如何安全地存储公钥/私钥 [英] How to store public/private key securely
问题描述
希望在 iOS 设备上安全地存储公钥/私钥信息.我知道我想将它存储在 KeyChain 中,但是我不是 100% 确定我需要在 SecRecord 中填充什么样的属性.我打算做类似的事情:
Looking to store public/private key information securely on an iOS device. I know I want to store this in the KeyChain however I am not 100% sure what sort of attributes I need to populate in the SecRecord. I was going to do something like:
// private key
SecKeyChain.Add(new SecRecord(SecKind.Key)
{
Accessible = SecAccessible.AlwaysThisDeviceOnly,
KeySizeInBits = 512,
KeyClass = SecKeyClass.Private,
CanSign = true,
ValueData = privateKeyValue,
Account = publicKeyValue
});
哪个将存储私钥,然后对公钥遵循类似的方法,用用户唯一的值替换 Account 属性,例如用户名.但是,不确定这是否是正确的使用方法.
Which would store the private key, then follow a similar approach for the public key replacing the Account attribute with a value unique to the user e.g. username. However, not sure if this is the right way to use this.
有没有人有一个很好的例子来说明您将如何专门为密钥执行此操作?
Does anyone have a good examples on how you would do this specifically for keys?
推荐答案
决定采用以下方法:
// store public key
SecKeyChain.Add(new SecRecord(SecKind.Key)
{
ApplicationLabel = userName,
Accessible = SecAccessible.AlwaysThisDeviceOnly,
KeySizeInBits = 512,
KeyClass = SecKeyClass.Public,
ValueData = NSData.FromString(publicKey)
});
// store private key
SecKeyChain.Add(new SecRecord(SecKind.Key)
{
ApplicationLabel = publicKey,
Accessible = SecAccessible.AlwaysThisDeviceOnly,
KeySizeInBits = 512,
KeyClass = SecKeyClass.Private,
CanSign = true,
ValueData = NSData.FromString(secretKey)
});
这意味着每个公钥都映射到一个单独的用户,每个私钥映射到一个公钥,这允许我存储多个用户密钥(而不是只存储当前登录的用户).
This means each public key is mapped to an individual user and each private key is mapped to a public key which allows me to store multiple user keys (rather than only storing current logged in users).
似乎工作正常,但是,仍然不能 100% 确定这是做这种事情的正确方法,所以一些澄清会很好.
Seems to work ok, however, still not 100% sure it is the correct way to do this kind of thing so some clarification would be nice.
这篇关于如何安全地存储公钥/私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
