ios - 检索安全元件中私钥的 SecKeyRef
<p><p>我生成一个 RSA 公钥/私钥对,如下所示:</p>
<pre><code>CFDataRef privateTag;
CFDataRef publicTag;
SecKeyRef publicKey;
SecKeyRef privateKey;
const UInt8 publicTagString[] = "com.example.widgets.publickey3";
const UInt8 privateTagString[] = "com.example.widgets.privatekey3";
publicTag = CFDataCreate(0, publicTagString, sizeof(publicTagString));
privateTag = CFDataCreate(0, privateTagString, sizeof(privateTagString));
CFMutableDictionaryRef publicAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(publicAttr, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(publicAttr, kSecAttrApplicationTag, publicTag);
CFDictionaryAddValue(publicAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanDerive, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanSign, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanVerify, kCFBooleanTrue);
CFDictionaryAddValue(publicAttr, kSecAttrCanUnwrap, kCFBooleanFalse);
CFMutableDictionaryRef privateAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(privateAttr, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(privateAttr, kSecAttrApplicationTag, privateTag);
CFDictionaryAddValue(privateAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanDerive, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanSign, kCFBooleanTrue);
CFDictionaryAddValue(privateAttr, kSecAttrCanVerify, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanUnwrap, kCFBooleanFalse);
const void* parameterKeys[] = {
kSecAttrKeyType,
kSecAttrKeySizeInBits,
kSecPublicKeyAttrs,
kSecPrivateKeyAttrs
};
int intKeySize = 512;
CFNumberRef keySize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &intKeySize);
const void* parameterValues[] = {
kSecAttrKeyTypeRSA,
keySize,
publicAttr,
privateAttr
};
CFDictionaryRef parameters = CFDictionaryCreate(
kCFAllocatorDefault,
parameterKeys,
parameterValues,
4,
NULL,
NULL
);
OSStatus status = SecKeyGeneratePair(parameters, &publicKey, &privateKey);
if(status != errSecSuccess) {
:nil];
return;
}
</code></pre>
<p>使用公钥签名时,我需要私钥的<code>SecKeyRef</code>,保存在安全元素中:</p>
<pre><code>NSData *signedHash = nil;
uint8_t *signedHashBytes = NULL;
size_t signedHashBytesSize = SecKeyGetBlockSize(privateKey);
// Malloc a buffer to hold signature
signedHashBytes = malloc(signedHashBytesSize * sizeof(uint8_t));
memset((void *)signedHashBytes, 0x0, signedHashBytesSize);
// Sign SHA1 hash
OSStatus status = SecKeyRawSign(
privateKey,
kSecPaddingPKCS1SHA1,
(const uint8_t *)[ bytes],
CC_SHA1_DIGEST_LENGTH,
(uint8_t *)signedHashBytes,
&signedHashBytesSize
);
</code></pre>
<p>在给定 <code>publicTag</code> 的情况下,我如何检索私钥的 <code>SecKeyRef</code>?</p></p>
<br><hr><h1><strong>Best Answer-推荐答案</ strong></h1><br>
<p><p>检索 <code>SecKeyRef</code> 给定一个 <code>CFDataRef</code> 应用程序标签,使用 <code>SecItemCopyMatching</code> 并将 <code>kSecReturnRef</code> 设置为 <code>kCFBooleanTrue </code>:</p>
<pre><code>CFDataRef privateTag; // The same used in SecKeyGeneratePair
SecKeyRef privateKeyRef = nil;
CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(query, kSecClass, kSecClassKey);
CFDictionaryAddValue(query, kSecAttrApplicationTag, privateTag);
CFDictionaryAddValue(query, kSecAttrKeyType, kSecAttrKeyTypeRSA);
CFDictionaryAddValue(query, kSecReturnRef, kCFBooleanTrue);
OSStatus status = SecItemCopyMatching(query, (CFTypeRef *)&privateKeyRef);
if(status != noErr) {
:nil];
return nil;
}
</code></pre></p>
<p style="font-size: 20px;">关于ios - 检索安全元件中私钥的 SecKeyRef,我们在Stack Overflow上找到一个类似的问题:
<a href="https://stackoverflow.com/questions/33635061/" rel="noreferrer noopener nofollow" style="color: red;">
https://stackoverflow.com/questions/33635061/
</a>
</p>
页:
[1]