vendredi 22 février 2019   -   09 : 25 : 02  

Dernières alertes de sécurité

What is the KDF for ECIES?

> date : 2019-02-21 21:44:08
> lien : https://forums.developer.apple.com/thread/114066

I am trying to use ECIES to encrypt some data on MacOS using SecKeyCreateEncryptedData() and then Decrypt the data on Linux using OpenSSL. I can currently encrypt and decrypt mac to mac or linux to linux but not cross platform.I am trying to match the behaviour of "eciesEncryptionStandardVariableIVX963SHA256AESGCM" on MacOS.I am at the point where i have generated the 32 byte symmetric key from the curve using the Ephemeral private key and peer public key.According to this:https://github.com/practicalswift/osx/blob/master/src/security/keychain/SecKey.h#L1153"Ephemeral public key data is used as sharedInfo for KDF"I'm stuck at knowing which KDF is used, and how can i recreate that function using openSSL.I assume it will make a 32 Byte key since the first 16 bytes are the AES key and last 16 are the IV.I also assume it will use SHA256.From there I should be ok to use the peer public key as AAD and follow AES-GCM using the generated key.Any help would be greatly appreciated.

OS X custom login authentication

> date : 2019-02-21 21:44:08
> lien : https://forums.developer.apple.com/thread/113917

Hai, I need to authenticate the users at login with my own logic like, For eg: calling an external authentication server and using OpenDirectory in case if the server is not reachable.

 I know that i need to create an authorization plugin like the apple's sample code (NullAuthPlugin,NameAndPassword) and add an entry in authorizationdb at 'system.login.console' right to invoke my plugin to achieve this. NameAndPassword sample suggests to use different UI(using SFAuthorizationPluginView) other than the "loginwindow:login" to customize the login. Can I able to achieve my requirement without replacing the loginwindow GUI ie the mechanism "loginwindow:login"?? ie, Can i able to achieve this by keeping the existing mac's login screen as such and obtain the credentials to perform my own authentication ?? If possbile where should i place my mechanism at 'system.login.console' ?

 I think of replacing the <string>builtin:authenticate,privileged</string> with my own plugin to achieve my requirement ? Is it OK to replace the buitin login mechanism ?Is my approach correct ? Can anyone help me to clarify regarding this ?

Unique RSA KeyChain item

> date : 2019-02-21 21:44:08
> lien : https://forums.developer.apple.com/thread/113787

During the creation of several key items, I noticed that there are several 'label' or 'tag' options. I did some investigation and I found three different, interesting, values.

 kSecAttrApplicationTag    - A key whose value indicates the item's private tag.kSecAttrApplicationLabel - A key whose value indicates the item's application label.kSecAttrLabel                   - A key whose value is a string indicating the item's label.

 I read that the kSecAttrLabel is "human readable data". But what exactly is meant with the description of the kSecAttrApplicationTag? What exactly is the private tag.

 Another question I have is, how can I uniquely identify a key. Say I want to have a single key to encrypt a specific file, how would I go about doing so? Theoretically, I could set the kSecAttrApplicationLabel, as this has to be a unique value, meaing if I were to set the value to "com.app.appname.someidentifier".data(using: .utf8)! an error would occur if the key would (accidentally) be created again (which is what I want to prevent). However the discussion says "in particular, for keys of class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of this attribute is the hash of the public key", and RSA keys do have the public/private class, so the value would no longer be the hash of the public key. Am I actually allowed to overwrite the kSecAttrApplicationLabel? If not, do I have to check if a key for kSecAttrApplicationTag/kSecAttrLabel already exists and delete it first, before adding a new 'unique' key?

 Thanks in advance!

Getting the IV from SecKeyCreateEncryptedData for Symmetric Encryption?

> date : 2019-02-21 21:44:08
> lien : https://forums.developer.apple.com/thread/112871

I am trying to use RSA to encrypt some data on MacOS using SecKeyCreateEncryptedData() and then Decrypt the data on Linux using OpenSSL. When I call SecKeyCreateEncryptedData I am returned "the RSA encrypted session key, the AES encrypted data, and a 16-byte AES-GCM tag into a block of data" as described in:https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/using_keys_for_encryption

 To decrypt the data using OpenSSL I require those 3 parts plus the IV(AKA, nonce value):https://shanetully.com/2012/06/openssl-rsa-aes-and-c/For that example there is a further call to:```EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, 16, ref_TAG);```To generate the GCM tag.

 My question is how do i get the IV that was used in SecKeyCreateEncryptedData to create the AES encrypted data so that i can pass it to openSSL to decrypt the data?

 This is being done on MacOS using Swift 4.2. Below is a short code example demonstrating what I am trying to do:```import OpenSSL

 // encrypt using securityvar response: Unmanaged<CFError>? = nillet encryptedData = SecKeyCreateEncryptedData(<SecPublicKey>, SecKeyAlgorithm.rsaEncryptionOAEPSHA256AESGCM, <data> as CFData, &response)if response != nil {    print(response?.takeRetainedValue())}

 // decrypt using OpenSSLvar evp_key = EVP_PKEY_new()let _ = EVP_PKEY_set1_RSA(evp_key, <PrivateKeyPointer>)let rsaDecryptCtx = EVP_CIPHER_CTX_new_wrapper()let encKeyLength = Int(EVP_PKEY_size(evp_key))// iv is the only missing value for decoding.// encryptedKey used herelet _ = EVP_OpenInit(rsaDecryptCtx, EVP_aes_128_gcm(), <encryptedKey>, <encryptedKeyLength>, <iv>, evp_key)// encryptedData used herelet _ = EVP_DecryptUpdate(rsaDecryptCtx, decrypted, &processedLen, encryptedData, Int32(encryptedData.count)var decMsgLen = processedLen// gcm tag used hereEVP_CIPHER_CTX_ctrl(rsaDecryptCtx, EVP_CTRL_GCM_SET_TAG, 16, <gcm tag>)let _EVP_OpenFinal(rsaDecryptCtx, decrypted.advanced(by: Int(decMsgLen)), &processedLen)decMsgLen += processedLenlet decryptedData = Data(bytes: decrypted, count: Int(decMsgLen))```Any help in understanding how I can get the IV value would be greatly appreciated.

| page 1 | page suivante |


 

  Sécurité



  Classement

Selon le comparatif phwinfo.com, Ironie.org est 3ème au classement des mutualisés !

   

  Nouvelles

Consulter les dernières actualités de plus de 300 sources d'informations différentes.

  news.ironie.org

connected from address ec2-54-146-227-92.compute-1.amazonaws.com (54.146.227.92:45745)
using CCBot/2.0 (https://commoncrawl.org/faq/)
served for Ironie.org by Debian GNU/Linux