Public key export in ObjC

[Reto Zenger]

Hi there

I cannot find a way to export public keys using the ObjC Library. In Java there exist KeysetWriter, but in the ObjC Library I cannot find any equivalent class or function. Am I missing something?

I do the following (actualy it is swift code, the ObjC Library is included in the bridging header):

let keyTemplate = try TINKHybridKeyTemplate(keyTemplate: TINKHybridKeyTemplates.eciesP256HkdfHmacSha256Aes128Gcm)

let keysetHandle = try TINKKeysetHandle(keyTemplate: keyTemplate)

let publicKeysetHandle = try TINKKeysetHandle.publicKeysetHandle(with: keysetHandle)

...

Here I want to export the public key (for example as json) for being able to send it to the counterpart. How can I achieve that?

Thanks for your help and for providing this valuable library.

Kind regards

Reto

[Anna Thomas]

Hi, I too have the same requirement. 

Specifically, how to get the string representation of the keysetHandle, regardless of the template used? 

The equivalent android code for generating my requirement is as follows :

    AeadConfig.register();
    KeysetHandle handle = KeysetHandle.generateNew(AeadKeyTemplates.AES256_GCM);
    ByteArrayOutputStream keyStream = new ByteArrayOutputStream();
    KeysetWriter privateKeyWriter = BinaryKeysetWriter.withOutputStream(keyStream);
    CleartextKeysetHandle.write(handle, privateKeyWriter);
    System.out.println(“KEY “+ Base64.getEncoder().encodeToString(keyStream.toByteArray()));

KeysetWriter seems unavailable for Tink in iOS. Can anyone please provide help in finding the equivalent in iOS? I'm using Tink 1.6.0.

Thanks for the library :)

Regards,

Anna

[Anna Thomas]

Hi,

Got an update.

On searching the documentation for Tink 1.6.0, saw this (see attached screenshot)

On testing in my code, found that the following gave a valid output: 

            let config = try! TINKAeadConfig.init()

        try! TINKConfig.register(config)

        let template = try! TINKAeadKeyTemplate.init(keyTemplate: .TINKAes256Gcm)

        let handle = try! TINKKeysetHandle.init(keyTemplate: template)

        let firstData = handle.serializedKeyset()

        var error: NSError?

        let secondData = handle.serializedKeysetNoSecret(&error)

        let publicKeyHandle = try! TINKKeysetHandle.publicKeysetHandle(with: handle)

        let thirdData = publicKeyHandle.serializedKeyset()

        let fourthData = publicKeyHandle.serializedKeysetNoSecret(&error)

In the above code, firstData was giving output, secondData returned nil, and was getting crash for publicKeyHandle. That's because I wasnt using asymmetric encryption.

So I'm guessing handle.serializedKeyset() is what I'm looking for.

 Please can someone confirm ? 

[Thai Duong]

On Wed, Apr 14, 2021 at 11:53 AM Reto Zenger <reto....@forcklabs.com> wrote:

Hi there

I cannot find a way to export public keys using the ObjC Library. In Java there exist KeysetWriter, but in the ObjC Library I cannot find any equivalent class or function. Am I missing something?

I do the following (actualy it is swift code, the ObjC Library is included in the bridging header):

let keyTemplate = try TINKHybridKeyTemplate(keyTemplate: TINKHybridKeyTemplates.eciesP256HkdfHmacSha256Aes128Gcm)

let keysetHandle = try TINKKeysetHandle(keyTemplate: keyTemplate)

let publicKeysetHandle = try TINKKeysetHandle.publicKeysetHandle(with: keysetHandle)

...

Here I want to export the public key (for example as json) for being able to send it to the counterpart. How can I achieve that?

You can use serializedKeysetNoSecret, which was added in 1.6.0. It'll serialize the public keyset using protobuf's binary encoding format.

Thanks for your help and for providing this valuable library.

Kind regards

Reto

--
You received this message because you are subscribed to the Google Groups "tink-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tink-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tink-users/1245380e-7ab5-44b7-8463-443dd109fbbcn%40googlegroups.com.

[Thai Duong]

On Tue, Jun 8, 2021 at 8:13 AM Anna Thomas <annath...@gmail.com> wrote:

Hi,

Got an update.

On searching the documentation for Tink 1.6.0, saw this (see attached screenshot)

On testing in my code, found that the following gave a valid output: 

            let config = try! TINKAeadConfig.init()

        try! TINKConfig.register(config)

        let template = try! TINKAeadKeyTemplate.init(keyTemplate: .TINKAes256Gcm)

        let handle = try! TINKKeysetHandle.init(keyTemplate: template)

        let firstData = handle.serializedKeyset()

Wait, does this function exist? I can't find it in https://github.com/google/tink/blob/master/objc/TINKKeysetHandle.h.

We don't support exporting the key material because we're afraid that users might dump it in insecure locations.

If you really want to get it, consider writing it to iOS KeyChain using writeToKeychainWithName, and then reading it from iOS KeyChain (like this).

--

You received this message because you are subscribed to the Google Groups "tink-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tink-users+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/tink-users/d4ec3621-7e44-420d-bc6c-0fcc7f7f9b67n%40googlegroups.com.

[Anna Thomas]

Wait, does this function exist? I can't find it in https://github.com/google/tink/blob/master/objc/TINKKeysetHandle.h.

Its inside TINKKeysetHandle+Cleartext.h

We don't support exporting the key material because we're afraid that users might dump it in insecure locations.

If you really want to get it, consider writing it to iOS KeyChain using writeToKeychainWithName, and then reading it from iOS KeyChain (like this).

 I went through this code. From what I understand, we need to copy the SecKey from Keychain and then convert it into Data format. right? I'm implementing it in swift. But is the above implementation incorrect(handle.serializedKeyset()) ? Our implementation requires this conversion hence that's why I'm trying to do this. 

[Thai Duong]

On Sun, Jun 13, 2021 at 10:30 PM Anna Thomas <an...@qburst.com> wrote:

Wait, does this function exist? I can't find it in https://github.com/google/tink/blob/master/objc/TINKKeysetHandle.h.

Its inside TINKKeysetHandle+Cleartext.h

Ah I see. It should work then. You don't need to directly get the key material from KeyChain (as I suggested earlier).

If you do

let config = try! TINKAeadConfig.init()
try! TINKConfig.register(config)
let template = try! TINKAeadKeyTemplate.init(keyTemplate: .TINKAes256Gcm)
let handle = try! TINKKeysetHandle.init(keyTemplate: template)
let firstData = handle.serializedKeyset()

then firstData is what you can share with the other parties. You should use a secure sharing mechanism.

We don't support exporting the key material because we're afraid that users might dump it in insecure locations.

If you really want to get it, consider writing it to iOS KeyChain using writeToKeychainWithName, and then reading it from iOS KeyChain (like this).

 I went through this code. From what I understand, we need to copy the SecKey from Keychain and then convert it into Data format. right? I'm implementing it in swift. But is the above implementation incorrect(handle.serializedKeyset()) ? Our implementation requires this conversion hence that's why I'm trying to do this. 

--
You received this message because you are subscribed to the Google Groups "tink-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tink-users+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/tink-users/3687c946-c54f-499a-87e7-05169cd01fa6n%40googlegroups.com.

[Anna Thomas]

Wow! Thank You Thai Duong!! 

Thanks a lot for the library and your time :) 

[Anna Thomas]

Yes I'll make sure the data is shared discretely :)