Logo for tanaschita.com

Public-key cryptography with CryptoKit for iOS

Using CryptoKit to increase security in iOS applications.

03 Jan 2022 · 5 min read

Public-key cryptography, also called asymmetric cryptography, provides fundamental security in today's IT systems and network communications.

When it comes to iOS applications, Apple already provides a build-in TLS encryption and digital signing for free when communicating over HTTPS. But when we work with sensitive user data, we might still want to add an extra level of security.

In this article, we will look at how public-key cryptography works and how we can use it in iOS applications with increased security needs.

Public-key cryptography basics

The concept behind public-key cryptography is based on two linked keys, a public and a private key. Anyone can encrypt messages using a public key, but only the holder of the corresponding private key can decrypt that message.

It is extremely difficult to compute the private key from the public key, so it is save to share the public key, for example over a network.

Public-key cryptography use cases

Common public-key cryptography use cases are encryption and digital signatures.

Digital signatures are used when we need to verify the sender’s identity and the integrity of the data, for example when dealing with payments, legal agreements, contracts etc. The sender uses their private key to sign, and the receiver uses the sender’s public key to verify. In detail, creating a digital signature requires the following steps:

  1. The message that has to be signed is hashed creating a message digest. To learn more about hashing, check out this quick tip on Hash functions in CryptoKit for iOS.

  2. The message digest is encrypted with the sender's private key. This is a digital signature. The digital signature is now attached to the message and sent to the receiver.

  3. The receiver decrypts the digital signature with the sender's public key. This decryption results in a message digest.

  4. Now, the receiver hashes the message and compares the two message digests. If they are the same, the receiver can be sure that the sender is who they claim to be and that the message was not tampered with.

When it comes to encryption, in most cases, public keys aren't used to encrypt data directly, but to agree on a symmetric key for encryption. Check out Symmetric cryptography with CryptoKit to learn more.

Sponsorship logo
Join the FREE iOS Architect Crash Course (for a limited time!)
If you’re a mid/senior iOS developer who’s looking to improve both your skills and salary level, then join this 100% free online crash course. Hurry up because it's available only until November 27th!
Click to get it now

Public-key algorithms supported by CryptoKit

Now, let's look at how we can implement a digital signature by using CryptoKit. As a first step we have to choose a public-key algorithm. After its publication in 1978, RSA became the most popular public-key algorithm. Around 2015, ECC algorithms got popular because of the much smaller keys they need to provide similar security.

CryptoKit uses ECC algorithms exclusively. We can choose between the P256/P384/P521 ECC algorithm and the Curve25519 ECC algorithm. They both have approximately the same security level and small key sizes. This article will not go into details on how they work internally, since CryptoKit has abstracted those details away for us.

Creating a key pair with CryptoKit

Creating a private-public key pair with CryptoKit is as simple as this:

let privateKey = Curve25519.Signing.PrivateKey()
let publicKey = privateKey.publicKey

To send the public key, we can convert it to Data by using its rawRepresentation property. To use a P256 algorithms instead of Curve25519, we just need to exchange it, the rest works the same way.

Signing with CryptoKit

To create a digital signature, we now can use the private key to sign our data or the data's digest.

let signature = try privateKey.signature(for: messageDigest)

On signature, we can again use its rawRepresentation property to get a Data type for server communication.

Verifying a received signature is similarly simple:

publicKey.isValidSignature(signature, for: messageDigest)

And that's basically it. CryptoKit allows us to create and validate digital signatures with a few lines of code. That's pretty awesome!

Sponsorship logo
Join the FREE iOS Architect Crash Course (for a limited time!)
If you’re a mid/senior iOS developer who’s looking to improve both your skills and salary level, then join this 100% free online crash course. Hurry up because it's available only until November 27th!
Click to get it now

Newsletter

Image of a reading marmot
Subscribe

Like to support my work?

Say hi

Related tags

Articles with related topics

cryptokit

security

swift

ios

Symmetric-key cryptography with CryptoKit for iOS

Using CryptoKit to increase security in iOS applications.

17 Jan 2022 · 4 min read

Latest articles and tips

© 2022 tanaschita.com

Privacy policy

Impressum