iOS App Data Encryption with Public / Private Keys

Question

I am new to the subject, and would appreciate any help / direction on how to implement public / private key encryption for iOS Applications. Looks like the Security Framework will do what I need but I want to make sure I have the best advise.

Basically, User A and User B want to communicate securely. User A will have User B public key, and use that to encrypt the message. User B then gets the message and decrypts it with the private key.

So I guess the questions are:

1. What is the best way to generate the public / private keys. Would that be OpenSSL?

2. If it is OpenSSL, is there a way to do that within the iOS device, or do I need to rely on a server / outside generation for the private / public keys?

3. If generating the private / public keys outside iOS device is the only option, is this a simple matter of making the iOS device request the key files through HTTP, like a normal download?

4. When finally users have the publica and private keys, is there a simple tutorial / example showing how to encrypt and decrypt the message using RSA (Is RSA the option btw)?

Answer 1

1. Avoid OpenSSL if possible, use the Apple crypto methods on OSX/iOS.
2. On the server side OpenSSL may be your best bet.
3. You can use https to transfer keys safely.
4. The following links provide good example code:

To generate the keys use SecKeyGeneratePair() See SO Question for example code.

To get the keys for transport use SecItemCopyMatching () See SO Answer for example code.

For example code to perform RSA encryption see this SO Answer

Notes:

The private/public key are generated together on the same machine. The public key can be easily and openly shared but the issue is to authenticate the public key. https is a viable way to transfer the keys.

Generally data is not encrypted/decrypted with pubic/private keys. This is for a couple of reasons: it is very slow, it has a limited data size (limited by the key size). Generally the data is encrypted with symmetric methods such as AES and a random key and the key is encrypted with the public key, sent and decrypted with the private key. Then the that key is used to decrypt the AES encrypted actual data.

OpenSSL is no longer provided by Apple, you would need to get a version of the source you like and build it yourself. The stated reason for not providing OpenSSL is that minor versions are not backward compatible and that created issues when Apple supplies the current version and developers have apps using an incompatible older version.

For a tutorial: Google it.