Kitura/BlueRSA Kitura/BlueRSA

Cryptography
  • Stars
    star
    132
  • Rank 274,149 (Top 6 %)
  • Language
    Swift
  • License
    Apache License 2.0
  • Created almost 8 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Kitura/BlueRSA
github

Kitura

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

APIDoc Build Status - Master macOS iOS Linux Apache 2 Slack Status

BlueRSA

Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux (using OpenSSL) is working but is still somewhat of a work in progress.

Contents

  • CryptorRSA: Utility functions for RSA encryption and signing. Pure Swift

Prerequisites

Swift

  • Swift Open Source swift-4.0.0-RELEASE toolchain (Minimum REQUIRED for latest release)
  • Swift Open Source swift-4.2-RELEASE toolchain (Recommended)
  • Swift toolchain included in Xcode Version 10.0 (10A255) or higher.

macOS

  • macOS 10.12.0 (Sierra) or higher
  • Xcode Version 9.0 (9A325) or higher using the included toolchain (Minimum REQUIRED for latest release).
  • Xcode Version 10.0 (10A255) or higher using the included toolchain (Recommended).

iOS

  • iOS 10.3 or higher
  • Xcode Version 9.0 (9A325) or higher using the included toolchain (Minimum REQUIRED for latest release).
  • Xcode Version 10.0 (10A255) or higher using the included toolchain (Recommended).

Linux

  • Ubuntu 16.04 (or 16.10 but only tested on 16.04) and 18.04.
  • One of the Swift Open Source toolchain listed above.
  • OpenSSL is provided by the distribution. Note: 1.0.x, 1.1.x and later releases of OpenSSL are supported.
  • The appropriate libssl-dev package is required to be installed when building.

Build

To build CryptorRSA from the command line:

% cd <path-to-clone>
% swift build

Testing

To run the supplied unit tests for CryptorRSA from the command line:

% cd <path-to-clone>
% swift build
% swift test

Using CryptorRSA

Including in your project

Swift Package Manager

To include BlueRSA into a Swift Package Manager package, add it to the dependencies attribute defined in your Package.swift file. You can select the version using the majorVersion and minor parameters. For example:

	dependencies: [
		.Package(url: "https://github.com/Kitura/BlueRSA", majorVersion: <majorVersion>, minor: <minor>)
	]

Carthage

To include BlueRSA in a project using Carthage, add a line to your Cartfile with the GitHub organization and project names and version. For example:

	github "Kitura/BlueRSA" ~> <majorVersion>.<minor>

Before starting

The first you need to do is import the CryptorRSA framework. This is done by the following:

import CryptorRSA

Data Types

BlueRSA supports the following major data types:

  • Key Handling

    • CryptorRSA.PublicKey - Represents an RSA Public Key.
    • CryptorRSA.PrivateKey - Represents an RSA Private Key.

  • Data Handling

    • CryptorRSA.EncryptedData - Represents encrypted data.
    • CryptorRSA.PlaintextData - Represents plaintext or decrypted data.
    • CryptorRSA.SignedData - Represents signed data.

Key Handling

BlueRSA provides seven (7) functions each for creating public and private keys from data. They are as follows (where createXXXX is either createPublicKey or createPrivateKey depending on what you're trying to create):

  • CryptorRSA.createXXXX(with data: Data) throws - This creates either a private or public key containing the data provided. It is assumed that the data being provided is in the proper format.
  • CryptorRSA.createXXXX(withBase64 base64String: String) throws - This creates either a private or public key using the Base64 encoded String provided.
  • CryptorRSA.createXXXX(withPEM pemString: String) throws - This creates either a private or public key using the PEM encoded String provided.
  • CryptorRSA.createXXXX(withPEMNamed pemName: String, onPath path: String) throws - This creates either a private or public key using the PEM encoded file pointed at by the pemName and located on the path specified by path provided.
  • CryptorRSA.createXXXX(withDERNamed derName: String, onPath path: String) throws - This creates either a private or public key using the DER encoded file pointed at by the derName and located on the path specified by path provided.
  • CryptorRSA.createXXXX(withPEMNamed pemName: String, in bundle: Bundle = Bundle.main) throws - This creates either a private or public key using the PEM encoded file pointed at by the pemName and located in the Bundle specified by bundle provided. By default this API will look in the main bundle. Note: Apple Platforms Only
  • CryptorRSA.createXXXX(withDERNamed derName: String, in bundle: Bundle = Bundle.main) throws - This creates either a private or public key using the DER encoded file pointed at by the derName and located in the Bundle specified by bundle provided. By default this API will look in the main bundle. Note: Apple Platforms Only

Additionally, there are three APIs for creating a public key by extracting the key from a PEM formatted certificate: They are:

  • CryptorRSA.createPublicKey(extractingFrom data: Data) throws - This creates either a public key by extracting from the PEM encoded certificate pointed at by the data.
  • CryptorRSA.createPublicKey(extractingFrom certName: String, onPath path: String) throws - This creates a public key by extracting from the PEM encoded certificate pointed at by the certName and located on the path specified by path provided.
  • CryptorRSA.createPublicKey(extractingFrom certName: String, in bundle: Bundle = Bundle.main) throws - This creates a public key using the PEM encoded certificate pointed at by the derName and located in the Bundle specified by bundle provided. By default this API will look in the main bundle. Note: Apple Platforms Only

Example

The following example illustrates creating a public key given PEM encoded file located on a certain path. *Note: Exception handling omitted for brevity.

import Foundation
import CryptorRSA

...

let keyName = ...
let keyPath = ...

let publicKey = try CryptorRSA.createPublicKey(withPEMNamed: keyName, onPath: keyPath)

...

<Do something with the key...>

Data Encryption and Decryption Handling

BlueRSA provides functions for the creation of each of the three (3) data handling types:

Plaintext Data Handling and Signing

There are two class level functions for creating a PlaintextData object. These are:

  • CryptorRSA.createPlaintext(with data: Data) -> PlaintextData - This function creates a PlaintextData containing the specified data.
  • CryptorRSA.createPlaintext(with string: String, using encoding: String.Encoding) throws -> PlaintextData - This function creates a PlaintextData object using the string encoded with the specified encoding as the data.

Once the PlaintextData object is created, there are two instance functions that can be used to manipulate the contained data. These are:

  • encrypted(with key: PublicKey, algorithm: Data.Algorithm) throws -> EncryptedData? - This function allows you to encrypt containing data using the public key and algorithm specified. This function returns an optional EncryptedData object containing the encryped data.
  • signed(with key: PrivateKey, algorithm: Data.Algorithm) throws -> SignedData? - This function allows you to sign the contained data using the private key and algorithm specified. This function returns an optional SignedData object containing the signature of the signed data.

Example

  • Encryption: Note: Exception handling omitted for brevity.
import Foundation
import CryptorRSA

...

let keyName = ...
let keyPath = ...

let myData: Data = <... Data to be encrypted ...>

let publicKey = try CryptorRSA.createPublicKey(withPEMNamed: keyName, onPath: keyPath)
let myPlaintext = CryptorRSA.createPlaintext(with: myData)
let encryptedData = try myPlaintext.encrypt(with: publicKey, algorithm: .sha1)

...

< Do something with the encrypted data...>
  • Signing: Note: Exception handling omitted for brevity.
import Foundation
import CryptorRSA

...

let keyName = ...
let keyPath = ...

let myData: Data = <... Data to be signed ...>

let privateKey = try CryptorRSA.createPrivateKey(withPEMNamed: keyName, onPath: keyPath)
let myPlaintext = CryptorRSA.createPlaintext(with: myData)
let signedData = try myPlaintext.signed(with: privateKey, algorithm: .sha1)

...

< Do something with the signed data...>

Encrypted Data Handling

There are two class level functions for creating a EncryptedData object. These are:

  • CryptorRSA.createEncrypted(with data: Data) -> EncryptedData - This function creates a EncryptedData containing the specified encrypted data.
  • CryptorRSA.createEncrypted(with base64String: String) throws -> EncryptedData - This function creates a EncrpytedData using the Base64 representation of already encrypted data.

Once the EncryptedData object is created, there is an instance function that can be used to decrypt the enclosed data:

  • decrypted(with key: PrivateKey, algorithm: Data.Algorithm) throws -> DecryptedData? - This function allows you to decrypt containing data using the public key and algorithm specified. This function returns an optional DecryptedData object containing the encryped data.

BlueRSA currently supports OAEP padding, which is the recommended padding algorithm.

Example

  • Decryption: Note: Exception handling omitted for brevity.
import Foundation
import CryptorRSA

...

let keyName = ...
let keyPath = ...
let publicKey = try CryptorRSA.createPublicKey(withPEMNamed: keyName, onPath: keyPath)

let pkeyName = ...
let pkeyPath = ...
let privateKey = try CryptorRSA.createPrivateKey(withPEMNamed: pkeyName, onPath: pkeyPath)

let myData: Data = <... Data to be encrypted ...>

let myPlaintext = CryptorRSA.createPlaintext(with: myData)
let encryptedData = try myPlaintext.encrypt(with: publicKey, algorithm: .sha1)

let decryptedData = try encryptedData.decrypt(with: privateKey, algorithm: .sha1)

...

< Do something with the decrypted data...>

Signature Verification Handling

There is a single class level function that can be used to create a SignedData object. It is:

  • CryptorRSA.createSigned(with data: Data) -> SignedData - This function creates a SignedData containing the specified signed data.

Once created or obtained PlaintextData and SignedData, there is an instance function which can be used to verify the signature contained therein:

  • verify(with key: PublicKey, signature: SignedData, algorithm: Data.Algorithm) throws -> Bool - This function is used to verify, using the public key and algorithm, the signature. Returns true if the signature is valid, false otherwise.

  • Verifying: Note: Exception handling omitted for brevity.

import Foundation
import CryptorRSA

...

let keyName = ...
let keyPath = ...
let publicKey = try CryptorRSA.createPublicKey(withPEMNamed: keyName, onPath: keyPath)

let pkeyName = ...
let pkeyPath = ...
let privateKey = try CryptorRSA.createPrivateKey(withPEMNamed: pkeyName, onPath: pkeyPath)

let myData: Data = <... Data to be signed ...>

let myPlaintext = CryptorRSA.createPlaintext(with: myData)
let signedData = try myPlaintext.signed(with: privateKey, algorithm: .sha1)

if try myPlaintext.verify(with: publicKey, signature: signedData, algorithm: .sha1) {

	print("Signature verified")

} else {

	print("Signature Verification Failed")
}

Data Type Utility Functions

All three of the data handling types have two common utility instance functions. These are:

  • digest(using algorithm: Data.Algorithm) throws -> Data - This function returns a Data object containing a digest constructed using the specified algorithm.
  • string(using encoding: String.Encoding) throws -> String - This functions returns a String representation of the data using the specified encoding.

Community

We love to talk server-side Swift and Kitura. Join our Slack to meet the team!

License

This library is licensed under Apache 2.0. Full license text is available in LICENSE.

More Repositories

1

Kitura

A Swift web framework and HTTP server.
Swift
7,628
star
2

BlueSocket

Socket framework for Swift using the Swift Package Manager. Works on iOS, macOS, and Linux.
Swift
1,407
star
3

Swift-JWT

JSON Web Tokens in Swift
Swift
559
star
4

Swift-Kuery

SQL database abstraction layer
Swift
426
star
5

Swift-SMTP

Swift SMTP client
Swift
261
star
6

Swift-Kuery-ORM

An ORM for Swift, built on Codable
Swift
212
star
7

BlueCryptor

Swift cross-platform crypto library using CommonCrypto/libcrypto
Swift
191
star
8

HeliumLogger

A lightweight logging framework for Swift
Swift
176
star
9

swift-html-entities

HTML5 spec-compliant character encoder/decoder for Swift
Swift
170
star
10

swift-ubuntu-docker

🚫 This repo is deprecated - please use the images here: https://hub.docker.com/_/swift
Vim Script
154
star
11

SwiftyRequest

SwiftyRequest is an HTTP networking library built for Swift.
Swift
110
star
12

Kitura-net

Kitura networking
Swift
104
star
13

BlueSSLService

SSL/TLS Add-in for BlueSocket using Secure Transport and OpenSSL
Swift
97
star
14

Kitura-redis

Swift Redis library
Swift
95
star
15

BlueECC

Elliptic-curve cryptography for Swift
Swift
94
star
16

BlueSignals

Generic Cross Platform Signal Handler
Swift
94
star
17

Configuration

Hierarchical configuration manager for Swift applications
Swift
81
star
18

Kitura-Sample

A sample application that shows how to use various features of Kitura
Swift
81
star
19

Kitura-WebSocket

WebSocket support for Kitura
Swift
68
star
20

OpenSSL

Swift modulemaps for libSSL and libcrypto
C
61
star
21

Swift-Kuery-PostgreSQL

PostgreSQL plugin for Swift-Kuery framework
Swift
61
star
22

SwiftKafka

Swift SDK for Apache Kafka
Swift
60
star
23

KituraKit

Swift client library for using Codable routes with Kitura
Swift
59
star
24

Kitura-CouchDB

CouchDB adapter for Kitura
Swift
51
star
25

CircuitBreaker

A Swift Circuit Breaker library – Improves application stability and reliability.
Swift
47
star
26

Kitura-Credentials

A pluggable framework for validating user credentials in a Swift server using Kitura
Swift
41
star
27

Kitura-NIO

A networking library for Kitura, based on SwiftNIO
Swift
38
star
28

Kitura-OpenAPI

OpenAPI support for Kitura
Swift
37
star
29

TypeDecoder

A Swift library to allow the runtime inspection of Swift language native and complex types.
Swift
37
star
30

SwiftKueryMySQL

MySQL plugin for Swift-Kuery framework
Swift
35
star
31

Package-Builder

Build and utility scripts used for continuous integration builds for Swift Package Manager projects on the Travis CI environment
Shell
35
star
32

CCurl

Modulemap for the libcurl library
Objective-C
31
star
33

Kitura-StencilTemplateEngine

Stencil templating for Kitura
Swift
27
star
34

Kitura-Markdown

Templating engine for Kitura that uses Markdown based templates
C
26
star
35

LoggerAPI

Logger protocol
Swift
26
star
36

kitura.dev

http://www.kitura.dev
JavaScript
26
star
37

Health

An application health library for Swift.
Swift
22
star
38

Kitura-Session

A pluggable framework for managing user sessions in a Swift server using Kitura
Swift
19
star
39

Kitura-WebSocket-NIO

A SwiftNIO based implementation of WebSocket for Kitura
Swift
18
star
40

CommonCrypto

CommonCrypto Module Map
Swift
18
star
41

FileKit

Swift
17
star
42

Kitura-TemplateEngine

Kitura Template Engine protocol
Swift
16
star
43

Swift-Kuery-SQLite

An SQLite plugin for the Swift-Kuery framework
Swift
16
star
44

Kitura-CredentialsHTTP

A plugin for the Kitura-Credentials framework that authenticates using HTTP Basic and Digest authentication
Swift
16
star
45

kitura-cli

⌨️ Kitura command-line interface
Go
14
star
46

KituraContracts

A library containing type definitions shared by client and server Kitura code.
Swift
13
star
47

CZlib

Module map for Zlib library
Swift
12
star
48

CloudEnvironment

Convenience Swift package for accessing environment variables, credentials.
Swift
12
star
49

Kitura-CredentialsFacebook

A plugin for the Kitura-Credentials framework that authenticates using the Facebook web login
Swift
10
star
50

Kitura-CORS

Kitura CORS middleware
Swift
10
star
51

Kitura-Cache

Kitura cache
Swift
10
star
52

Kitura-CredentialsGoogle

A plugin for the Kitura-Credentials framework that authenticates using the Google web login
Swift
9
star
53

Swift-cfenv

Easy access to Cloud Foundry application environment for Swift Packages.
Swift
9
star
54

Kitura-Compression

Kitura compression middleware
Swift
7
star
55

CEpoll

A modulemap file and include to help Swift code use epoll on Linux
Swift
6
star
56

Kitura-WebSocket-Client

A WebSocket client based on SwiftNIO
Swift
6
star
57

Kitura-CredentialsGitHub

A plugin for the Kitura-Credentials framework that authenticates using the GitHub web login
Swift
6
star
58

Kitura-MustacheTemplateEngine

Adapter of GRMustache Template Engine to Kitura Template Engine
Swift
5
star
59

CHTTPParser

Modulemap for the http-parser library
C
5
star
60

Kitura-WebSocket-Compression

A WebSocket compression library based on SwiftNIO
Swift
4
star
61

generator-swiftserver-projects

Autogenerated Kitura projects
Shell
4
star
62

Kitura-Session-Redis

Kitura-Session store using Redis as the backing store
Swift
4
star
63

Kitura-Benchmarks

Benchmarks for Kitura
Swift
3
star
64

homebrew-kitura

Homebrew tap
Ruby
3
star
65

Kitura-CredentialsJWT

A plugin for the Kitura-Credentials framework that supports JWT authentication.
Swift
3
star
66

ShellToolKit

Utility classes to help with common system/shell actions in Swift
Swift
3
star
67

anapistula

Simple standalone web server in swift
Swift
2
star
68

CLibpq

PostgreSQL wrapper
Swift
2
star
69

CMySQL

Swift
1
star
70

Kitura-CI

Repository to hold the testing scripts for some Kitura repositories
Shell
1
star
71

Maintainers

Files relevant to Kitura project maintainers
Swift
1
star
72

StarterWebServer

A starter web server that can be used as a template for a new project
Swift
1
star