Reputation: 393
Is there any example for use ECC in iOS?
I noticed that the kSecAttrKeyTypeEC in Apple Developer Documents, but I can't use it to generic Key pair.
Below code is modified from the example CryptoExercise
// Container dictionaries.
NSMutableDictionary * privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * keyPairAttr = [[NSMutableDictionary alloc] init];
// Set top level dictionary for the keypair.
[keyPairAttr setObject:(id)kSecAttrKeyTypeEC forKey:(id)kSecAttrKeyType];
[keyPairAttr setObject:[NSNumber numberWithUnsignedInteger:keySize] forKey:(id)kSecAttrKeySizeInBits];
// Set the private key dictionary.
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecAttrIsPermanent];
[privateKeyAttr setObject:privateTag forKey:(id)kSecAttrApplicationTag];
// See SecKey.h to set other flag values.
// Set the public key dictionary.
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecAttrIsPermanent];
[publicKeyAttr setObject:publicTag forKey:(id)kSecAttrApplicationTag];
// See SecKey.h to set other flag values.
// Set attributes to top level dictionary.
[keyPairAttr setObject:privateKeyAttr forKey:(id)kSecPrivateKeyAttrs];
[keyPairAttr setObject:publicKeyAttr forKey:(id)kSecPublicKeyAttrs];
// SecKeyGeneratePair returns the SecKeyRefs just for educational purposes.
sanityCheck = SecKeyGeneratePair((CFDictionaryRef)keyPairAttr, &publicKeyRef, &privateKeyRef);
LOGGING_FACILITY( sanityCheck == noErr && publicKeyRef != NULL && privateKeyRef != NULL, @"Something really bad went wrong with generating the key pair." );
The sanityCheck always return -50 which means 'errSecParam'.
I really don't know how to use it, thank you for read this.
Upvotes: 11
Views: 4926
Reputation: 17902
CryptoKit now supports Ed25519 in iOS13+
Upvotes: 0
Reputation: 1735
NSDictionary *parameters = @{
(__bridge id)kSecAttrKeyType: (__bridge id)kSecAttrKeyTypeEC,
(__bridge id)kSecAttrKeySizeInBits: @256,
(__bridge id)kSecPrivateKeyAttrs: @{
(__bridge id)kSecAttrIsPermanent: @YES,
(__bridge id)kSecAttrApplicationTag: [@"my.key.tag" dataUsingEncoding:NSUTF8StringEncoding],
(__bridge id)kSecPublicKeyAttrs: @{
(__bridge id)kSecAttrIsPermanent: @YES,
(__bridge id)kSecAttrApplicationTag: [@"my.key.pubtag" dataUsingEncoding:NSUTF8StringEncoding],
SecKeyRef publicKey, privateKey;
OSStatus status = SecKeyGeneratePair((__bridge CFDictionaryRef)parameters, &publicKey, &privateKey);
This works, double check your key size parameter.
Just a note, currently EC keys can only be used for signing/verifying data. Encryption/decryption returns errSecUnimplemented = -4.
Upvotes: 1