· 6 years ago · May 04, 2019, 06:16 PM
1/* Device Data encryption - create JWE given DS publicKey */
2+(NSString *)createJWE:(NSString *)payload withPublicKey:(SecKeyRef)publicKey {
3// create secretKey for encryption
4NSData *secret = [self generateRandom:(KEY_SIZE*2)];
5NSData *hmacKey = [secret subdataWithRange:NSMakeRange(0, KEY_SIZE)]; NSData *aesKey = [secret subdataWithRange:NSMakeRange(KEY_SIZE,
6KEY_SIZE)];
7 NSData *iv = [self generateRandom: IV_SIZE];
8// create header
9NSString *header = @"{\"enc\":\"A128CBC-HS256\",\"alg\":\"RSA-OAEP\"}";
10// encrypt secretKey
11NSData *encryptedKey = [self rsaEncrypt:secret key:publicKey];
12 // encrypt payload
13NSData *encrypted = [self aesEncrypt:[payload dataUsingEncoding:NSUTF8StringEncoding] withKey:aesKey withIV:iv];
14NSString *basePayload = [encrypted unpaddedBase64URLEncoded];
15NSString *baseCEK = [encryptedKey unpaddedBase64URLEncoded];
16NSString *baseHeader = [[header dataUsingEncoding:NSUTF8StringEncoding]
17unpaddedBase64URLEncoded];
18NSString *baseIV = [iv unpaddedBase64URLEncoded];
19// create auth hash
20NSData *hmac = [self hmac: encrypted withKey: hmacKey withIV: iv withA:
21[baseHeader dataUsingEncoding:NSASCIIStringEncoding]];
22return [NSString stringWithFormat:@"%@.%@.%@.%@.%@", baseHeader, baseCEK, baseIV, basePayload, [[self hmacToTag: hmac] unpaddedBase64URLEncoded]];
23}