swift3 sha* digests and digital signatures

Question

gabriel112 OP

Created Jul ’18

Replies 3

Boosts 0

Views 1.8k

Participants 2

Hi,

Is there a "native" swift method/class to compute digest (sha1, sha2, etc.) and digital signatures?

I know there are some CommonCrypto functions (like mentioned in https://forums.developer.apple.com/message/257577#257577 or https://forums.developer.apple.com/message/249331#249331) but I dont know if those are the better options in Swift (xcode 8.2.1, Swift 3)

What about an example? I found SecDigestTransfromCreate, but documentation is not really helping me on how to use it.

Thanks in advance.

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’18

If you have message data and a private key, you can create a signature directly using

SecKeyCreateSignature

. Make sure to use one of the algorithms that has

Message

in the name, which will cause it to generate the digest internally.

If you need to separate these steps then CommonCrypto is the recommended option. In that case use one of the algorithms that has

Digest

in the name, which causes

SecKeyCreateSignature

to skip the digest step.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

gabriel112 OP

Jul ’18

Thank you for your help, it helped me a lot.

Unfortunately SecKeyCreateSignature and SecKeyAlgorithm are available for OSX 10.12 or later (mine is 10.11.6)

¿Would you please tell me wich are the equivalent classes/constants for OSX 10.11?

Thanks.

0

Answer 3

DTS Engineer OP

Apple

Jul ’18

Accepted Answer

You’ll have to use tranforms in that case. You should take a look at the CryptoCompatibility sample code, which shows how to calculate digests using three different APIs (the new unified API on modern versions of macOS and iOS, the legacy transforms API on older versions of macOS, and the legacy raw API on older versions of iOS).

Note that transforms do support streaming input but IMO it’s better to not use that facility and just use the transform to sign a digest that you calculate using CommonCrypto. This will make it easier to share code between the unified version you run on modern versions of macOS and the transforms version you run on legacy systems.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0