SecKeyRawVerify和OSError -9809 [英] SecKeyRawVerify and OSError -9809

问题描述

我正在使用数字证书在我的应用中签署数据文件。当对 SecKeyRawVerify 的调用返回-9809时，下面的代码片段失败。这是在iPhone上运行。我甚至无法准确确定此错误代码的含义

I am using digital certificates to sign data files in my App. The code fragment below fails when the call to SecKeyRawVerify returns with -9809. This is running on an iPhone. I can't even identify exactly what this error code means

先前的安全框架调用加载并创建从中获取公钥的SecTrustRef似乎没问题 - 没有错误。唯一的小问题是对 SecTrustEvaluate 的调用返回 kSecTrustResultUnspecified ，但我认为这是因为我的政策using是由 SecPolicyCreateBasicX509 调用返回的样板。

The prior Security Framework calls to load and create the SecTrustRef from which the public key is obtained seem fine - no errors. The only slight issue is that the call to SecTrustEvaluate returns a kSecTrustResultUnspecified, but I assume that is because the policy I am using is the boilerplate one returned by the SecPolicyCreateBasicX509 call.

非常感谢任何帮助或见解。

Any assistance or insight would be very much appreciated.

谢谢

SecKeyRef keyRef = SecTrustCopyPublicKey (trustRef);

fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"txt"];
NSData *data = [NSData dataWithContentsOfURL:fileURL];

fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"sgn"];
NSData *signature = [NSData dataWithContentsOfURL:fileURL];

NSLog(@"Hash block size = %zu",SecKeyGetBlockSize(keyRef));

status = SecKeyRawVerify (keyRef,
                          kSecPaddingPKCS1SHA1,
                          (const uint8_t *)[data bytes],
                          (size_t)[data length],
                          (const uint8_t *)[signature bytes],
                          (size_t)[signature length]
                          );

推荐答案

我发现了正在发生的事情。 SecKeyRawVerify 调用将数据的摘要作为输入，而不是数据本身。以下代码有效 - 顺便说一句，如果由于基础数据已更改而未验证签名，则状态返回为-9809。

I've discovered what's happening. The SecKeyRawVerify call takes the digest of your data as the input, not the data itself. The code below works - and incidentally, if the signature is not verified because the underlying data has changed, then the status return is -9809.

谢谢

CC_SHA1((const void *)[data bytes], [data length], (unsigned char *)hash);

status = SecKeyRawVerify (keyRef,
                          kSecPaddingPKCS1SHA1,
                          hash,
                          20,
                          (const uint8_t *)[signature bytes],
                          SecKeyGetBlockSize(keyRef)
                          );

这篇关于SecKeyRawVerify和OSError -9809的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！