iOS 암호화 및 서명 관련 함수 정리
<키생성>
SecKeyCreateRandomKey()
* 대칭키
// private key parameters
let privateKeyParams: [String: AnyObject] = [
kSecAttrCanDecrypt as String: true as AnyObject,
kSecAttrIsPermanent as String: true as AnyObject,
]
// global parameters for our key generation
let parameters: [String: AnyObject] = [
kSecAttrKeyType as String: kSecMessECCKeyType,
kSecAttrKeySizeInBits as String: kSecMessECCKeySize as AnyObject,
kSecAttrLabel as String: kSecMessECCLabel as AnyObject,
kSecPrivateKeyAttrs as String: privateKeyParams as AnyObject
]
guard
let eCCPrivKey = SecKeyCreateRandomKey(parameters asCFDictionary, nil) else {
print("ECC KeyGen Error!")
return""
}
guard
let eCCPubKey = SecKeyCopyPublicKey(eCCPrivKey) else {
print("ECC Pub KeyGen Error")
return""
}
* 비대칭키
guard
let aclObject = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
.privateKeyUsage,
nil
) else {
print("could not create ACL error")
return""
}
// private key parameters
let privateKeyParams: [String: AnyObject] = [
kSecAttrAccessControl as String: aclObject as AnyObject, //protect with touch id
kSecAttrIsPermanent as String: true as AnyObject,
]
// global parameters for our key generation
let parameters: [String: AnyObject] = [
kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
kSecAttrKeyType as String: kSecMessECCKeyType,
kSecAttrKeySizeInBits as String: kSecMessECCKeySize as AnyObject,
kSecAttrLabel as String: kSecMessECCSignLabel as AnyObject,
kSecPrivateKeyAttrs as String: privateKeyParams as AnyObject
]
guard
let eCCPrivKey = SecKeyCreateRandomKey(parameters asCFDictionary, nil) else {
print("ECC KeyGen Error!")
return""
}
guard
let eCCPubKey = SecKeyCopyPublicKey(eCCPrivKey) else {
print("ECC Pub KeyGen Error")
return""
}
<암호화>
SecKeyCreateEncryptedData
guard
let messageData = message.data(using: String.Encoding.utf8) else {
print("ECC bad message to encrypt")
return""
}
guard
let encryptData = SecKeyCreateEncryptedData(
newPublicKey,
SecKeyAlgorithm.eciesEncryptionStandardX963SHA256AESGCM,
messageData as CFData,
nil) else {
print("pub ECC error encrypting")
return""
}
let encryptedData = encryptData as Data
let encryptedString = encryptedData.base64EncodedString(options: [])
print("pub encrypted string", encryptedString)
return encryptedString
<복호화>
SecKeyCreateDecryptedData
guard
let messageData = Data(base64Encoded: encryptedString, options: []) else {
print("ECC bad message to decrypt")
return""
}
guard
let decryptData = SecKeyCreateDecryptedData(
eCCPrivateKey!,
SecKeyAlgorithm.eciesEncryptionStandardX963SHA256AESGCM,
messageData asCFData,
nil) else {
print("priv ECC error decrypting")
return""
}
let decryptedData = decryptData asData
guard
let decryptedString = String(data: decryptedData, encoding: String.Encoding.utf8) else {
print("ECC decrypt could not get string")
return""
}
print("priv ECC decrypted string", decryptedString)
return decryptedString
<서명>
SecKeyCreateSignature()
guard
let messageData = message.data(using: String.Encoding.utf8) else {
print("bad message to sign")
return""
}
//finger print proteted SHA256 X 96
guard
let signData = SecKeyCreateSignature(
eCCSignPrivateKey!,
SecKeyAlgorithm.ecdsaSignatureMessageX962SHA256,
messageData asCFData, nil) else {
print("priv ECC error signing")
return""
}
//convert signed to base64 string
let signedData = signData as Data
let signedString = signedData.base64EncodedString(options: [])
print("priv signed string", signedString)
return signedString
SecKeyVerifySignature()
guard
let messageData = message.data(using: String.Encoding.utf8) else {
print("ECC bad message to verify")
returnfalse
}
guard
let signatureData = Data(base64Encoded: signatueString, options: []) else {
print("ECC bad signature to verify")
returnfalse
}
let verify = SecKeyVerifySignature(
newPublicKey,
SecKeyAlgorithm.ecdsaSignatureMessageX962SHA256,
messageData as CFData,
signatureData as CFData,
nil)
return verify