On May 14, 2014, at 7:15 AM, Roland King <r...@rols.org> wrote: > If you ask a similar question to the original poster on any of the Apple > Developer Forums you'll be advised not to generate key pairs on a device but > to do it on a server (the advice will probably come from Quinn)
That’s a weird idea. If the server creates the key-pair, then the server knows your private key, which I would consider a major security breach. If you’re going to trust the server with your credentials, you might as well skip the fiddly encryption stuff altogether and save yourself a lot of work. Otherwise the public keys and certs are just mumbo-jumbo to give the appearance of security. Put another way: one of the major purposes of public-key crypto is to put you in charge of your own encryption. You generate a key-pair locally on your device/computer, and the private key is known only to you and never leaves that device (except maybe inside a passcode-protected PKCS12 file.) I think of private keys as being like nuclear fuel rods — you keep them in a heavily shielded container (the Keychain) and never let them be exposed to daylight. If you do that, you have a very secure system. —Jens _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
