MYPrivateKey Class Reference

A private key, used for signing and decrypting data. More...

Inherits MYKey.

List of all members.

Public Member Functions

(NSData *) - rawDecryptData:
 Decrypts data that was encrypted using the public key.
(NSData *) - signData:
 Generates a signature of data.
(id) - _initWithKeyRef:publicKey:
(id) - _initWithKeyData:publicKeyData:forKeychain:alertTitle:alertPrompt:
(id) - _initWithKeyData:publicKeyData:forKeychain:passphrase:
(NSData *) - _exportKeyInFormat:withPEM:passphrase:
Mac-Only

Functionality not available on iPhone.

(NSData *) - exportKey
 Exports the private key as a data blob, so that it can be stored as a backup, or transferred to another computer.
(NSData *) - exportKeyInFormat:withPEM:alertTitle:alertPrompt:
 Exports the private key as a data blob, so that it can be stored as a backup, or transferred to another computer.
(MYSymmetricKey *) - unwrapSessionKey:withAlgorithm:sizeInBits:
 Decrypts a session key that was wrapped (encrypted) using my matching public key.

Static Public Member Functions

(MYPrivateKey *) + _generateRSAKeyPairOfSize:inKeychain:

Properties

MYPublicKeypublicKey
 The matching public key.
MYSHA1DigestpublicKeyDigest
 The public key's SHA-1 digest.

Detailed Description

A private key, used for signing and decrypting data.

Always paired with a matching public key in a "key-pair". MYPublicKeys are instantiated by MYKeychain: either by generating a new key-pair, by looking up a key-pair by its attributes, or by importing a key-pair from data.


Member Function Documentation

- (NSData *) exportKey  

Exports the private key as a data blob, so that it can be stored as a backup, or transferred to another computer.

Since the key is sensitive, it must be exported in encrypted form using a user-chosen passphrase. This method will display a standard alert panel, run by the Security agent, that prompts the user to enter a new passphrase for encrypting the key. The same passphrase must be re-entered when importing the key from the data blob. (This is a convenient shorthand for the full exportPrivateKeyInFormat... method. It uses OpenSSL format, wrapped with PEM, and a default title and prompt for the alert.)

- (NSData *) exportKeyInFormat: (SecExternalFormat)  format
withPEM: (BOOL)  withPEM
alertTitle: (NSString*)  alertTitle
alertPrompt: (NSString*)  prompt 

Exports the private key as a data blob, so that it can be stored as a backup, or transferred to another computer.

Since the key is sensitive, it must be exported in encrypted form using a user-chosen passphrase. This method will display a standard alert panel, run by the Security agent, that prompts the user to enter a new passphrase for encrypting the key. The same passphrase must be re-entered when importing the key from the data blob.

Parameters:
format The data format: kSecFormatOpenSSL, kSecFormatSSH, kSecFormatBSAFE or kSecFormatSSHv2.
withPEM YES if the data should be encoded in PEM format, which converts into short lines of printable ASCII characters, suitable for sending in email.
alertTitle An optional title for the alert panel. (Currently ignored by the OS?)
prompt An optional prompt message to display in the alert panel.
- (NSData *) rawDecryptData: (NSData*)  data  

Decrypts data that was encrypted using the public key.

See the description of -[MYPublicKey encryptData:] for warnings and caveats. This method is usually used only to decrypt a symmetric session key, which then decrypts the rest of the data.

- (NSData *) signData: (NSData*)  data  

Generates a signature of data.

(What's actually signed using RSA is the SHA-256 digest of the data.) The resulting signature can be verified using the matching MYPublicKey's verifySignature:ofData: method.

- (MYSymmetricKey *) unwrapSessionKey: (NSData*)  wrappedData
withAlgorithm: (CCAlgorithm)  algorithm
sizeInBits: (unsigned)  sizeInBits 

Decrypts a session key that was wrapped (encrypted) using my matching public key.

Parameters:
wrappedData The wrapped/encrypted session key
algorithm The algorithm of the original session key
sizeInBits The key size (in bits) of the original session key
Returns:
The reconstituted session key

Property Documentation

- (MYPublicKey*) publicKey [read, assign]

The matching public key.

Always non-nil.

- (MYSHA1Digest *) publicKeyDigest [read, assign]

The public key's SHA-1 digest.

This is a convenient short (20-byte) identifier for the key pair. You can store it in your application data, and then later look up either key using MYKeychain methods.


The documentation for this class was generated from the following files:
Generated on Sun Apr 17 12:23:58 2011 for MYCrypto by  doxygen 1.6.3