I have been trying for a while to do some basic cryptography on my Mac OS X Mavericks. I would need MD5, SHA256, AES and possibly also RSA.
I need to develop in C++ but I only need a terminal application with Xcode. I DON'T need to do anything on iPhone. I have a very basic configuration and I am not an expert. I tried crypto++ and OpenSSL, both gave me immense lists of errors at build time.
Thanks!
Apple supplies several encryption Technologies Specific to OS X: General information.
CommonCrypto, a C-level API that can perform most symmetric encryption and decryption tasks
CDSA/CSSM—a legacy API that should be used only to perform tasks not supported by the other APIs, such as asymmetric encryption.
Security Transforms API—a Core-Foundation-level API that provides support for signing and verifying, symmetric cryptography, and Base64 encoding and decoding.
There is also OpenSSL, it is useful for many command line operations but is no longer provided by Apple mainly due to the incompatibilities between versions.
CommonCrypto is supported by both OSX and iOS, this is what I generally use. Security Transforms are OSX only and the newer technology. There are many examples of CommonCrypto usage on SO as well as libraries in GitHUb.
My suggestion is CommonCrypto, it is a "C" library so there should be no problem using it from C++.
Related
I was wondering if it's possible to build a Mach-O file, or modify an existing one and then re-sign it so that the code sections will be encrypted.
I know that there's a flag called cryptid that represent the encryption type (by values `EncryptionInfo32/64 for load commands LC_ENCRYPTION_INFO_32/64 respectively)
However, I couldn't find anywhere in Xcode for how it's done.
EDIT : I'm well aware that it can be done in iOS, but my question relate to macOS, does the platform support this encryption feature in Mach-O file ?
EDIT2: So after reading the other question I understood that the whole encryption thing can only be done by appStore which is after the Mach-O file is already left the developer side. So in this case, Apple actually controlled the encryption/decryption algo+key and it's completely outside the developer hand, right ?
Also, since the Mach-O is being changed during the encryption, so who's in charge to re-sign the application ?
Thanks
No, you cannot do this.
The only "supported" way of getting LC_ENCRYPTION_INFO added to your binary is by distributing through the iOS App Store. It is Apple who checks your binary for compliance with their rules, then encrypts the binary and re-signs it.
This is all backed by "FairPlay", Apple's proprietary DRM stack. Not much is known about it since the code is heavily obfuscated, but it is widely believed that it's built on features of Apple's custom hardware AES engine. Given this, it may or may not be possible to create an encryptor yourself, but it would require immense reverse engineering efforts to even find out.
Further, the entire FairPlay stack is only present on Apple's own chips. It is indeed available on M1 Macs, as you can install iOS apps off the shelf (so long as you leave SIP enabled), but it is not available at all on Intel Macs (the relevant kexts are IOTextEncryptionFamily.kext and FairPlayIOKit.kext, the latter of which is obfuscated).
The title is self explanatory.
A decision was made early on not to re-invent crypto in managed classes, it caused lots of problems for FIPS and frankly why re-invent the wheel?
So we use the OS facilities for crypto - we call into CNG on Windows, and then, because OpenSSL is basically the standard on Linux we use that. It also means when there are crypto bugs you don't have to wait for .NET Core to get updated, you just update the OS.
I'm super curious how install4j is able to do code signing cross platform. It's working really great for me, but I'd just love to know what your approach is for signing windows executables from other OSes. Thanks!
I just found your extremely detailed page on this at:
http://blog.ej-technologies.com/2009/04/signing-launchers-and-installers.html
Short answer: use signtool with mono or osslsigncode!
Thanks guys.
Since install4j 5.1, code signing for Windows and Mac OS X is implemented in Java code and does not require any external tools. Code signing uses open standards both on Windows and Mac OS X, so it's possible to implement it with a crypto library like Bouncy Castle. It's not straight-forward and the details are fairly involved, but no proprietary APIs from the operating system are required.
I work on a vertical-market Mac application that uses a USB dongle to make sure users have paid for it. It's expensive enough, and in enough demand, that "black hats" have tried to crack the dongle scheme, so the app checks the executable and key resource files at runtime, and if something has been tampered with, the program won't run.
With PKI (Public Key Infrastructure) based code signing becoming more commonplace in the Mac world, I'm considering switching to using it to do this runtime verification, which would have the nice side effect of making Gatekeeper happy.
However, Apple's interest is very different from mine. Their focus is on making the user happy, so if an app has an incorrect signature, Mac OS X will simply ask the user if they want to run it anyway. My focus is on thwarting crackers, so if my app has an incorrect signature, I simply don't want it to do anything that's useful to an end-user.
So I want my app to be able to validate its own executable and resources, using Apple's signatures, at runtime.
Also, from what I've read of the libraries offered Mac OS X for doing validation, they simply give a "yes" or "no" answer to requests to validate an executable. It strikes me that this is susceptible to "black hat" attack in a number of ways - for instance, one could simply replace Apple's tools with ones that always say, "yes, this is valid", either in the system directories or by changing the search path for those tools. So I think it might be a good idea to build the complete set of signature validation code into my app.
So I have a few questions:
What PKI libraries/APIs are available to let an app validate its own executable and resources which have been signed using Apple's codesign system?
Do these libraries have source code available?
Are my security concerns about using the PKI libraries Apple ships with Mac OS X valid, or are they safer to use than I think?
Does anybody have experience with this kind of thing they'd be willing to share? Are there other gotchas or tips?
Thanks in advance for any help with this.
To answer #1 and #2 above, Apple has open-sourced its code for creating and verifying digital signatures as libsecurity_codesigning. So a developer could build that into their app to let it validate its own signature.
Alternatively, MacOS's version of this library can be used by an app - but the API is private, so that's a gotcha. There's a brief discussion at this link.
I've been asked to redesign our build/sign/release processes. I'm pretty happy with Windows stuff and I've identified several networked-HSM products that will do what we need. They basically integrate directly with CryptoAPI so the people doing the signing can just use signtool.exe as normal.
We currently have a separate Mac team who do their own build/sign/release. This is all working fine on a couple of Mac Minis in one of our DCs. I'd like to protect our Mac software keys as well and so I'm trying to find out how to integrate a networked-HSM into our Mac signing process.
I can't find any good information about this anywhere! So I'm hoping someone in here has done this already and can lessen my pain.
The actual questions are;
1) Can I use a HSM with the standard Mac code-signing tools?
2) Can anyone recommend a vendor/product for the above?
3) Can anyone point me towards some good documentation on Mac code signing and the inner-workings of the Mac crypto infrastructure?
Cheers
BHB
I don't believe any of the major HSM vendors (nCipher, SafeNet, etc.) have any hooks into the Mac code signing tools, nor do I believe Apple exposes any. Your best bet would be to try and determine what the code signing mechanism looks like when performed by the Mac tools and then try and duplicate it yourself manually. However, off the top of my head, I don't recall seeing that the major vendors support OSX-based HSM clients out of the box. I know that SafeNet supports Java via a custom JCE provider. If there's a PKCS#11 interface you can hook into, then you may be able to leverage OpenSSL or another similar toolkit, but it will result in some work for you.