iPhone-使用私钥的NSData进行数据签名 [英] iphone - data signing using NSData of the private key

问题描述

我正在开发电子银行iPhone应用程序.
我正在使用带有XML-Signature的WSS将请求签名到客户的SOAP服务器.
由于无法信任iPhone设备(由于越狱)，因此客户 要求是在将密钥存储到钥匙串中之前手动加密RSA密钥对(使用AES128).

根据到目前为止的发现，密钥在生成时会自动添加到钥匙串中. 因此，我的想法是事后提取数据(与在CryptoExercise示例中提取公钥的方式相同)，从钥匙串中删除密钥，进行AES加密，然后将其作为自定义NSData再次存储到钥匙串中.

1)您是否对此有任何疑问?
我在某处读到，检索数据或删除密钥可能需要某种密码，尽管我没有密码.我将在今天晚些时候尝试此操作，如果在此期间未发布答案，则将发布答案:)

2)如果没有在代码中实施更多hack，我找不到是否可以使用此密钥?
它看起来像SecKeyRawSign方法，仅接受SecKeyRef引用，该引用是指向钥匙串中的钥匙的指针.还有其他使用密钥的NSData进行签名的方法吗?
我目前唯一的想法是使用SecItemAdd方法在签名前将未加密的密钥添加到钥匙串中，并在签名后将其删除.但是我不喜欢这样，因为它会一直发生，并且如果在从钥匙串中拔出钥匙之前关闭应用程序(崩溃或类似的事情)，它将保留在那里，直到下次启动应用程序为止. >

有更好的解决方案的想法吗?

致谢

解决方案

考虑检查Apple示例和文档的安全性.框架: https://developer.apple.com/library/ios/#DOCUMENTATION/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208-SW13 -看到此链接

I am working on a e-banking iphone application.
I am using WSS with XML-Signature to sign the requests to the customer's SOAP server.
Since the iPhone device can not be trusted (due to jail-breaking), the customer requirement is to manually encrypt the RSA key pair (using AES128) before storing the keys into keychain.

From what I have found so far, the keys are automatically added to the keychain when generated.
So my idea is to extract the data afterwards (the same way the public key is extracted in the CryptoExercise example), remove the keys from keychain, do the AES encryption and store it again into keychain as a custom NSData.

1) Do you see any problem with this ?
I read somewhere that retrieving the data or deleting the key might require some sort of password, although I didn't got what password. I will try this later today and will post the answer if no answer is posted in meantime :)

2) I can not find if there is any way to use this key without implementing some more hacks in the code?
It seams like the SecKeyRawSign method only accepts a SecKeyRef reference which is a pointer to the key in keychain. Is there some other method for signing using the NSData of the key ?
The only idea I have in the moment is to use SecItemAdd method to add the non-encrypted key into the keychain before signing, and remove it after signing. But I don't like this since it will happen all the time, and if the application is shut down (crashes or something) before the key is removed from keychain it will remain there until lets say the next time application is started.

Any idea for a better solution ?

regards

解决方案

Consider checking Apple example and documentation for Security. Framework: https://developer.apple.com/library/ios/#DOCUMENTATION/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208-SW13 - see this link

这篇关于iPhone-使用私钥的NSData进行数据签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！