OStack程序员社区-中国程序员成长平台
标题: ios - 检索安全元件中私钥的 SecKeyRef [打印本页]
作者: 菜鸟教程小白 时间: 2022-12-13 11:45
标题: ios - 检索安全元件中私钥的 SecKeyRef
我生成一个 RSA 公钥/私钥对,如下所示:
CFDataRef privateTag;
CFDataRef publicTag;
SecKeyRef publicKey;
SecKeyRef privateKey;
const UInt8 publicTagString[] = "com.example.widgets.publickey3";
const UInt8 privateTagString[] = "com.example.widgets.privatekey3";
publicTag = CFDataCreate(0, publicTagString, sizeof(publicTagString));
privateTag = CFDataCreate(0, privateTagString, sizeof(privateTagString));
CFMutableDictionaryRef publicAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(publicAttr, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(publicAttr, kSecAttrApplicationTag, publicTag);
CFDictionaryAddValue(publicAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanDerive, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanSign, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanVerify, kCFBooleanTrue);
CFDictionaryAddValue(publicAttr, kSecAttrCanUnwrap, kCFBooleanFalse);
CFMutableDictionaryRef privateAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(privateAttr, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(privateAttr, kSecAttrApplicationTag, privateTag);
CFDictionaryAddValue(privateAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanDerive, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanSign, kCFBooleanTrue);
CFDictionaryAddValue(privateAttr, kSecAttrCanVerify, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanUnwrap, kCFBooleanFalse);
const void* parameterKeys[] = {
kSecAttrKeyType,
kSecAttrKeySizeInBits,
kSecPublicKeyAttrs,
kSecPrivateKeyAttrs
};
int intKeySize = 512;
CFNumberRef keySize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &intKeySize);
const void* parameterValues[] = {
kSecAttrKeyTypeRSA,
keySize,
publicAttr,
privateAttr
};
CFDictionaryRef parameters = CFDictionaryCreate(
kCFAllocatorDefault,
parameterKeys,
parameterValues,
4,
NULL,
NULL
);
OSStatus status = SecKeyGeneratePair(parameters, &publicKey, &privateKey);
if(status != errSecSuccess) {
[self logError:[NSString stringWithFormat
"SecKeyGeneratePair status %d", (int)status] :nil];
return;
}
使用公钥签名时,我需要私钥的SecKeyRef,保存在安全元素中:
NSData *signedHash = nil;
uint8_t *signedHashBytes = NULL;
size_t signedHashBytesSize = SecKeyGetBlockSize(privateKey);
// Malloc a buffer to hold signature
signedHashBytes = malloc(signedHashBytesSize * sizeof(uint8_t));
memset((void *)signedHashBytes, 0x0, signedHashBytesSize);
// Sign SHA1 hash
OSStatus status = SecKeyRawSign(
privateKey,
kSecPaddingPKCS1SHA1,
(const uint8_t *)[[self getSHA1:text] bytes],
CC_SHA1_DIGEST_LENGTH,
(uint8_t *)signedHashBytes,
&signedHashBytesSize
);
在给定 publicTag 的情况下,我如何检索私钥的 SecKeyRef?
Best Answer-推荐答案
检索 SecKeyRef 给定一个 CFDataRef 应用程序标签,使用 SecItemCopyMatching 并将 kSecReturnRef 设置为 kCFBooleanTrue :
CFDataRef privateTag; // The same used in SecKeyGeneratePair
SecKeyRef privateKeyRef = nil;
CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(query, kSecClass, kSecClassKey);
CFDictionaryAddValue(query, kSecAttrApplicationTag, privateTag);
CFDictionaryAddValue(query, kSecAttrKeyType, kSecAttrKeyTypeRSA);
CFDictionaryAddValue(query, kSecReturnRef, kCFBooleanTrue);
OSStatus status = SecItemCopyMatching(query, (CFTypeRef *)&privateKeyRef);
if(status != noErr) {
[self logError:[NSString stringWithFormat"SecItemCopyMatching status %d", (int)status] :nil];
return nil;
}
关于ios - 检索安全元件中私钥的 SecKeyRef,我们在Stack Overflow上找到一个类似的问题:
https://stackoverflow.com/questions/33635061/
| 欢迎光临 OStack程序员社区-中国程序员成长平台 (https://ostack.cn/) |
Powered by Discuz! X3.4 |