0

I've looked around and found scant information on encryption on Mac OS X. It seems like OpenSSL support is deprecated in newer version of Mac OS X. I need to be able to support from 10.5 and up. Here's my problem:

I have a public and private key pair generate on our licensing server using php (code shown below)

$dn = array(configs....);
$privkey = openssl_pkey_new();

$csr = openssl_csr_new($dn, $privkey);

$sscert = openssl_csr_sign($csr, null, $privkey, $term);

openssl_x509_export($sscert, $publickey);
openssl_pkey_export($privkey, $privatekey, "somepassphrase");

//base64 encode the keys
$privatekey = base64_encode($privatekey);
$publickey = base64_encode($publickey);

The base64 encoded private key is stored in a secure location on one of our servers and the base64 encoded public key is written to a file for download by our users. The file is loaded into a desktop application for MacOS X written in cocoa, which base64 decodes the public key. Until this step is good. However, I want to then encrypt data with the public key and send it to our license server. Does anyone know how I can use this public key to encrypt data in cocoa and what is the "best" practice method? Any examples or tips would be much appreciated!

Improve this question

1 Answer 1

Reset to default
1

It is not so much OpenSSL that is deprecated on the Mac but merely the OpenSSL libraries that are provided by OS X are deprecated. Nothing stops you from compiling your own OpenSSL and use it in your app by statically linking to it:

Although OpenSSL is commonly used in the open source community, OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS. Use of the OS X OpenSSL libraries by apps is strongly discouraged.

If your app depends on OpenSSL, you should compile OpenSSL yourself and statically link a known version of OpenSSL into your app. This use of OpenSSL is possible on both OS X and iOS. However, unless you are trying to maintain source compatibility with an existing open source project, you should generally use a different API.

Common Crypto and Security Transforms are the recommended alternatives for general encryption. CFNetwork and Secure Transport are the recommended alternatives for secure communications.

In other words: It is still fine to use OpenSSL in your OS X app - just don't rely on the bundled OpenSSL anymore. Alternatively, you can make use of OS X' Security Framework: It is capable of handling X.509 public key encryption which you seem to be doing as well.

Source: Cocoa Cryptographic Services Guide

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you that really helped clarify my issue. I will look into the security framework.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.