented and poorly understood by me. Specifically, anything involving keys not stored in a keychain is unlikely to work. This is mostly an issue with symmetric session keys.

Current API limitations, to be remedied in the future:

  • No API for accessing Keychain passwords; fortunately there are several other utility libraries that provide this. And if your code is doing cryptographic operations, it probably needs to store the keys themselves, not passwords.
  • Error reporting is too limited. Most methods indicate an error by returning nil, NULL or NO, but don't provide the standard "out" NSError parameter to provide more information. Expect the API to be refactored eventually to remedy this.
  • Some functionality is not available on iOS, generally because there is no underlying API for it on that platform, or because the API is different from the Mac OS API and I haven't written wrapper code for it yet.

References