SecKeyRawVerify在mac上验证,但在iOS上失败与-9809 [英] SecKeyRawVerify verifies on mac but fails with -9809 on iOS

查看:2510
本文介绍了SecKeyRawVerify在mac上验证,但在iOS上失败与-9809的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要在mac上数字登录一些数据,然后在iOS上验证。所以我生成RSA密钥对和证书的公钥的DER格式与打开ssl(尝试一代与SecKeyGeneratePair,但是很难导入公钥到iOS和SecKeyRawVerify仍然不工作与相同的结果),并签署我的数据Mac应用程式。然后,如果我验证此数据在iOS验证失败与-9809错误代码,但如果执行相同的代码在mac验证成功。

I need to digitally sign on mac some data and then verify it on iOS. So I generated RSA keypair and certificate for public key in DER format with open ssl (tried generation with SecKeyGeneratePair but then it is harder to import Public key to iOS and SecKeyRawVerify still doesn't work with the same result), and signed my data on Mac app. Then if I verify this data on iOS verification fails with -9809 error code, but if execute the same code on mac verification succeeds.

这是我的验证代码:

NSString* certPath = [[NSBundle mainBundle] pathForResource: @"Public" ofType:@"der"];
NSData* certificateData = [NSData dataWithContentsOfFile: certPath];

SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); // load the certificate

SecPolicyRef secPolicy = SecPolicyCreateBasicX509();

SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
SecTrustResultType resultType;
OSStatus statusTrustEval =  SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);

NSString* licensingPolicyString = @"ZKL3YXtqtFcIeWRqSekNuCmtu/nvy3ApsbJ+8xad6cO/E8smLHGfDrTQ3h/38d0IMJcUThsVMyX8qtqILmPeTnBpZgJetBjb8kAfuPznzxOrIcYd27/50ThWv6guLqZL7j1apnfRZHAdMiozvEYH62sma1Q9qTl+W7qxEAxWs2AXDTQcF7nGciEM6MEohs8u879VNIE1VcPW8ahMoe25wf8pvBvrzE0z0MR4UFE3ZSWIeeQsiaUPYFwHbfQAOifaw/qIisjL5Su6WURoaSupWTMdQh3ZNyqZuYJaT70u8S7NgF3BzG8uBiYOUYsf6UayvkABmF0UuMdcvhPQefyhuXsiYWxsb3dFeGNoYW5nZSI6dHJ1ZSwiYWxsb3dTaGFmZXIiOnRydWUsInBvbGljeSBuYW1lIjp0cnVlfQ==";

size_t signedHashBytesSize  = SecKeyGetBlockSize(publicKey);

NSData* messageData = [[NSData alloc] initWithBase64EncodedData:[licensingPolicyString dataUsingEncoding: NSUTF8StringEncoding] options:0];

NSData* signatureData = [messageData subdataWithRange:NSMakeRange(0, signedHashBytesSize)];
NSData* rawMessageData = [messageData subdataWithRange: NSMakeRange(signedHashBytesSize, messageData.length - signedHashBytesSize)];


uint8_t sha1HashDigest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1([rawMessageData bytes], (CC_LONG)[rawMessageData length], sha1HashDigest);

OSStatus verficationResult = SecKeyRawVerify(publicKey,  kSecPaddingPKCS1SHA1, sha1HashDigest, CC_SHA1_DIGEST_LENGTH, [signatureData bytes], [signatureData length]);
CFRelease(publicKey);
CFRelease(trust);
CFRelease(secPolicy);
CFRelease(certificateFromFile);
if (verficationResult == errSecSuccess) NSLog(@"Verified");

Mac和iOS的数字签名验证有什么区别?我没有在苹果的文档中找到任何东西。

Is there some difference in digital signature verification for Mac and iOS? I didn't manage to find anything about it in Apple's documentation.

推荐答案

ve发现,改变填充协议SecKeyRawVerify / SecKeyRawSign从kSecPaddingPKCS1SHA1到kSecPaddingPKCS1,解决我的问题。不知道为什么它不工作与kSecPaddingPKCS1SHA1,有没有deprecations苹果的文档中描述。另外,我没有尝试这个代码在iOS不同于8.3,所以也许是iOs8.3问题。

Well after some experimenting with sign/verify, I've found out that changing padding agreement to SecKeyRawVerify/SecKeyRawSign from kSecPaddingPKCS1SHA1 to kSecPaddingPKCS1, solves my problem. Don't know why it doesn't work with kSecPaddingPKCS1SHA1, there is not deprecations described in Apple's documentation. Also I didn't try this code on iOS different from 8.3 so maybe it is iOs8.3 issue.

这篇关于SecKeyRawVerify在mac上验证,但在iOS上失败与-9809的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆