从密钥链中的密钥对中提取公钥 [英] Extracting a public key from key pair in key chain
问题描述
对于iPhone应用程序,我需要创建一个rsa密钥对,将其存储在密钥链中并检索公钥。
For an iPhone App, I need to create a rsa key pair, store it in the key chain and retrieve the public key.
幸运的是,Apple发布了一个加密练习可以找到我需要的所有内容的示例(类 SecKeyWrapper ,函数 generateKeyPair 和 getPublicKeyBits )。
Fortunately, Apple released a Crypto Exercise Sample where everything i need can be found (class SecKeyWrapper, functions generateKeyPair and getPublicKeyBits).
但是在尝试使用这些函数之后,我总是为不同密钥对的公钥获得相同的输出(而不是不同密钥对的不同公钥位)。
But after trying to use these functions, I always get the same output for my public key for different key pairs (instead of different public key bits for different key pairs).
我首先通过调用的 generateKeyPairWithKeySizeInBits (这似乎工作正常),然后我用 getPublicKeyBits 和NSLog提取公钥位...
I first create a key pair by calling generateKeyPairWithKeySizeInBits (which seems to work fine), afterwards I extract the public key bits with getPublicKeyBits and NSLog them...
- (void) generateKeyPairWithKeySizeInBits:(int)bits withPublicIdentifier:(NSString *)publicIdentifier andPrivateIdentifier:(NSString *)privateIdentifier
{
NSLog(@"begin generating key...");
OSStatus status = noErr;
NSMutableDictionary* privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary* publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary* keyPairAttr = [[NSMutableDictionary alloc] init];
NSData* publicTag = [publicIdentifier dataUsingEncoding:NSUTF8StringEncoding];
NSData* privateTag = [privateIdentifier dataUsingEncoding:NSUTF8StringEncoding];
SecKeyRef publicKey = NULL;
SecKeyRef privateKey = NULL;
[keyPairAttr setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id) kSecAttrKeyType];
[keyPairAttr setObject:[NSNumber numberWithInt:bits] forKey:(__bridge id) kSecAttrKeySizeInBits];
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id) kSecAttrIsPermanent];
[privateKeyAttr setObject:privateTag forKey:(__bridge id) kSecAttrApplicationTag];
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[publicKeyAttr setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
[keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
[keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];
SecItemDelete((__bridge CFDictionaryRef)keyPairAttr);
status = SecKeyGeneratePair((__bridge CFDictionaryRef) keyPairAttr, &publicKey, &privateKey);
if(status != noErr){
NSLog(@"status = %@",status);
}
if(publicKey){
NSLog(@"public key %@",publicKey);
}
if(privateKey){
NSLog(@"private key %@",privateKey);
}
[self getPublicKeyBits:publicIdentifier];
}
- (NSData *)getPublicKeyBits: (NSString*) publicKeyIdentifier {
OSStatus sanityCheck = noErr;
NSData * publicKeyBits = nil;
CFTypeRef pk;
NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];
NSData* publicTag = [publicKeyIdentifier dataUsingEncoding:NSUTF8StringEncoding];
// Set the public key query dictionary.
[queryPublicKey setObject:(__bridge_transfer id)kSecClassKey forKey:(__bridge_transfer id)kSecClass];
[queryPublicKey setObject:publicTag forKey:(__bridge_transfer id)kSecAttrApplicationTag];
[queryPublicKey setObject:(__bridge_transfer id)kSecAttrKeyTypeRSA forKey:(__bridge_transfer id)kSecAttrKeyType];
[queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge_transfer id)kSecReturnData];
// Get the key bits.
sanityCheck = SecItemCopyMatching((__bridge_retained CFDictionaryRef)queryPublicKey, &pk);
if (sanityCheck != noErr)
{
publicKeyBits = nil;
}
publicKeyBits = (__bridge_transfer NSData*)pk;
NSLog(@"public bits %@",publicKeyBits);
return publicKeyBits;
}
输出(公共位 - 部分(最后一行)始终是相同):
Output (the "public bits"-part (last line) is always the same):
2012-07-13 10:39:28.391 [12279:707] begin generating key...
2012-07-13 10:39:39.376 [12279:707] public key <SecKeyRef: 0xeb56e00>
2012-07-13 10:39:39.381 [12279:707] private key <SecKeyRef: 0xeb57800>
2012-07-13 10:39:39.397 [12279:707] public bits <3082010a 02820101 00ea41ec 12780dff 20a55d67 62ec9890 028ed031 eccd1163 5b4bd039 01adffb5 766f37b8 31be8d03 4a41240b 4e127b75 bc4dd8fb 5b404d4d ad18d711 5cf64a04 61c49970 1fef5434 215f80e4 efee8894 1f282f77 8ea5f7e3 35673260 80ee5f80 818d19d3 b7b15e5c f013ad7d 5ff5dd33 b3e57544 de50dc02 f28aa2ae d4b9590a 1e71bd05 79e81fb7 2a9cd592 cf412fe1 db7a89d4 05bd1731 f95f7aae 56ec4171 e9f352ec c26c3c15 05a0e84b 16c5e89d cec8b1a3 24365d4e dcea88a2 92d8c2e6 8f0e9aee e83703bc e66418af aa9dceea 1129f669 cf069b87 edde4cf7 5e313212 80f44e04 d5b5e2db 9e7f26ae 9b8ef8ee 2e177702 18673b1a f125d3c8 d9ddf978 fb020301 0001>
推荐答案
所以你的SecItemDelete代码不能按预期工作至。如果要删除钥匙串中的所有项目(显然是出于测试目的),您应该查看AdvancedURLConnections示例代码中的 - [Credentials resetCredentials] 方法中的代码
So Your SecItemDelete code does not work as you expect it to. If you want to delete all the items in your keychain (for testing purposes, obviously), you should look at the code in -[Credentials resetCredentials] method in the AdvancedURLConnections sample code.
HTTPS: //developer.apple.com/library/ios/#samplecode/AdvancedURLConnections/
您可能还会找到 -dumpCredentials 方法在调试过程中很方便。
You might also find the -dumpCredentials method handy during debugging.
所以SecItemDelete的问题意味着SecKeyGeneratePair每次运行应用程序时都会生成一组新的键。这些密钥中的每一个都具有相同的应用程序标记,这使得SecItemCopyMatching调用返回的密钥不确定 - getPublicKeyBits:。事实证明,在当前的系统软件中,您总是会收到第一个密钥,因此您始终可以获得相同的公钥位。
So The problem with SecItemDelete means that SecKeyGeneratePair is generating a new set of keys each time you run the app. Each of these keys has the same application tag, making it indeterminate as to which key is returned by your SecItemCopyMatching call in -getPublicKeyBits:. In turns out that on current system software you're always getting back the first key, so you always get the same public key bits.
这篇关于从密钥链中的密钥对中提取公钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
