Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
564 views
in Technique[技术] by (71.8m points)

ios - SecKeyRawVerify and OSError -9809

I am using digital certificates to sign data files in my App. The code fragment below fails when the call to SecKeyRawVerify returns with -9809. This is running on an iPhone. I can't even identify exactly what this error code means

The prior Security Framework calls to load and create the SecTrustRef from which the public key is obtained seem fine - no errors. The only slight issue is that the call to SecTrustEvaluate returns a kSecTrustResultUnspecified, but I assume that is because the policy I am using is the boilerplate one returned by the SecPolicyCreateBasicX509 call.

Any assistance or insight would be very much appreciated.

Thanks

SecKeyRef keyRef = SecTrustCopyPublicKey (trustRef);

fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"txt"];
NSData *data = [NSData dataWithContentsOfURL:fileURL];

fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"sgn"];
NSData *signature = [NSData dataWithContentsOfURL:fileURL];

NSLog(@"Hash block size = %zu",SecKeyGetBlockSize(keyRef));

status = SecKeyRawVerify (keyRef,
                          kSecPaddingPKCS1SHA1,
                          (const uint8_t *)[data bytes],
                          (size_t)[data length],
                          (const uint8_t *)[signature bytes],
                          (size_t)[signature length]
                          );
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

That error is defined (along with other related ones) in /System/Library/Frameworks/Security.framework/Headers/SecureTransport.h as errSSLCrypto. The comment there calls it "underlying cryptographic error", which is not a particularly descriptive description.

One thought: kSecTrustResultUnspecified means that the trust level is equal to the default system policy. Are all the certificates in the chain trusted?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...