iPhone TrustStore CA证书 [英] iPhone TrustStore CA certificates

问题描述

任何人都有一个线索如何改变 Security.framework / TrustStore.sqlite3 的内容。看起来好像iPhone使用它来存储受信任的CA证书。我真的想让我的iPod touch信任我的自定义证书。除此之外，任何人都知道一个应用程序（win32）编辑sqlite3数据库文件（除了sqliteman，这一个总是为我崩溃）。

Does any of you have a clue how to alter the contents of Security.framework/TrustStore.sqlite3. It seems as if the iPhone uses it to store trusted CA certificates. I really want my iPod touch to trust my custom certificate. Beside that, does anyone of you know an app (win32) to edit sqlite3 database files (except sqliteman, this one always crashes for me).

推荐答案

我可以想象别人会遇到这个问题，因此我想回答它是如何工作的（苹果不会喜欢看到）：

I can imagine that someone else will encounter this problem, therefore I'd like to answer how it works (Apple won't like to see that):

1st）iPhoneOS信任存储在/System/Library/Frameworks/Security.framework/TrustStore.sqlite3中的每个CA证书

1st) The iPhoneOS trusts every CA certificate stored in /System/Library/Frameworks/Security.framework/TrustStore.sqlite3

第二）该数据库中的某些字段包含数据我不明白，而其他的意思像SHA1是很明显的。

2nd) Some fields in that database contain data which I did not understand, while other's meanings like "SHA1" are quite obvious.

第三）在你的iPod / iPhone有两个不同的TrustStore.sqlite3s。第二个位于/private/var/Keychains/TrustStore.sqlite3。它们之间的唯一区别是，Apple只信任Security.framework中的内容。

3rd) There are two different TrustStore.sqlite3s on your iPod/iPhone. The second one is located at /private/var/Keychains/TrustStore.sqlite3. The only difference between those is that Apple only trusts the contents of the one in Security.framework.

4）后者用于存储用户安装的证书（感谢，

4th) The latter one is used to store user installed certificates (thanks, koregan), while the table layout is the same.

第5）使用Mail或Safari打开您的自签名证书并安装它。

5th) Open your self-signed certificate using Mail or Safari and install it.

6th）使用您最喜欢的SQLite数据库管理器打开/private/var/Keychains/TrustStore.sqlite3，并在SHA1BLOB包含您的CA证书的哈希值的tsettings中查找该行。

6th) Open /private/var/Keychains/TrustStore.sqlite3 using your favourite SQLite database manager and look for the row in tsettings whose "SHA1" BLOB contains the hash of your CA certificate.

7th）提取整行并将其插入到TrustStore.sqlite3的tsettings表中。

7th) Extract the whole row and insert it into TrustStore.sqlite3's tsettings table.

8th）确保您复制了数据库

8th) Make sure you copied the database back to the device, reboot it.

9th）现在应该完全信任由您的自定义CA签名的证书。

9th) By now it should totally trust those certificates which are signed by your custom CA.

这篇关于iPhone TrustStore CA证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！