iPhone公钥加密SecKeyEncrypt返回错误9809(errSSLCrypto) [英] iPhone Public-Key Encryption SecKeyEncrypt returns error 9809 (errSSLCrypto)
问题描述
我正在尝试使用iPhone的PKI库加密短字符串(12345678),但每当我尝试使用SecKeyEncrypt时,我都会收到错误-9809(即errSSLCrypto)。 SecureTransport.h头文件将此错误简单地描述为底层加密错误,这不是很有意义。
I am trying to use the iPhone's PKI libraries to encrypt a short string (12345678), but I keep getting the error -9809 (i.e. errSSLCrypto) whenever I try to use SecKeyEncrypt. The SecureTransport.h header file describes this error simply as "underlying cryptographic error", which wasn't very meaningful.
我的代码如下:
- (NSData *)encryptDataWithPublicKey:(NSString *)plainText {
OSStatus result = -1;
NSData *plainTextData = [plainText dataUsingEncoding:NSASCIIStringEncoding];
size_t plainTextLength = [plainTextData length];
SecTrustRef trustRef;
SecTrustResultType trustResult;
SecPolicyRef policy = SecPolicyCreateBasicX509();
result = SecTrustCreateWithCertificates(m_oCert, policy, &trustRef);
if (result != errSecSuccess) {
NSLog(@"Trust create failed with code: %d",result);
return nil;
}
result = SecTrustEvaluate(trustRef, &trustResult);
if (result != errSecSuccess) {
NSLog(@"Trust eval failed with code: %d",result);
CFRelease(trustRef);
return nil;
}
SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef);
uint8_t *cipherTextBuf = NULL;
size_t cipherTextLen = 0;
size_t keyBlockSize = SecKeyGetBlockSize(publicKey);
int maxInputSize = keyBlockSize - 11; //If using PKCS1 Padding, else keyBlockSize
if (plainTextLength > maxInputSize) {
//Fail
NSLog(@"Data size is larger than max permitted!");
CFRelease(trustRef);
CFRelease(publicKey);
CFRelease(policy);
return nil;
}
cipherTextBuf = malloc(sizeof(uint8_t)*keyBlockSize);
memset(cipherTextBuf,0,keyBlockSize);
//result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainTextBuf, plainTextLength, cipherTextBuf, &cipherTextLen);
result = SecKeyEncrypt(publicKey, kSecPaddingNone, (const uint8_t *)[plainTextData bytes], plainTextLength, cipherTextBuf, &cipherTextLen);
NSData *cipherText = nil;
if (result == errSecSuccess) {
cipherText = [NSData dataWithBytes:cipherTextBuf length:cipherTextLen];
} else {
NSLog(@"Error detected: %d",result);
}
free(cipherTextBuf);
cipherTextBuf = NULL;
CFRelease(trustRef);
CFRelease(publicKey);
CFRelease(policy);
return cipherText;
}
我使用什么填充并不重要,它们都给出了同样的错误。公钥来自我的客户提供的证书,我已经检查以确保密钥有效。我做错了什么以及如何正确使用该功能?
It does not matter what padding I use, they both give the same error. The public key is derived from a certificate supplied by my client, and I've checked to make sure that the key is valid. What am I doing wrong and how do I use the function properly?
推荐答案
使用SecKeyEncrypt时,输入cipherTextLength应该是输出缓冲区的大小。设置
When using SecKeyEncrypt, the input cipherTextLength should be the the size of the output buffer. Setting
size_t cipherTextLen = keyBlockSize;
解决了这个问题。
这篇关于iPhone公钥加密SecKeyEncrypt返回错误9809(errSSLCrypto)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!