gpt4 book ai didi

iphone - 将私钥导入钥匙串(keychain)在 iphone 中无法正常工作

转载 作者:IT王子 更新时间:2023-10-29 07:54:27 27 4
gpt4 key购买 nike

我需要在将请求发送到后端服务器之前对其进行签名。但是私钥给了我。所以我需要导入它,然后用它来签名。我能够导入并登录,但该数据与我通过使用 openssl 签名获得的数据不同。我知道它做错了,因为当我导入公钥时,我也无法验证它。如果有一种方法可以避免导入钥匙串(keychain),那也很好。这几天一直在为此努力工作,这对我们来说是一项重要的工作。有人可以帮忙吗?

- (SecKeyRef) getPrivateKey {
//RSA KEY BELOW IS DUMMY.

key = @"-----BEGIN RSA PRIVATE KEY-----\nORtMei3ImKI2ZKI636I4+uNCwFfZv9pyJzXyfr1ZNo7iaiW7A0NjLxikNxrWpr/M\n6HD8B2j/CSjRPW3bhsgDXAx/AI1aSfJFxazjiTxx2Lk2Ke3jbhE=\n-----END RSA PRIVATE KEY-----\n";

NSString * tag = @"adpPrivateKey";

NSString *s_key = [NSString string];
NSArray *a_key = [key componentsSeparatedByString:@"\n"];
BOOL f_key = FALSE;

for (NSString *a_line in a_key) {
if ([a_line isEqualToString:@"-----BEGIN RSA PRIVATE KEY-----"]) {
f_key = TRUE;
}
else if ([a_line isEqualToString:@"-----END RSA PRIVATE KEY-----"]) {
f_key = FALSE;
}
else if (f_key) {
s_key = [s_key stringByAppendingString:a_line];
}
}
if (s_key.length == 0) return(nil);

// This will be base64 encoded, decode it.
NSData *d_key = [NSData dataFromBase64String:s_key];

if(d_key == nil) return nil;

NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]];

// Delete any old lingering key with the same tag
NSMutableDictionary *privateKey = [[NSMutableDictionary alloc] init];
[privateKey setObject:(id) kSecClassKey forKey:(id)kSecClass];
[privateKey setObject:(id) kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
[privateKey setObject:d_tag forKey:(id)kSecAttrApplicationTag];
SecItemDelete((CFDictionaryRef)privateKey);

CFTypeRef persistKey = nil;

// Add persistent version of the key to system keychain
[privateKey setObject:d_key forKey:(id)kSecValueData];
[privateKey setObject:(id) kSecAttrKeyClassPrivate forKey:(id)
kSecAttrKeyClass];
[privateKey setObject:[NSNumber numberWithBool:YES] forKey:(id)
kSecReturnPersistentRef];

OSStatus secStatus = SecItemAdd((CFDictionaryRef)privateKey, &persistKey);
if (persistKey != nil) CFRelease(persistKey);

if ((secStatus != noErr) && (secStatus != errSecDuplicateItem)) {
[privateKey release];
return(nil);
}

// Now fetch the SecKeyRef version of the key
SecKeyRef keyRef = nil;

[privateKey removeObjectForKey:(id)kSecValueData];
[privateKey removeObjectForKey:(id)kSecReturnPersistentRef];
[privateKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnRef
];
[privateKey setObject:(id) kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
secStatus = SecItemCopyMatching((CFDictionaryRef)privateKey,
(CFTypeRef *)&keyRef);

if(secStatus != noErr)
return nil;

[privateKey release];

return keyRef;
}

下面的代码用于签名。部分代码来自Apple示例(http://developer.apple.com/library/ios/#samplecode/CryptoExercise/Listings/Classes_SecKeyWrapper_m.html#//apple_ref/doc/uid/DTS40008019-Classes_SecKeyWrapper_m-DontLinkElementID_17)

- (NSData *)getSignatureBytes:(NSString *)plainText {

OSStatus sanityCheck = noErr;
NSData * signedHash = nil;
uint8_t * signedHashBytes = NULL;
size_t signedHashBytesSize = 0;
SecKeyRef privateKey = NULL;

privateKey = [self getPrivateKey];

signedHashBytesSize = SecKeyGetBlockSize(privateKey);

//Create a SHA Encoded
NSString * shaEncoded = [self sha256:plainText];
NSLog(@"%@", shaEncoded);


// Malloc a buffer to hold signature.

signedHashBytes = malloc( signedHashBytesSize * sizeof(uint8_t) );
memset((void *)signedHashBytes, 0x0, signedHashBytesSize);


NSData *inputData = [self getHashBytes:[plainText dataUsingEncoding:NSUTF8StringEncoding]];
int bytesLengthUINT8 = [inputData length];

sanityCheck = SecKeyRawSign ( privateKey, kSecPaddingPKCS1, (const uint8_t *)inputData, CC_SHA256_DIGEST_LENGTH,(uint8_t *)signedHashBytes, &signedHashBytesSize);


if(sanityCheck != noErr)
return nil;


signedHash = [NSData dataWithBytes:(const void *)signedHashBytes length:(NSUInteger)signedHashBytesSize];
NSString *string = [signedHash base64EncodedString];

NSLog(@"%@", string);


if (signedHashBytes) free(signedHashBytes);
return signedHash;

}

我使用了 http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/ 中的代码示例导入公钥并验证失败。

最佳答案

查看已接受答案中的最后一个方法:Converting NSData to SecKeyRef

问题在于 iOS 处理公钥和私钥的方式略有不同,而通常存在且其他安全 API(例如 Java)期望的标识 header 在 iOS 中并不期望。所以你必须把它们去掉。

关于iphone - 将私钥导入钥匙串(keychain)在 iphone 中无法正常工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13106229/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com