pub type SecKeyAlgorithm = CFString;SecKey only.Expand description
Available algorithms for performing cryptographic operations with SecKey object. String representation of constant can be used for logging or debugging purposes, because they contain human readable names of the algorithm.
Raw RSA sign/verify operation, size of input data must be the same as value returned by SecKeyGetBlockSize().
RSA sign/verify operation, assumes that input data is digest and OID and digest algorithm as specified in PKCS# v1.5. This algorithm is typically not used directly, instead use algorithm with specified digest, like kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256.
RSA signature with PKCS#1 padding, input data must be SHA-1 generated digest.
RSA signature with PKCS#1 padding, input data must be SHA-224 generated digest.
RSA signature with PKCS#1 padding, input data must be SHA-256 generated digest.
RSA signature with PKCS#1 padding, input data must be SHA-384 generated digest.
RSA signature with PKCS#1 padding, input data must be SHA-512 generated digest.
RSA signature with PKCS#1 padding, SHA-1 digest is generated by called function automatically from input data of any size.
RSA signature with PKCS#1 padding, SHA-224 digest is generated by called function automatically from input data of any size.
RSA signature with PKCS#1 padding, SHA-256 digest is generated by called function automatically from input data of any size.
RSA signature with PKCS#1 padding, SHA-384 digest is generated by called function automatically from input data of any size.
RSA signature with PKCS#1 padding, SHA-512 digest is generated by called function automatically from input data of any size.
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, input data must be SHA-1 generated digest. PSS padding is calculated using MGF1 with SHA1 and saltLength parameter is set to 20 (SHA-1 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, input data must be SHA-224 generated digest. PSS padding is calculated using MGF1 with SHA224 and saltLength parameter is set to 28 (SHA-224 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, input data must be SHA-256 generated digest. PSS padding is calculated using MGF1 with SHA256 and saltLength parameter is set to 32 (SHA-256 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, input data must be SHA-384 generated digest. PSS padding is calculated using MGF1 with SHA384 and saltLength parameter is set to 48 (SHA-384 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, input data must be SHA-512 generated digest. PSS padding is calculated using MGF1 with SHA512 and saltLength parameter is set to 64 (SHA-512 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, SHA-1 digest is generated by called function automatically from input data of any size. PSS padding is calculated using MGF1 with SHA1 and saltLength parameter is set to 20 (SHA-1 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, SHA-224 digest is generated by called function automatically from input data of any size. PSS padding is calculated using MGF1 with SHA224 and saltLength parameter is set to 28 (SHA-224 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, SHA-256 digest is generated by called function automatically from input data of any size. PSS padding is calculated using MGF1 with SHA256 and saltLength parameter is set to 32 (SHA-256 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, SHA-384 digest is generated by called function automatically from input data of any size. PSS padding is calculated using MGF1 with SHA384 and saltLength parameter is set to 48 (SHA-384 output size).
RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, SHA-512 digest is generated by called function automatically from input data of any size. PSS padding is calculated using MGF1 with SHA512 and saltLength parameter is set to 64 (SHA-512 output size).
ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest generated by some hash functions.
ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest created by SHA1 algorithm.
ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest created by SHA224 algorithm.
ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest created by SHA256 algorithm.
ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest created by SHA384 algorithm.
ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest created by SHA512 algorithm.
ECDSA algorithm, signature is in DER x9.62 encoding, SHA-1 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is in DER x9.62 encoding, SHA-224 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is in DER x9.62 encoding, SHA-256 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is in DER x9.62 encoding, SHA-384 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest generated by some hash functions.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA1 algorithm.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA224 algorithm.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA256 algorithm.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA384 algorithm.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA512 algorithm.
ECDSA algorithm, signature is concatenated r and s, big endian, SHA-1 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is concatenated r and s, big endian, SHA-224 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is concatenated r and s, big endian, SHA-256 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is concatenated r and s, big endian, SHA-384 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is concatenated r and s, big endian, SHA-512 digest is generated by called function automatically from input data of any size.
ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest generated by some hash function. This is deprecated algorithm, replaced by kSecKeyAlgorithmECDSASignatureDigestRFC4754
Raw RSA encryption or decryption, size of data must match RSA key modulus size. Note that direct use of this algorithm without padding is cryptographically very weak, it is important to always introduce some kind of padding. Input data size must be less or equal to the key block size and returned block has always the same size as block size, as returned by SecKeyGetBlockSize().
RSA encryption or decryption, data is padded using PKCS#1 padding scheme. This algorithm should be used only for backward compatibility with existing protocols and data. New implementations should choose cryptographically stronger algorithm instead (see kSecKeyAlgorithmRSAEncryptionOAEP). Input data must be at most “key block size - 11” bytes long and returned block has always the same size as block size, as returned by SecKeyGetBlockSize().
RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA1. Input data must be at most “key block size - 42” bytes long and returned block has always the same size as block size, as returned by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM to be able to encrypt and decrypt arbitrary long data.
RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA224. Input data must be at most “key block size - 58” bytes long and returned block has always the same size as block size, as returned by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM to be able to encrypt and decrypt arbitrary long data.
RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA256. Input data must be at most “key block size - 66” bytes long and returned block has always the same size as block size, as returned by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM to be able to encrypt and decrypt arbitrary long data.
RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA384. Input data must be at most “key block size - 98” bytes long and returned block has always the same size as block size, as returned by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM to be able to encrypt and decrypt arbitrary long data.
RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA512. Input data must be at most “key block size - 130” bytes long and returned block has always the same size as block size, as returned by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM to be able to encrypt and decrypt arbitrary long data.
Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used as authentication data for AES-GCM encryption.
Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used as authentication data for AES-GCM encryption.
Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used as authentication data for AES-GCM encryption.
Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used as authentication data for AES-GCM encryption.
Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used as authentication data for AES-GCM encryption.
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM in new code. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG and all-zero 16 byte long IV (initialization vector).
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512. AES Key size is 128bit for EC keys < =256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF. AES-GCM uses 16 bytes long TAG, AES key is first half of KDF output and 16 byte long IV (initialization vector) is second half of KDF output.
Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key.
Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key.
Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
See also Apple’s documentation
Aliased Type§
#[repr(C)]pub struct SecKeyAlgorithm { /* private fields */ }