Ant*_*nio 6 java rsa public-key ios swift
TL; DR:无法识别在iOS中生成并存储在钥匙串中,作为base64导出并发送到Java后端的RSA公钥。
我正在iOS应用程序中实现聊天加密功能,并且使用对称+非对称密钥来处理它。
无需赘述,在后端,我使用用户的公共密钥来加密用于加密和解密消息的对称密钥。
我分别在Swift和Java(后端)中创建了两个框架来处理密钥生成,加密,解密等。我也对它们进行了测试,所以我100%都能按预期工作。
但是,后端似乎无法识别从iOS传递的公钥格式。双方都使用RSA,这是我在Swift中用于生成密钥的代码:
// private key parameters
static let privateKeyParams: [String : Any] = [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: "..." // I have a proper unique tag here
]
// public key parameters
static let publicKeyParams: [String : Any] = [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: "..." // I have a proper unique tag here
]
// global parameters for our key generation
static let keyCreationParameters: [String : Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits as String: 2048,
kSecPublicKeyAttrs as String: publicKeyParams,
kSecPrivateKeyAttrs as String: privateKeyParams
]
...
var publicKey, privateKey: SecKey?
let status = SecKeyGeneratePair(Constants.keyCreationParameters as CFDictionary, &publicKey, &privateKey)
我使用镜面代码从钥匙串中读取钥匙。
这是我用来将公钥导出为base64字符串的代码:
extension SecKey {
func asBase64() throws -> String {
var dataPtr: CFTypeRef?
let query: [String:Any] = [
kSecClass as String: kSecClassKey,
kSecAttrApplicationTag as String: "...", // Same unique tag here
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecReturnData as String: kCFBooleanTrue
]
let result = SecItemCopyMatching(query as CFDictionary, &dataPtr)
switch (result, dataPtr) {
case (errSecSuccess, .some(let data)):
// convert to Base64 string
let base64PublicKey = data.base64EncodedString(options: [])
return base64PublicKey
default:
throw CryptoError.keyConversionError
}
}
}
在后端级别,我使用以下Java代码将base64字符串转换为公钥:
public PublicKey publicKeyFrom(String data) throws NoSuchAlgorithmException, InvalidKeySpecException {
byte[] publicBytes = Base64.decodeBase64(data);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(keySpec);
}
但这在最后一行失败,但有以下例外:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: algid parse error, not a sequence
在进行一些手动调试时,我注意到公钥的格式是不同的-当我在iOS中生成密钥然后导出为base 64时,它看起来像这样:
MIIBCgKCAQEA4M/bRDdH0f6qFIXxOg13RHka+g4Yv8u9PpPp1IR6pSwrM1aq8B6cyKRwnLe/MOkvODvDfJzvGXGQ01zSTxYWAW1B4uc/NCEemCmZqMosSB/VUJdNxxWtt2hJxpz06hAawqV+6HmweAB2dUn9tDEsQLsNHdwYouOKpyRZGimcF9qRFn1RjR0Q54sUh1tQAj/EwmgY2S2bI5TqtZnZw7X7Waji7wWi6Gz88IkuzLAzB9VBNDeV1cfJFiWsZ/MIixSvhpW3dMNCrJShvBouIG8nS+vykBlbFVRGy3gJr8+OcmIq5vuHVhqrWwHNOs+WR87K/qTFO/CB7MiyiIV1b1x5DQIDAQAB
总共有360个字符,而在Java中(仍然使用RSA)做同样的事情,就像:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAAnWO4BXUGP0qM3Op36YXkWNxb4I2pPZuZ7jJtfUO7v+IO1mq43WzNaxLqqLPkTnMrv2ACRDK55vin+leQlL1z0LzVxjtZ9F6pajQo1r7PqBlL5N8bzBFKpagEf0QfyHPw0/0kG9DMnvQ+Im881QyN2zdl33wp5Fi+jRT7cunFQIDAQAB
长度为216个字符。
我无法弄清楚出了什么问题-如果iOS处理其他密钥中的密钥,并且需要特殊处理才能与其他人交谈,那么我显然不会感到惊讶。
任何的想法?
当将 iOS 应用程序连接到 Java 后端时,我们遇到了完全相同的问题。pedrofb提到的CryptoExportImportManager也帮助了我们,这太棒了。然而,类中的代码有点复杂并且可能难以维护。这是因为在向 DER 编码添加新组件时使用自上而下的方法。因此,必须提前计算长度字段包含的数字(即在定义长度所适用的内容之前)。因此,我创建了一个新类,我们现在用它来转换 RSA 公钥的 DER 编码:CryptoExportImportManager
class RSAKeyEncoding: NSObject {\n\n // ASN.1 identifiers\n private let bitStringIdentifier: UInt8 = 0x03\n private let sequenceIdentifier: UInt8 = 0x30\n\n // ASN.1 AlgorithmIdentfier for RSA encryption: OID 1 2 840 113549 1 1 1 and NULL\n private let algorithmIdentifierForRSAEncryption: [UInt8] = [0x30, 0x0d, 0x06,\n 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00]\n\n /// Converts the DER encoding of an RSA public key that is either fetched from the\n /// keychain (e.g. by using `SecItemCopyMatching(_:_:)`) or retrieved in another way\n /// (e.g. by using `SecKeyCopyExternalRepresentation(_:_:)`), to a format typically\n /// used by tools and programming languages outside the Apple ecosystem (such as\n /// OpenSSL, Java, PHP and Perl). The DER encoding of an RSA public key created by\n /// iOS is represented with the ASN.1 RSAPublicKey type as defined by PKCS #1.\n /// However, many systems outside the Apple ecosystem expect the DER encoding of a\n /// key to be represented with the ASN.1 SubjectPublicKeyInfo type as defined by\n /// X.509. The two types are related in a way that if the SubjectPublicKeyInfo\xe2\x80\x99s\n /// algorithm field contains the rsaEncryption object identifier as defined by\n /// PKCS #1, the subjectPublicKey field shall contain the DER encoding of an\n /// RSAPublicKey type.\n ///\n /// - Parameter rsaPublicKeyData: A data object containing the DER encoding of an\n /// RSA public key, which is represented with the ASN.1 RSAPublicKey type.\n /// - Returns: A data object containing the DER encoding of an RSA public key, which\n /// is represented with the ASN.1 SubjectPublicKeyInfo type.\n func convertToX509EncodedKey(_ rsaPublicKeyData: Data) -> Data {\n var derEncodedKeyBytes = [UInt8](rsaPublicKeyData)\n\n // Insert ASN.1 BIT STRING bytes at the beginning of the array\n derEncodedKeyBytes.insert(0x00, at: 0)\n derEncodedKeyBytes.insert(contentsOf: lengthField(of: derEncodedKeyBytes), at: 0)\n derEncodedKeyBytes.insert(bitStringIdentifier, at: 0)\n\n // Insert ASN.1 AlgorithmIdentifier bytes at the beginning of the array\n derEncodedKeyBytes.insert(contentsOf: algorithmIdentifierForRSAEncryption, at: 0)\n\n // Insert ASN.1 SEQUENCE bytes at the beginning of the array\n derEncodedKeyBytes.insert(contentsOf: lengthField(of: derEncodedKeyBytes), at: 0)\n derEncodedKeyBytes.insert(sequenceIdentifier, at: 0)\n\n return Data(derEncodedKeyBytes)\n }\n\n private func lengthField(of valueField: [UInt8]) -> [UInt8] {\n var length = valueField.count\n\n if length < 128 {\n return [ UInt8(length) ]\n }\n\n // Number of bytes needed to encode the length\n let lengthBytesCount = Int((log2(Double(length)) / 8) + 1)\n\n // First byte encodes the number of remaining bytes in this field\n let firstLengthFieldByte = UInt8(128 + lengthBytesCount)\n\n var lengthField: [UInt8] = []\n for _ in 0..<lengthBytesCount {\n // Take the last 8 bits of length\n let lengthByte = UInt8(length & 0xff)\n // Insert them at the beginning of the array\n lengthField.insert(lengthByte, at: 0)\n // Delete the last 8 bits of length\n length = length >> 8\n }\n\n // Insert firstLengthFieldByte at the beginning of the array\n lengthField.insert(firstLengthFieldByte, at: 0)\n\n return lengthField\n }\n}\n您可以在函数中使用此类,asBase64()如下所示:
extension SecKey {\n func asBase64() throws -> String {\n var dataPtr: CFTypeRef?\n let query: [String:Any] = [\n kSecClass as String: kSecClassKey,\n kSecAttrApplicationTag as String: "...", // Same unique tag here\n kSecAttrKeyType as String: kSecAttrKeyTypeRSA,\n kSecReturnData as String: kCFBooleanTrue\n ]\n let result = SecItemCopyMatching(query as CFDictionary, &dataPtr)\n\n switch (result, dataPtr) {\n case (errSecSuccess, .some(let data)):\n\n // convert to X509 encoded key\n let convertedData = RSAKeyEncoding().convertToX509EncodedKey(data)\n\n // convert to Base64 string\n let base64PublicKey = convertedData.base64EncodedString(options: [])\n return base64PublicKey\n default:\n throw CryptoError.keyConversionError\n }\n }\n}\n使用上面的类一段时间后,我们偶然发现了另一个问题。有时,从钥匙串中获取的公钥似乎无效,因为由于某种原因它的大小已增大。此行为与问题中描述的结果相匹配(尽管在我们的示例中,Base64 编码密钥的大小已增长到 392 个字符,而不是 360 个字符)。不幸的是,我们没有\xe2\x80\x99找到这种奇怪行为的确切原因,但我们找到了两个解决方案。第一个解决方案是在定义查询时指定kSecAttrKeySizeInBitswith ,如下面的代码片段所示:kSecAttrEffectiveKeySize
let keySize = ... // Key size specified when storing the key, for example: 2048\n\nlet query: [String: Any] = [\n kSecAttrKeySizeInBits as String: keySize,\n kSecAttrEffectiveKeySize as String: keySize,\n ... // More attributes\n]\n\nvar dataPtr: CFTypeRef?\n\nlet result = SecItemCopyMatching(query as CFDictionary, &dataPtr)\n第二种解决方案是始终从钥匙串(如果有)中删除旧密钥,然后再添加具有相同标签的新密钥。
\n我在 GitHub 上发布了这个项目,可以用作上述类的替代方案。
\nRFC 5280 (X.509 v3)
\nRFC 8017(PKCS #1 v2.2)
\n我在这里找到的一些代码在创建该lengthField(...)函数时启发了我。
Java 需要以 DER 格式编码的公钥。不幸的是iOS不支持这种标准格式,需要额外的转换(我不知道这在最新版本的swift中是否会有所改进)
在这里查看我的答案您可以使用CryptoExportImportManager转换密钥
func exportPublicKeyToDER(keyId:String) -> NSData?{
let publicKey = loadKeyStringFromKeyChainAsNSData(PUBLIC_KEY + keyId)
let keyType = kSecAttrKeyTypeRSA
let keySize = 2048
let exportImportManager = CryptoExportImportManager()
if let exportableDERKey = exportImportManager.exportPublicKeyToDER(publicKey, keyType: keyType as String, keySize: keySize) {
return exportableDERKey
} else {
return nil
}
}
| 归档时间: |
|
| 查看次数: |
842 次 |
| 最近记录: |