如何制作有效的p12文件以通过SecPKCS12Import正确导入 [英] How to make a valid p12 file to be correctly imported by SecPKCS12Import
问题描述
我已经解决了将XML RSA私钥转换为PEM文件的前期问题,但是我遇到了另一个问题,即导入P12私钥时会得到空数据.以下是我的步骤:
I've solved my previos problem of converting XML RSA private key to PEM file, but I run into another problem that I get null data when importing P12 private key. Following is my steps:
-
将PEM文件转换为P12文件
Convert PEM file to P12 file
openssl> pkcs12 -export -in rsa.pem -inkey rsa.pem -out rsa.p12 -nocerts
将P12文件读取到iOS项目
Read P12 file to iOS project
NSString *path = [[NSBundle bundleForClass:[self class]]
pathForResource:@"MyPrivateKey" ofType:@"p12"];
NSData *p12data = [NSData dataWithContentsOfFile:path];
if (![self getPrivateKeyRef])
RSAPrivateKey = getPrivateKeywithRawKey(p12data);
导入P12私钥
Import P12 Private Key
SecKeyRef getPrivateKeywithRawKey(NSData *pfxkeydata)
{
NSMutableDictionary * options = [[[NSMutableDictionary alloc] init] autorelease];
// Set the public key query dictionary
//change to your .pfx password here
[options setObject:@"MyPassword" forKey:(id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import((CFDataRef) pfxkeydata,
(CFDictionaryRef)options, &items);
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
SecIdentityRef identityApp =
(SecIdentityRef)CFDictionaryGetValue(identityDict,
kSecImportItemIdentity);
//NSLog(@"%@", securityError);
assert(securityError == noErr);
SecKeyRef privateKeyRef;
SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);
return privateKeyRef;
}
本来没有err(OSStatus值为0),但是items数组未获取任何身份数据.我想知道是否由于使用错误的OpenSSl而没有获得正确的p12文件格式.有没有人成功导入p12文件?我已经在这个问题上待了几天,如果您有任何线索,请给我建议,谢谢!
Thought there was no err(OSStatus value is 0), but the items array didn't get any identity data. I am wondering if i didn't get the correct p12 file format due to wrong OpenSSl usage. Has anyone successfully import p12 file? I've stuck in this problem for a couple of days, please give me advices if you got clues, thanks!
休伯特
推荐答案
我从互联网上获得了一些提示,以下是获取iOS可接受的p12密钥和认证文件的步骤:
I got some tips from the internet, and following is the steps to get iOS acceptable p12 key and certification file:
-
将XML转换为PEM
Shell>编译XMLSpec2PEM.java
Shell> XMLSpec2PEM rsa.xml
将输出结果保存到rsa.pem
(从此处借用)
convert XML to PEM
Shell> compile XMLSpec2PEM.java
Shell> XMLSpec2PEM rsa.xml
save the output result to rsa.pem
(borrow from here)
将PEM转换为RSA私钥
OpenSSL> rsa -in rsa.pem -out rsaPrivate.key
convert PEM to RSA Private Key
OpenSSL> rsa -in rsa.pem -out rsaPrivate.key
生成认证请求
OpenSSL> req-新-key rsaPrivate.key -out rsaCertReq.crt
(输入一些基本认证数据)
Generate a certification request
OpenSSL> req -new -key rsaPrivate.key -out rsaCertReq.crt
(input some basic certification data)
签署请求证明书
OpenSSL> x509 -req -days 3650 -in rsaCertReq.crt -signkey rsaPrivate.key -out rsaCert.crt
Sign certification of the request
OpenSSL> x509 -req -days 3650 -in rsaCertReq.crt -signkey rsaPrivate.key -out rsaCert.crt
将认证文件格式转换为DER(iOS可接受的格式)
OpenSSL> x509 -outform der -in rsaCert.crt -out rsaCert.der
Convert the certification file format to DER (iOS acceptable format)
OpenSSL> x509 -outform der -in rsaCert.crt -out rsaCert.der
生成PKCS12私钥(iOS可接受的格式)
OpenSSL> pkcs12 -export -out rsaPrivate.pfx -inkey rsaPrivate.key -in rsaCert.crt
Generate PKCS12 Private key(iOS acceptable format)
OpenSSL> pkcs12 -export -out rsaPrivate.pfx -inkey rsaPrivate.key -in rsaCert.crt
没有其他步骤,步骤5和6中生成的文件现在可以在iOS中使用!
No further steps, files generated in step 5 and 6 now can be used in iOS!
OpenSSL指令参考:
http://blogs.yaclife.com/?tag=ios%E3%80%80seckeyref%E3%80%80raw%E3%80%80key%E3%80%80rsa%E3%80%803des
reference of OpenSSL instructions:
http://blogs.yaclife.com/?tag=ios%E3%80%80seckeyref%E3%80%80raw%E3%80%80key%E3%80%80rsa%E3%80%803des
http://devsec.org/info/ssl-cert.html
这篇关于如何制作有效的p12文件以通过SecPKCS12Import正确导入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!