> On Jan 12, 2015, at 6:39 AM, Uli Kusterer <witness.of.teacht...@gmx.net> > wrote: > > On 12 Jan 2015, at 10:52, 2551 <2551p...@gmail.com> wrote: >> Given that my licences are being generated with OpenSSL in the FastSpring >> website, > > Didn't FastSpring have an SDK that you just drop into your app to validate > their licenses?
No, they support a couple third party solutions out of the box, or let you supply your own generator script. They were also nice enough to add a JavaScript API for me to support my own scheme since AquaticPrime and CocoaFOB didn’t work for me. Very helpful folks! > >> does that mean I HAVE TO use OpenSSL to validate them? I'm thinking the >> "DUH" answer here has to be "YES", but given my lack of knowledge about this >> topic, I'm taking nothing for granted. > > OpenSSL is just a security library that implements several standards and > algorithms. You can use any other library that implements the same standard > and algorithm as you are using. I.e. Windows AFAIK has its own security > library, yet can still read browser certificates that are (were?) validated > using OpenSSL on Mac and other platforms. If you use AquaticPrime, unfortunately, it does not generate standard signatures. It manually hashes and then encrypts using the private key. This sounds like a normal signature, but it is missing some information stored in standard PKCS #1 v2.0 signatures. This means that Security.framework WILL NOT be able to verify an AquaticPrime signature. The verify transform does not work for the above reason; and the decrypt transform does not work either because that would require you to decrypt using the public key. Security.framework enforces cryptographic hygiene - you can only decrypt with a private key and verify a signature with a public key. > LibreSSL is essentially OpenSSL, just a fixed version, so you should just > hear "LibreSSL" when anyone suggests using OpenSSL for anything and you'll be > fine. Security.framework is what Apple recommends and supports, so sounds > like a good idea. The only problem is that it is very limited. If it does > what you need it to (i.e. offers whatever algorithm FastSpring use), it's > probably the best choice as long as you don't plan going cross-platform > anytime soon. > > -- Uli > _______________________________________________ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/dave.fernandes%40utoronto.ca > > This email sent to dave.fernan...@utoronto.ca _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
