如何在iPhone钥匙串中建立SecIdentityRef? (无.p12) [英] How to establish a SecIdentityRef in an iPhone keychain ? (Without a .p12)
问题描述
如果
1)您已经在钥匙串和
中拥有私钥,那么如何在iPhone钥匙串中创建SecIdentityRef?2)您刚刚从CA收到了证书?
How do you create a SecIdentityRef in an iPhone keychain if 1) you already have the private key in the keychain and 2) you have just received the certificate from a CA?
在这种情况下,SecPKCS12Import无效,除非有一个API可以通过私钥和证书创建.p12。
SecPKCS12Import does not help in this case unless there is an API to create a .p12 from a private key and a certificate.
SecIdentityCreateWithCertificate将是Mac上的答案,但它不存在于iPhone上。
SecIdentityCreateWithCertificate would be the answer on the Mac but it does not exist on the iPhone.
是否可以使用SecItemAdd?
http://developer.apple.com/library /ios/#documentation/Security/Reference/keychainservices/Reference/reference.html
Is it possible using SecItemAdd ? http://developer.apple.com/library/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html
非常感谢,Andrew
many thanks, Andrew
推荐答案
OK,回答我自己的问题:
OK, to answer my own question:
在iOS上,钥匙串会自动将证书绑定到私人键。这意味着您只需要:
On iOS the keychain will automatically bound the certificate to the private key. That means you only need to:
- 生成密钥对
- 获取与私钥
- 将证书插入钥匙串。
获取证书/私钥的SecIdentityRef。
After this you should be able to get a SecIdentityRef for the certificate / private key.
重要:
SecItemAdd 直接插入证书数据(DER表示的NSData)。这样,您将能够获取有效的证书引用,但不能获取身份引用。
要插入证书的正确方法是首先使用 SecCertificateCreateWithData 函数超过证书的DER字节。这将返回一个 SecCertificateRef 对象,然后应该使用 SecItemAdd 函数将证书持久化到钥匙串中。
IMPORTANT:
SecItemAdd function allows you to insert the certificate data directly (NSData of the DER representation). This way you will be able to get a valid certificate reference, but not an identity ref.
The right way to insert the certificate is to first use the SecCertificateCreateWithData function over the DER bytes of the certificate. This will return a SecCertificateRef object which then should be used to persist the certificate into the keychain using the SecItemAdd function.
我希望这会使某人的生活更容易; - )
I hope this will make someone's life easier ;-)
尊敬的,
Pece
Regards, Pece
这篇关于如何在iPhone钥匙串中建立SecIdentityRef? (无.p12)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
