Objective-C
Installation
Install Themis using CocoaPods.
source 'https://github.com/CocoaPods/Specs.git'
pod 'themis'
Usage
Key Pair Generation
To generate a pair of keys, objcthemis
has class SKeyGen
. Method init
has one parameter - type of algorithm (Themis supports Elliptic Curve (EC) and RSA algorithms).
#import "skeygen.h"
/*EC or RSA can be used*/
SKeyGen * generator = [[SKeyGen alloc] init:(EC)];
if (!generator) {
NSLog(@"Error occured: key generator is nil");
return;
}
NSData * private_key = [generator getPrivKey];
NSData * public_key = [generator getPubKey];
Secure Message
For detailed explanation of Secure Message, see corresponding page in Objects guide.
Encryption
To encrypt a message, use client private key and server public key, and convert them to NSData
:
// base64 encoded keys
NSString * serverPublicKeyString = @"VUVDMgAAAC2ELbj5Aue5xjiJWW3P2KNrBX+HkaeJAb+Z4MrK0cWZlAfpBUql";
NSString * clientPrivateKeyString = @"UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg";
NSData * serverPublicKey = [[NSData alloc] initWithBase64EncodedString:serverPublicKeyString
options:NSDataBase64DecodingIgnoreUnknownCharacters];
NSData * clientPrivateKey = [[NSData alloc] initWithBase64EncodedString:clientPrivateKeyString
options:NSDataBase64DecodingIgnoreUnknownCharacters];
Initialize encrypter:
#import "smessage.h"
SMessage * encrypter = [[SMessage alloc] initWithPrivateKey:clientPrivateKey peerPublicKey:serverPublicKey];
Encrypt message:
NSString * message = @"All your base are belong to us!";
NSError * themisError;
NSData * encryptedMessage = [encrypter wrap:[message dataUsingEncoding:NSUTF8StringEncoding] error:&themisError];
if (themisError) {
NSLog(@"Error occured %@", themisError);
return;
}
NSLog(@"%@", encryptedMessage);
Result (the encryption result on same data chunk is different every time and can't be used as test):
$ <20270426 53000000 00010140 0c000000 10000000 1f000000 ad443c21 d6d7df98 a101e48b b3757b04 c5710e04 5720b3c2 fe674f54 73e10ad4 ee722d3e 42244b6d c5099ac4 89dfda90 75fae62a aa733872 c8180d>
Decryption
Use server private key and client public key for decryption:
// base64 encoded keys
NSString * serverPrivateKeyString = @"UkVDMgAAAC1FsVa6AMGljYqtNWQ+7r4RjXTabLZxZ/14EXmi6ec2e1vrCmyR";
NSString * clientPublicKeyString = @"VUVDMgAAAC1SsL32Axjosnf2XXUwm/4WxPlZauQ+v+0eOOjpwMN/EO+Huh5d";
NSData * serverPrivateKey = [[NSData alloc] initWithBase64EncodedString:serverPrivateKeyString
options:NSDataBase64DecodingIgnoreUnknownCharacters];
NSData * clientPublicKey = [[NSData alloc] initWithBase64EncodedString:clientPublicKeyString
options:NSDataBase64DecodingIgnoreUnknownCharacters];
Initialize decrypter:
#import "smessage.h"
SMessage * decrypter = [[SMessage alloc] initWithPrivateKey:serverPrivateKey peerPublicKey:clientPublicKey];
Decrypt message:
NSData * decryptedMessage = [decrypter unwrap:encryptedMessage error:&themisError];
if (themisError) {
NSLog(@"Error occured %@", themisError);
return;
}
NSString * resultString = [[NSString alloc] initWithData:decryptedMessage encoding:NSUTF8StringEncoding];
NSLog(@"%@", resultString);
Result:
$ All your base are belong to us!
Secure Cell
All Secure Cell modes has an optional parameter context
. For detailed explanation of various modes and their strengths and weaknesses, see objects guide and cryptosystem description for Secure Cell.
To initialize secure cell object, use master key in NSData format:
NSString * masterKeyString = @"UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg";
NSData * masterKeyData = [[NSData alloc] initWithBase64EncodedString:masterKeyString
options:NSDataBase64DecodingIgnoreUnknownCharacters];
Seal Mode
Initialize encrypter/decrypter:
#import "scell_seal.h"
SCell_seal * sCellSeal = [[SCell_seal alloc] initWithKey:masterKeyData];
Encrypt:
NSString * message = @"All your base are belong to us!";
NSString * context = @"For great justice";
NSError * themisError;
// context is optional parameter and may be ignored
NSData * encryptedMessage = [sCellSeal wrap:[message dataUsingEncoding:NSUTF8StringEncoding]
context:[context dataUsingEncoding:NSUTF8StringEncoding]
error:&themisError];
if (themisError) {
NSLog(@"Error occured %@", themisError);
return;
}
NSLog(@"%@", encryptedMessage);
Decrypt:
NSString * context = @"For great justice";
NSError * themisError;
NSData * decryptedMessage = [sCellSeal unwrap:encryptedMessage
context:[context dataUsingEncoding:NSUTF8StringEncoding]
error:&themisError];
if (themisError) {
NSLog(@"Error occured %@", themisError);
return;
}
NSString * resultString = [[NSString alloc] initWithData:decryptedMessage
encoding:NSUTF8StringEncoding];
NSLog(@"%@", resultString);
Token-protect Mode
Initialize encrypter/decrypter
#import "scell_token.h"
SCell_token * sCellToken = [[SCell_token alloc] initWithKey:masterKeyData];
Encrypt:
NSString * message = @"Roses are grey. Violets are grey.";
NSString * context = @"I'm a dog";
NSError * themisError;
// context is optional parameter and may be ignored
SCellTokenEncryptedData * encryptedMessage = [sCellToken wrap:[message dataUsingEncoding:NSUTF8StringEncoding]
context:[context dataUsingEncoding:NSUTF8StringEncoding]
error:&themisError];
if (themisError) {
NSLog(@"%s Error occured while enrypting %@", sel_getName(_cmd), themisError);
return;
}
NSLog(@"%s\ncipher = %@:\ntoken = %@", sel_getName(_cmd), [encryptedMessage getCipherText],[encryptedMessage getToken]);
Decrypt:
NSString * context = @"I'm a dog";
NSError * themisError;
NSData * decryptedMessage = [sCellToken unwrap:encryptedMessage
context:[context dataUsingEncoding:NSUTF8StringEncoding]
error:&themisError];
if (themisError) {
NSLog(@"%s Error occured while decrypting %@", sel_getName(_cmd), themisError);
return;
}
NSString * resultString = [[NSString alloc] initWithData:decryptedMessage
encoding:NSUTF8StringEncoding];
NSLog(@"%s resultString = %@", sel_getName(_cmd), resultString);
Context-Imprint Mode
Initialize encrypter/decrypter
#import "scell_context_imprint.h"
SCell_context_imprint * contextImprint = [[SCell_context_imprint alloc] initWithKey:masterKeyData];
Encrypt
NSString * message = @"Roses are red. My name is Dave. This poem have no sense";
NSString * context = @"Microwave";
NSError * themisError;
// context is not optional parameter here
NSData * encryptedMessage = [contextImprint wrapData:[message dataUsingEncoding:NSUTF8StringEncoding]
context:[context dataUsingEncoding:NSUTF8StringEncoding]
error:&themisError];
if (themisError) {
NSLog(@"Error occured %@", themisError);
return;
}
NSLog(@"%@", encryptedMessage);
Decrypt
NSString * context = @"Microwave";
NSError * themisError;
// context is not optional parameter here
NSData * decryptedMessage = [contextImprint unwrapData:encryptedMessage
context:[context dataUsingEncoding:NSUTF8StringEncoding]
error:&themisError];
NSString * resultString = [[NSString alloc] initWithData:decryptedMessage
encoding:NSUTF8StringEncoding];
NSLog(@"%@", resultString);
Secure Session
Secure Session for iOS is yet untested. It comes as is, and will be properly documented, covered with examples in next release.