I agree with Jens, that's why we opted for creating public-private key pair on device itself.
On Wed, May 14, 2014 at 8:02 PM, Jens Alfke <j...@mooseyard.com> wrote: > > On May 14, 2014, at 7:15 AM, Roland King <r...@rols.org> wrote: > >> If you ask a similar question to the original poster on any of the Apple >> Developer Forums you'll be advised not to generate key pairs on a device but >> to do it on a server (the advice will probably come from Quinn) > > That’s a weird idea. If the server creates the key-pair, then the server > knows your private key, which I would consider a major security breach. If > you’re going to trust the server with your credentials, you might as well > skip the fiddly encryption stuff altogether and save yourself a lot of work. > Otherwise the public keys and certs are just mumbo-jumbo to give the > appearance of security. > > Put another way: one of the major purposes of public-key crypto is to put you > in charge of your own encryption. You generate a key-pair locally on your > device/computer, and the private key is known only to you and never leaves > that device (except maybe inside a passcode-protected PKCS12 file.) I think > of private keys as being like nuclear fuel rods — you keep them in a heavily > shielded container (the Keychain) and never let them be exposed to daylight. > If you do that, you have a very secure system. > > —Jens > _______________________________________________ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/devarshi.bluechip%40gmail.com > > This email sent to devarshi.bluec...@gmail.com -- Thanks, Devarshi _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
