我可以从Swift中的SecKeyRef对象获取模数或指数吗？ [英] Can I get the modulus or exponent from a SecKeyRef object in Swift?

问题描述

在Swift中，我创建了一个 SecKeyRef 对象，方法是调用 SecTrustCopyPublicKey 。这是 SecKeyRef 对象的外观。

  SecKeyRef算法id：1，
键类型：RSAPublicKey，
版本：3，块大小：2048位，
指数：{hex：10001，decimal：65537}，
模数：<省略一堆十六进制数据>，
 addr：0xsomeaddresshere>）
  

，这个 SecKeyRef 对象拥有关于公钥的一大堆信息，但似乎没有办法实际转换这个 SecKeyRef 转换为字符串 NSData 或任何其他（这是我的目标，只是获得一个base64公钥） p>

但是，我有一个函数，可以给出模数和指数，它只是计算公钥是什么。我已经通过传递从上面 SecKeyRef 记录的数据测试了它。

我不能从 SecKeyRef 对象访问这些属性（我只能看到在控制台中的整个对象;例如，我不能做 SecKeyRef。

我的问题：如何访问 SecKeyRef.modulus ，或者将 SecKeyRef 转换为 NSData 类似？感谢

编辑

（更多信息）

我通过这个函数动态创建我的 SecKeyRef ：

  func bytesToPublicKey（certData：NSData） - > SecKeyRef？ {
 guard let certRef = SecCertificateCreateWithData（nil，certData）else {return nil} 
 var secTrust：SecTrustRef？ 
 let secTrustStatus = SecTrustCreateWithCertificates（certRef，nil和& secTrust）
如果secTrustStatus！= errSecSuccess {return nil} 
 var resultType：SecTrustResultType = UInt32（0）//结果将被忽略。 
 let evaluateStatus = SecTrustEvaluate（secTrust !,& resultType）
如果evaluateStatus！= errSecSuccess {return nil} 
 let publicKeyRef = SecTrustCopyPublicKey（secTrust！）
 
 return publicKeyRef 
} 
  

这是从证书获取原始字节流例如，使用PKI的硬件广播），然后将其转换成 SecKeyRef 。

编辑2

（对2015年1月7日现有答案的评论）

p>

  let mirror = Mirror（反映：mySecKeyObject）
 
 .children {
 print（label，value）
} 
  

这个输出在控制台：

 一些< Raw SecKeyRef对象> 
  

不确定字符串Some是什么意思。

此外， mirror.descendant（exponent）（或modulus）会导致 nil 即使在控制台中打印原始对象，我可以清楚地看到这些属性存在，并且它们实际上已经填充。

此外，如果可能， 我想避免保存到钥匙串，读为 NSData ，然后从钥匙串中删除。如赏金描述中所述，如果这是唯一的可能，请引用权威参考。非常感谢您提供的所有答案。

解决方案

我一直在尝试做SSL公钥锁定。 API几乎不存在，我发现的解决方案是把它放在Keychain，然后您可以检索为NSData（然后可以是Base64编码）。这是可怕的，但我唯一的事情，我可以找到后一天的研究（不诉诸打包OpenSSL与我的应用程序）。

我把一些代码移植到Swift，但我没有测试它，所以我不是100％确定它的工作原理： https：//gist.github .com / chedabob / 64a4cdc4a1194d815814

它基于这个Obj-C代码（我相信它可以在生产应用程序中工作）： https://gist.github.com/chedabob/49eed109a3dfcad4bd41

In Swift, I created a SecKeyRef object by calling SecTrustCopyPublicKey on some raw X509 certificate data. This is what this SecKeyRef object looks like.

Optional(<SecKeyRef algorithm id: 1,
key type: RSAPublicKey,
version: 3, block size: 2048 bits,
exponent: {hex: 10001, decimal: 65537},
modulus: <omitted a bunch of hex data>,
addr: 0xsomeaddresshere>)

Basically, this SecKeyRef object holds a whole bunch of information about the public key, but there seems to be no way to actually convert this SecKeyRef into a string, NSData, or anything else (this is my goal, is just to get a base64 public key).

However, I have a function that I can give a modulus and an exponent, and it will just calculate what the public key is. I've tested it by passing in the data that's logged from the above SecKeyRef.

But somehow I can't access those properties from the SecKeyRef object (I can only see the whole object in the console; for example, I cannot do SecKeyRef.modulus or anything of the sort, it seems).

My question: how can I access SecKeyRef.modulus, or alternatively, convert this SecKeyRef into NSData or something similar? Thanks

Edit

(for more information)

I am creating my SecKeyRef dynamically, through this function I have:

func bytesToPublicKey(certData: NSData) -> SecKeyRef? {
    guard let certRef = SecCertificateCreateWithData(nil, certData) else { return nil }
    var secTrust: SecTrustRef?
    let secTrustStatus = SecTrustCreateWithCertificates(certRef, nil, &secTrust)
    if secTrustStatus != errSecSuccess { return nil }
    var resultType: SecTrustResultType = UInt32(0) // result will be ignored.
    let evaluateStatus = SecTrustEvaluate(secTrust!, &resultType)
    if evaluateStatus != errSecSuccess { return nil }
    let publicKeyRef = SecTrustCopyPublicKey(secTrust!)

    return publicKeyRef
}

What that does is takes the raw byte stream from a certificate (which can be broadcasted from, say, a piece of hardware using PKI), and then turns that into a SecKeyRef.

Edit 2

(comments on existing answers as of 7 January 2015)

This does not work:

let mirror = Mirror(reflecting: mySecKeyObject)

for case let (label?, value) in mirror.children {
    print (label, value)
}

This results in this output in the console:

Some <Raw SecKeyRef object>

Not sure what the string "Some" means.

Additionally, mirror.descendant("exponent") (or "modulus") results in nil, even though when printing the raw object in the console, I can clearly see that those properties exist, and that they are in fact populated.

Also, if at all possible, I would like to avoid having to save to the keychain, reading as NSData, and then deleting from the keychain. As stated in the bounty description, if this is the only way possible, please cite an authoritative reference. Thank you for all answers provided so far.

解决方案

I've been down the same path trying to do SSL Public Key Pinning. The API's are pretty much non-existent, and the solution I found was to put it in the Keychain which you can then retrieve as NSData (which can then be Base64 Encoded). It's horrible but the only thing I could find after a day or so of research (without resorting to bundling OpenSSL with my app).

I ported some of my code over to Swift, but I haven't tested it very much so I'm not 100% sure that it works: https://gist.github.com/chedabob/64a4cdc4a1194d815814

It's based off this Obj-C code (which I'm confident works as it's in a production app): https://gist.github.com/chedabob/49eed109a3dfcad4bd41

这篇关于我可以从Swift中的SecKeyRef对象获取模数或指数吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！