Skip to content

PGP for iOS/OSX using kbpgp.js and JavaScriptCore

License

Notifications You must be signed in to change notification settings

fortify-enterprise/KBPGP

 
 

Repository files navigation

KBPGP

PGP for iOS/OSX, using kbpgp.js. Requires >= iOS 8.0.

This library is mostly a proof of concept. I've stopped using it myself but am keeping it around in case others find it useful.

If you need to use PGP on iOS, I recommend trying to use the go pgp library, since go 1.5 fully supports iOS (arm64).

Why?

The was no usable native library for PGP for iOS or OSX. Keybase uses kbpgp and iOS 8 provides a JavaScript runtime with JavaScriptCore.

Some alternative methods I considered or am considering:

Podfile

platform :ios, "8.0"
pod "KBPGP"

or

pod 'KBPGP', :git => 'https://github.com/gabriel/KBPGP.git', :branch => :master

Encrypt

KBPGP *pgp = [[KBPGP alloc] init];
[pgp encryptText:@"This is a secret message" keyBundles:@[@"-----BEGIN PGP PUBLIC KEY..."] success:^(NSString *messageArmored) {
  NSLog(@"%@", messageArmored);
} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];

Encrypt & Sign

KBPGP *pgp = [[KBPGP alloc] init];
[pgp encryptText:@"This is a secret signed message" keyBundles:@[@"-----BEGIN PGP PUBLIC KEY..."] keyBundleForSign:@"-----BEGIN PGP PRIVATE KEY..." passwordForSign:@"toomanysecrets" success:^(NSString *messageArmored) {
  NSLog(@"%@", messageArmored);
} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];

Sign

KBPGP *pgp = [[KBPGP alloc] init];
[pgp signText:@"This is a secret message" keyBundle:@"-----BEGIN PGP PRIVATE KEY..." password:@"toomanysecrets" success:^(NSString *clearTextArmored) {
  NSLog(@"%@", clearTextArmored);
} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];

Unbox (Decrypt & Verify)

KBPGP *pgp = [[KBPGP alloc] init];
[pgp setKeyRing:... passwordBlock:...];

[pgp unboxMessageArmored:messageArmored success:^(KBPGPMessage *message) {
  NSLog(@"Decrypted: %@", [message text]);
} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];

Key Bundles

A key bundle is a string which can represent:

  • An armored PGP public key
  • An armored PGP private key
  • P3SKB data (Base64 encoded)
NSString *armoredPublicKeyBundle = @"-----BEGIN PGP PUBLIC KEY...";
NSString *armoredPrivateKeyBundle = @"-----BEGIN PGP PRIVATE KEY...";

P3SKB *secretKey = ...;
NSString *secretKeyBundle = [[secretKey data] base64EncodedStringWithOptions:0];

Key (KBKey)

A key is the simplest representation of a key:

  • An armored public key bundle.
  • A fingerprint (string), which is the unique identifier for the key.
  • A P3SKB secret key (or nil if public only)

PGP Key (KBPGPKey)

A PGP key is a more detailed version of a key, which stores extra info such as the algorithm, size, subkeys, user ids, etc.

You can get a PGP key from a bundle:

KBPGP *pgp = [[KBPGP alloc] init];
[pgp PGPKeyForPublicKeyBundle:@"-----BEGIN PGP PUBLIC KEY..." success:^(KBPGPKey *PGPKey) {
  // PGP key
} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}

Key Ring (KBKeyRing, KBPGPKeyRing)

A key ring stores keys.

KBPGPKeyRing *keyRing = [[KBPGPKeyRing alloc] init];

KBPGPKey key = ...
[keyRing addPGPKey:key];

return keyRing;

Generate Keys

Generates RSA key pair with appropriate defaults (4096 key with subkeys).

KBPGP *pgp = [[KBPGP alloc] init];
[pgp generateKeyWithUserIds:... keyAlgorithm:KBKeyAlgorithmRSA password:@"toomanysecrets" progress:^(KBKeyGenProgress *progress) {
  NSLog(@"Progress: %@", [progress progressDescription]);
  // Return NO to cancel, which will throw an "Aborted" error
  return YES;
} success:^(P3SKB *privateKey, NSString *publicKeyArmored, NSString *keyFingerprint) {
  // Generated private key (P3SKB format, encrypted using TripleSec)

} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];

Armor/Dearmor

NSData *data = ...;
[pgp armoredKeyBundleFromPublicKey:data success:^(NSString *publicKeyArmored) {

} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];
NSString *keyArmored = @"-----BEGIN PGP ...";
[pgp dearmor:keyArmored success:^(NSData *keyData) {
  // Key as binary
} failure:^(NSError *error) {
  NSLog(@"Error: %@", [error localizedDescription]);
}];

About

PGP for iOS/OSX using kbpgp.js and JavaScriptCore

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 96.3%
  • Objective-C 3.5%
  • Other 0.2%