从模数/指数中获取SecKeyRef [英] Get SecKeyRef from modulus/exponent

问题描述

我有一个RSA密钥（对）表示为大整数模数和指数，需要加密/解密。

I have a RSA key (pair) represented as big integeger modulus and exponent and need to encrypt/decrypt with those.

我想出了如何使用swift在iOS中根据需要处理密钥。

I figured out how to handle keys as needed in iOS using swift.

我的问题：是否有任何方式将模数/指数表示转换为标准的SecKeyRef？

To my question: Is there any way to convert the modulus/exponent representation to a standard SecKeyRef?

两者都被格式化为大int（来自android），
a模数例如看起来像这个：

Both is formatted as big int (coming from android), a modulus for example looks like this:

23986589886077318012326064844037831693417390067186403792990846282531380456965701688980194375481519508455379138899060072530724598302129656976140458275478340281694599774176865257462922861492999970413042311221914141827738166785420817621605554859384423695247859963064446809695729281306530681131568503935369097838468173777374667631401317163094053418212485192857751897040859007584244053136110895205839896478287122804119514727484734998762296502939823974188856604771622873660784676915716476754048257418841069214486772931445697194023455179601077893872576165858771367831752886749210944303260745331014786145738511592470796648651

推荐答案

我有完全相同的任务 - 给定模数和指数我必须创建公钥并使用该密钥加密消息。经过很长一段时间阅读和尝试各种库，我能够通过OpenSSL实现这一目标。我在下面发布我的方式。虽然它是用Objective-C编写的，但它可能会有所帮助。

I had exactly the same task - given a modulus and an exponent I had to create a public key and encrypt a message using that key. After a long time spent in reading and trying various libraries, I was able to accomplish this with OpenSSL. I'm posting my way of doing it below. Although it's written in Objective-C, it might be helpful.

NSData* message, modulus, exponent;
BIGNUM* mod = BN_bin2bn((unsigned char *)[modulus bytes], (int)modulus.length, NULL);
if (mod == NULL) {
    NSLog(@"Error creating modulus BIGNUM");
}

BIGNUM* exp = BN_bin2bn((unsigned char *)[exponent bytes], (int)exponent.length, NULL);
if (exp == NULL) {
    NSLog(@"Error creating exponent BIGNUM");
}

RSA* rsa = RSA_new();
rsa->pad = 0;
rsa->e = exp;
rsa->n = mod;

int keylen = RSA_size(rsa);
unsigned char* enc = malloc(keylen);
char* err = malloc(130);
int status = RSA_public_encrypt((int)message.length, (const unsigned char*)[message bytes], enc, rsa, RSA_NO_PADDING);

if (status != -1) {
    NSData* encryptedMessage = [NSData dataWithBytes:enc length:keylen];
    NSLog(@"Encryption SUCCESSFUL: %@", encryptedMessage);
}
else {
    ERR_load_crypto_strings();
    ERR_error_string(ERR_get_error(), err);
    NSLog(@"Encryption failed with error: %s", err);
}

free(enc);
free(err);

首先我要从 NSData 模数和指数。你已经将它们作为大整数，但如果它们没有表示为OpenSSL的 BIGNUM 类型，则必须转换它们。 BIGNUM 还有其他有用的功能，用于创建大整数，如 BN_hex2bn 和 BN_dec20bn - 这些从包含十六进制或十进制数字的C字符串中创建大整数。在我的例子中，模数和指数存储为 NSData 中的字节数组， BN_bin2bn 创建 BIGNUM 直接来自。

So first I'm creating big integers out of my NSData modulus and exponent. You already have them as big integers, but if they're not represented as OpenSSL's BIGNUM type, you'll have to convert them. BIGNUM has other useful functions for creating big integers like BN_hex2bn and BN_dec2bn - these create big integers out of C strings containing hexadecimal or decimal numbers. In my case the modulus and exponent are stored as a byte array in an NSData and BN_bin2bn creates a BIGNUM directly from that.

继续，我创建一个 RSA 结构表示密钥并保持模数和指数，以及 enc 缓冲区，它将保存原始加密字节。 enc 的长度与密钥的大小相同，因为RSA无法加密超过密钥的邮件。

Moving on, I create an RSA structure which represents a key and holds the modulus and exponent, and the enc buffer, which will hold the raw encrypted bytes. The length of enc is the same as the size of the key, because RSA can not encrypt messages longer that the key.

主要工作由 RSA_public_encrypt（）函数完成。它需要五个参数 - 您要加密的消息的大小，实际的消息字节，存储加密消息的输出缓冲区，RSA密钥和填充方案。我在这里没有使用填充，因为我的消息与密钥的大小完全相同，但在 rsa.h 中有一些宏代表最常见的填充方案。

The main work is done by the RSA_public_encrypt() function. It takes five arguments - the size of the message that you're going to encrypt, the actual message bytes, an output buffer to store the encrypted message in, the RSA key and a padding scheme. I'm using no padding here, because my message is exactly the same size as the key, but in the rsa.h there are macros that represent the most common padding schemes.

最后，我检查状态，其中包含加密字节数，如果出现问题则打印错误消息。

Lastly I check the status which holds the number of encrypted bytes and print an error message if something went wrong.

我希望这会对你和其他人有所帮助。告诉我你是否设法在Swift中做到了。干杯; - ）

I hope this will help you and somebody else. Tell me if you managed to do it in Swift. Cheers ;-)

P.S。使用CocoaPods可以轻松地将OpenSSL添加到iOS项目中。只需添加

P.S. Adding OpenSSL to your iOS project is easy using CocoaPods. Just add

pod 'OpenSSL-Universal', '1.0.1.k'

到您的podfile。

to your podfile.

这篇关于从模数/指数中获取SecKeyRef的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！