I am saying ignore the details of the format, treat certificates as binary blobs or plain strings or whatever that is opaque, and let crypto API parse it. You can ditch Apple API entirely and compile your own OpenSSL if you find it difficult to use.
On May 14, 2014, at 0:56, Jens Alfke <j...@mooseyard.com> wrote: > > On May 13, 2014, at 9:33 AM, Maxthon Chan <xcvi...@me.com> wrote: > >> Whatever that is there is, for 100% sure, some form of standardised format >> that iOS, Android and your Java server will be able to deal with with higher >> level API. > > *hollow laugh* > > There are lots of different standardized formats. It’s just a simple matter > of poking through a bunch of raw binary data to try to figure out which one > you have. > > Apple’s crypto/security frameworks are absolutely the most frustrating APIs > I’ve ever worked with. The domain is inherently pretty complex, but Apple's > APIs are also badly designed, badly documented, unreliable, and inconsistent > between platforms. In general I think Apple designs good APIs, but for some > reason crypto is a major exception. I’ve come to physically dread having to > touch any code relating to crypto on iOS — I literally get headaches and > stomach cramps after struggling with that stuff. > > Other platforms' APIs are better, but the underlying formats and protocols > are still hard to work with. ASN.1 and DER/BER are nasty formats that make > XML look trivial. No one can agree on how to properly format X.509 certs[1]. > And for some reason the authors of cryptography books assume you don’t > actually need to know any of this useful stuff, so instead of explaining it > they fill the book with abstract discussions of the math behind RSA and the > difference between CBC and ECB cipher modes. > > OK, enough ranting. > > —Jens > > [1]: https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt is a fun read, > dripping with sarcasm. Really. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
