Home

Awesome

Virgil Pythia Objective-C/Swift SDK

Build Status CocoaPods Compatible Platform SPM compatible GitHub license

Introduction | SDK Features | Installation | Usage Examples | Docs | Support

Introduction

<a href="https://developer.virgilsecurity.com/docs"><img width="230px" src="https://cdn.virgilsecurity.com/assets/images/github/logos/virgil-logo-red.png" align="left" hspace="10" vspace="6"></a>Virgil Security provides an SDK which allows you to communicate with Virgil Pythia Service and implement Pythia protocol in order to generate user's BrainKey. BrainKey is a user's Private Key which is based on user's password. BrainKey can be easily restored and is resistant to online and offline attacks.

SDK Features

Installation

Virgil Pythia SDK is provided as a set of frameworks. These frameworks are distributed via SPM and CocoaPods. Also in this guide, you find one more package called VirgilCrypto (Virgil Crypto Library) that is used by the SDK to perform cryptographic operations.

Frameworks are available for:

COCOAPODS

CocoaPods is a dependency manager for Cocoa projects. You can install it with the following command:

$ gem install cocoapods

To integrate Virgil Pythia into your Xcode project using CocoaPods, specify it in your Podfile:

target '<Your Target Name>' do
  use_frameworks!

  pod 'VirgilSDKPythia', '~> 0.12.1'
end

Then, run the following command:

$ pod install

Swift Package Manager

Swift Package Manager is an official Apple tool for managing the distribution of Swift code.

The Apple documentation can be used to add frameworks to an Xcode project.

Usage Examples

BrainKey

PYTHIA Service can be used directly as a means to generate strong cryptographic keys based on user's password or other secret data. We call these keys the BrainKeys. Thus, when you need to restore a Private Key you use only user's Password and Pythia Service.

In order to create a user's BrainKey, go through the following operations:

Generate BrainKey based on user's password

import VirgilSDK
import VirgilSDKPythia

/// 1. Specify your JWT provider

// Get generated token from server-side
let authenticatedQueryToServerSide: ((String) -> Void) -> Void = { completion in
    completion("eyJraWQiOiI3MGI0NDdlMzIxZjNhMGZkIiwidHlwIjoiSldUIiwiYWxnIjoiVkVEUzUxMiIsImN0eSI6InZpcmdpbC1qd3Q7dj0xIn0.eyJleHAiOjE1MTg2OTg5MTcsImlzcyI6InZpcmdpbC1iZTAwZTEwZTRlMWY0YmY1OGY5YjRkYzg1ZDc5Yzc3YSIsInN1YiI6ImlkZW50aXR5LUFsaWNlIiwiaWF0IjoxNTE4NjEyNTE3fQ.MFEwDQYJYIZIAWUDBAIDBQAEQP4Yo3yjmt8WWJ5mqs3Yrqc_VzG6nBtrW2KIjP-kxiIJL_7Wv0pqty7PDbDoGhkX8CJa6UOdyn3rBWRvMK7p7Ak")
}

// Setup AccessTokenProvider
let accessTokenProvider = CallbackJwtProvider { tokenContext, completion in
    authenticatedQueryToServerSide { jwtString in
        completion(jwtString, nil)
    }
}

/// 2. Setup BrainKey

let brainKeyContext = BrainKeyContext.makeContext(accessTokenProvider: accessTokenProvider)
let brainKey = BrainKey(context: brainKeyContext)

// Generate default public/private keypair which is Curve ED25519
// If you need to generate several BrainKeys for the same password,
// use different IDs (optional). Default brainKeyId value is nil.
let keyPair = try! brainKey.generateKeyPair(password: "Your password",
                                            brainKeyId: "Optional BrainKey id").startSync().getResult()

Generate BrainKey based on unique URL

The typical BrainKey implementation uses a password or concatenated answers to security questions to regenerate the user’s private key. But a unique session link generated by the system admin can also do the trick.

This typically makes the most sense for situations where it’s burdensome to require a password each time a user wants to send or receive messages, like single-session chats in a browser application.

Here’s the general flow of how BrainKey can be used to regenerate a private key based on a unique URL:

Important notes for implementation:

...
    let keyPair = try! brainKey.generateKeyPair(password: "abcdef13803488",
                                                brainKeyId: "Optional User SSN").startSync().getResult()
...

Note! if you don't need to use additional parameters, like "Optional User SSN", you can just omit it: let keyPair = try! brainKey.generateKeyPair(password: "abcdef13803488").startSync().getResult()

Docs

Virgil Security has a powerful set of APIs, and the documentation below can get you started today.

License

This library is released under the 3-clause BSD License.

Support

Our developer support team is here to help you. Find out more information on our Help Center.

You can find us on Twitter or send us email support@VirgilSecurity.com.

Also, get extra help from our support team on Slack.