如何在 iPhone 钥匙串中建立 SecIdentityRef?(没有 .p12) [英] How to establish a SecIdentityRef in an iPhone keychain ? (Without a .p12)
问题描述
如何在 iPhone 钥匙串中创建 SecIdentityRef,如果1)您已经在钥匙串中拥有私钥,并且2) 您刚刚收到来自 CA 的证书?
How do you create a SecIdentityRef in an iPhone keychain if 1) you already have the private key in the keychain and 2) you have just received the certificate from a CA?
SecPKCS12Import 在这种情况下没有帮助,除非有一个 API 可以从私钥和证书创建 .p12.
SecPKCS12Import does not help in this case unless there is an API to create a .p12 from a private key and a certificate.
SecIdentityCreateWithCertificate 在 Mac 上是答案,但在 iPhone 上不存在.
SecIdentityCreateWithCertificate would be the answer on the Mac but it does not exist on the iPhone.
是否可以使用 SecItemAdd ?http://developer.apple.com/库/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html
Is it possible using SecItemAdd ? http://developer.apple.com/library/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html
非常感谢,安德鲁
推荐答案
好的,回答我自己的问题:
OK, to answer my own question:
在 iOS 上,钥匙串会自动将证书绑定到私钥.这意味着您只需:
On iOS the keychain will automatically bound the certificate to the private key. That means you only need to:
- 生成密钥对
- 获取与私钥匹配的证书
- 将证书插入钥匙串.
在此之后,您应该能够获得证书/私钥的 SecIdentityRef.
After this you should be able to get a SecIdentityRef for the certificate / private key.
重要提示:SecItemAdd 函数允许您直接插入证书数据(DER 表示的 NSData).这样,您将能够获得有效的证书参考,但不能获得身份参考.
插入证书的正确方法是首先对证书的DER字节使用SecCertificateCreateWithData函数.这将返回一个 SecCertificateRef 对象,然后应该使用该对象将证书保存到使用 SecItemAdd 函数的钥匙串中.
IMPORTANT:
SecItemAdd function allows you to insert the certificate data directly (NSData of the DER representation). This way you will be able to get a valid certificate reference, but not an identity ref.
The right way to insert the certificate is to first use the SecCertificateCreateWithData function over the DER bytes of the certificate. This will return a SecCertificateRef object which then should be used to persist the certificate into the keychain using the SecItemAdd function.
我希望这会让某人的生活更轻松;-)
I hope this will make someone's life easier ;-)
问候,佩斯
这篇关于如何在 iPhone 钥匙串中建立 SecIdentityRef?(没有 .p12)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
