ECC Curve25519 钥匙串
[英]ECC Curve25519 KeyChain
问题描述
I'm trying to create Curve25519 keys using the KeyChain on iOS.
我正在尝试使用 iOS 上的 KeyChain 创建 Curve25519 密钥。 I am aware of the existence of CryptoKit, unfortunately, that is not available for iOS 12. Is there a way to create a Curve25519 key pre CryptoKit, maybe a parameter I'm missing when generating it in the KeyChain?我知道 CryptoKit 的存在,不幸的是,它不适用于 iOS 12。有没有办法在 CryptoKit 之前创建一个 Curve25519 密钥,也许我在 KeyChain 中生成它时缺少一个参数? The code below will only generate the P-256 keys.下面的代码只会生成 P-256 密钥。
let attributes: [String: Any] = [
String(kSecClass): kSecClassKey,
String(kSecAttrKeyType): kSecAttrKeyTypeECSECPrimeRandom,
String(kSecAttrKeySizeInBits): 256
]
var error: Unmanaged<CFError>?
let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error)
print(privateKey ?? error!.takeUnretainedValue())
1 个解决方案
解决方案1
4 已采纳 2020-10-23 08:09:13
Apple's old core crypto lib CommonCrypto doesn't support modern curves like curve25519 and quite frankly is a total mess, littered with insecure ciphers, they aren't even clear on the actual curve equations being used. Apple 的旧核心加密库CommonCrypto不支持像curve25519这样的现代曲线,坦率地说,这完全是一团糟,散布着不安全的密码,他们甚至不清楚正在使用的实际曲线方程。
Additionally, although CryptoKit supports curve25519 for key exchange, it's still limited, for example, you cannot use the "Secure Enclave" to generate curve25519 keys, only P-256 , which is likely backdoored (just look at the curve co-efficients), despite all financial institutions seemingly loving it.另外,虽然CryptoKit支持curve25519进行密钥交换,但它仍然是有限的,例如,你不能使用“Secure Enclave”来生成curve25519密钥,只有P-256 ,这很可能是后门的(看看曲线curve25519 ),尽管所有金融机构似乎都喜欢它。
Ultimately a curve25519 private key is just a large ( 2^256 ) number (though it is "clamped" before use), so if you just need to generate keys, you can do this with SecRandomCopyBytes .最终, curve25519私钥只是一个大 ( 2^256 ) 数字(尽管它在使用前被“限制”了),因此如果您只需要生成密钥,您可以使用SecRandomCopyBytes来做到这SecRandomCopyBytes 。
Though, if as I suspect you want to do some X25519 KEX or EdDSA signature over 25519 , then just use libsodium .不过,如果因为我怀疑你想要做一些X25519 KEX或EdDSA在签名25519 ,那么就使用libsodium 。 It's the goto library for NaCl , there is a really great interface in Swift written by the original libsodium author, called swift-sodium , I've used it and it's great.它是NaCl的 goto 库,在Swift有一个由libsodium原作者编写的非常棒的界面,称为swift-sodium ,我用过它,它很棒。 It also supports iOS 12+.它还支持 iOS 12+。
Generating keys in libsodium for curve25519 is as simple as:在libsodium为curve25519生成密钥非常简单:
import Sodium
let sodium = Sodium()
let curve25519KeyPair = sodium.box.keyPair()
let privateKey = curve25519KeyPair!.secretKey
let publicKey = curve25519KeyPair!.publicKey
You can then manually store in KeyChain.然后您可以手动存储在 KeyChain 中。
Shout if you need further help, and good choice using 25519 .如果您需要进一步的帮助,请25519 ,使用25519不错的选择。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.