Databases
StackOverflow2013
Postsdbo
POStrange SecKeyEncrypt behaviour
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POStrange SecKeyEncrypt behaviour
    primarykey
    data
    text
    <p>I'm trying to implement RSA encryption with PKCS1 padding using SecKeyEncrypt function.</p> <p>The code is following:</p> <pre><code>NSData *encryptText(NSString *text, SecKeyRef publicKey) { NSCParameterAssert(text.length &gt; 0); NSCParameterAssert(publicKey != NULL); NSData *dataToEncrypt = [text dataUsingEncoding:NSUTF8StringEncoding]; const uint8_t *bytesToEncrypt = dataToEncrypt.bytes; size_t cipherBufferSize = SecKeyGetBlockSize(publicKey); NSCAssert(cipherBufferSize &gt; 11, @"block size is too small: %zd", cipherBufferSize); const size_t inputBlockSize = cipherBufferSize - 11; // since we'll use PKCS1 padding uint8_t *cipherBuffer = (uint8_t *) malloc(sizeof(uint8_t) * cipherBufferSize); NSMutableData *accumulator = [[NSMutableData alloc] init]; @try { for (size_t block = 0; block * inputBlockSize &lt; dataToEncrypt.length; block++) { size_t blockOffset = block * inputBlockSize; const uint8_t *chunkToEncrypt = (bytesToEncrypt + block * inputBlockSize); const size_t remainingSize = dataToEncrypt.length - blockOffset; const size_t subsize = remainingSize &lt; inputBlockSize ? remainingSize : inputBlockSize; size_t actualOutputSize = cipherBufferSize; OSStatus status = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, chunkToEncrypt, subsize, cipherBuffer, &amp;actualOutputSize); if (status != noErr) { NSLog(@"Cannot encrypt data, last SecKeyEncrypt status: %ld", status); return nil; } [accumulator appendBytes:cipherBuffer length:actualOutputSize]; } return [accumulator copy]; } @finally { free(cipherBuffer); } } </code></pre> <p>It works perfectly on iOS 6, but fails on iOS 5, SecKeyEncrypt returns <code>-50</code> (<code>errSecParam</code>). It would work on iOS 5 if I change 11 to 12 in <code>inputBlockSize = cipherBufferSize - 11</code>. Apple doc says that input chunk length should be less or equal <code>SecKeyGetBlockSize() - 11</code> if PKCS1 padding used. But on iOS 5 it definitely requires shorter input.</p> <p>My key block size is 64, so input chunk max length is 53, according to docs. On iOS 5 only 52 or less would work.</p> <p>What's wrong with this code? Or it's iOS 5 Security.framework bug?</p> <p><strong>UPD:</strong> problem reproduces only with 512-bit key. Tried with generated 1024-bit key, code works on iOS 5 with <code>11</code></p> <p>Related Apple doc: <a href="http://developer.apple.com/library/ios/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html#//apple_ref/c/func/SecKeyEncrypt" rel="noreferrer">http://developer.apple.com/library/ios/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html#//apple_ref/c/func/SecKeyEncrypt</a></p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USNikolay Kasyanov
    1. USNikolay Kasyanov
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POStrange SecKeyEncrypt behaviour
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POStrange SecKeyEncrypt behaviour
      1. This table or related slice is empty.
      1. VTUpMod
    1. CONote to confused cryptographers - the "block size" of the RSA key refers to the byte size of the modulus: https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html#//apple_ref/c/func/SecKeyGetBlockSize
      singulars
      1. POStrange SecKeyEncrypt behaviour
      1. USDuncan Jones
    2. COPlease can you add a link to the Apple document you are reading.
      singulars
      1. POStrange SecKeyEncrypt behaviour
      1. USDuncan Jones
    3. CO@DuncanJones here it is: http://developer.apple.com/library/ios/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html#//apple_ref/c/func/SecKeyEncrypt
      singulars
      1. POStrange SecKeyEncrypt behaviour
      1. USNikolay Kasyanov
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload