Le 14 janv. 2014 à 18:20, Jens Alfke <j...@mooseyard.com> a écrit :
> > On Jan 14, 2014, at 1:19 AM, jonat...@mugginsoft.com wrote: > >> As Jens comments the security APIs are ridiculously opaque. >> Perhaps this is seen as a necessity in the serious world of crypto - perhaps >> it is just hard to avoid. However, it is a liability. > > Crypto is inevitably sort of complex, but Apple’s to blame for some bad (and > downward-trending) API design and poor documentation. Other crypto APIs that > I’ve seen are much clearer. > >> By comparison libcrypto is pretty straightforward. >> The only problem with retaining it is the extra complexity involved in >> integrating the static library build into the project and upgrading the >> source. > > My reservation about using libcrypto would be key storage. The Keychain is a > pretty great thing — a secure place to store keys that’s well-integrated into > the OS. I don’t know how OpenSSL stores keys, but if it’s using some other > mechanism, it’s probably less secure. > > This thread should probably move to apple-cdsa (which is the > fittingly-obscure name for the security/crypto mailing list.) > Just in case it was not mentioned in the thread, SecTransform supports RSA. You can use SecEncryptTransformCreate() with an asymmetric key. Anyway, the full list of what can be done is demonstrated in the CryptoCompatibility sample code: https://developer.apple.com/library/mac/samplecode/CryptoCompatibility/Introduction/Intro.html For each possible action, it provides a way to perform it using CDSA, SecTransform, and iOS specific code. -- Jean-Daniel _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
