swift-crypto icon indicating copy to clipboard operation
swift-crypto copied to clipboard

Published 20 hours ago verified publisher icon apple

New API Proposal: RSA Key Support

Open 0xTim opened this issue 5 years ago • 11 comments

New API Proposal: RSA Key Support

Motivation:

RSA is a widely used and popular public key system used for key exchange and popular with JWTs and older TLS versions among other uses. Although relatively old and slow, it is still widely supported and heavily used, justifying its inclusion in Swift Crypto. BoringSSL has the code in it required, so those APIs would need to be exposed.

Importance:

A lot of systems still use RSA to public key encryption and validation. Apple's own Sign in With Apple service provides a JWT that is signed using an RSA key, provided as a JWK. Without RSA support in Swift Crypto, we are unable to use that library to verify JWTs from Apple on the server-side.

0xTim avatar Feb 07 '20 12:02 0xTim

Thanks for this feature request! We'll circulate it with the team and get back to you.

Lukasa avatar Feb 07 '20 14:02 Lukasa

Would be really great to see the support of RSA inside swift-crypto. It is such a common use-case and we had to fall back to the Security framework on iOS to generate RSA keys now.

FranzBusch avatar Aug 13 '20 12:08 FranzBusch

I've hit the lack of RSA support in this project today - adding my voice: it'd be great to see RSA key support ❤️

tonyarnold avatar Aug 31 '21 06:08 tonyarnold

I guess the requested feature has been implemented here: https://github.com/apple/swift-crypto/blob/main/Sources/_CryptoExtras/RSA/RSA.swift

Does that solve your problem?

fabianfett avatar Feb 01 '22 18:02 fabianfett

Ooh it could well do

0xTim avatar Feb 01 '22 18:02 0xTim

@0xTim : Can you confirm this addresses your request?

FredericJacobs avatar Feb 02 '22 16:02 FredericJacobs

@FredericJacobs sure, give me a few days to see if it offers everything we need for JWTKit

0xTim avatar Feb 02 '22 17:02 0xTim

Would it be possible to include a way to extract the data representations of the modulus, exponent and private exponent for the public and private keys? an initialiser using those would be amazing as well!

JaapWijnen avatar May 06 '22 20:05 JaapWijnen

What's the intended use-case?

Lukasa avatar May 09 '22 12:05 Lukasa

@FredericJacobs I was taking a look at the JWTKit API in order to see what was needed to move to swift-crypto's RSA implementation. There's this initializer that's part of the public API https://github.com/vapor/jwt-kit/blob/449850f0db4769c630d90ff09ee1be2a5a382bd8/Sources/JWTKit/RSA/RSAKey.swift#L145, Secondly there's also an initializer using a certificate string to create an RSAKey, https://github.com/vapor/jwt-kit/blob/449850f0db4769c630d90ff09ee1be2a5a382bd8/Sources/JWTKit/RSA/RSAKey.swift#L65. I'm not well versed enough in these to know if it's trivial to convert between these representations of certificate strings and pemkey formats to the n, e, d formats ourselves but couldn't find anything conclusive on that while doing some reading. So those would be the main missing features regarding RSA keys.

@Lukasa I'm working on an OpenSSH private key parser currently used along with swift-nio-ssh where I'm reading the modulus etc from the openssh format itself to then create an RSAKey with (using BoringSSL currently). I would like to move to swift-crypto's RSA implementation instead (if possible).

JaapWijnen avatar May 10 '22 16:05 JaapWijnen

I think we can probably add a "from numbers" interface to RSA.

Lukasa avatar May 10 '22 16:05 Lukasa