从密钥链中的密钥对中提取公钥

Question

问题:检索公钥

对于iPhone应用程序,我需要创建一个rsa密钥对,将其存储在密钥链中并检索公钥.

幸运的是,Apple发布了一个Crypto Exercise Sample,我可以找到所需的一切(类SecKeyWrapper,函数generateKeyPair和getPublicKeyBits).

但是在尝试使用这些函数之后,我总是为不同密钥对的公钥获得相同的输出(而不是不同密钥对的不同公钥位).

我的generateKeyPair和getPublicKeyBits函数的实现:

我首先通过调用generateKeyPairWithKeySizeInBits创建一个密钥对(这似乎工作正常),然后我用getPublicKeyBits和NSLog 提取公钥位...

- (void) generateKeyPairWithKeySizeInBits:(int)bits withPublicIdentifier:(NSString     *)publicIdentifier andPrivateIdentifier:(NSString *)privateIdentifier
{

    NSLog(@"begin generating key...");
    OSStatus status = noErr;

    NSMutableDictionary* privateKeyAttr = [[NSMutableDictionary alloc] init];
    NSMutableDictionary* publicKeyAttr = [[NSMutableDictionary alloc] init];
    NSMutableDictionary* keyPairAttr = [[NSMutableDictionary alloc] init];

    NSData* publicTag = [publicIdentifier dataUsingEncoding:NSUTF8StringEncoding];
    NSData* privateTag = [privateIdentifier dataUsingEncoding:NSUTF8StringEncoding];

    SecKeyRef publicKey = NULL;
    SecKeyRef privateKey = NULL;

    [keyPairAttr setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id) kSecAttrKeyType];
    [keyPairAttr setObject:[NSNumber numberWithInt:bits] forKey:(__bridge id) kSecAttrKeySizeInBits];

    [privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id) kSecAttrIsPermanent];
    [privateKeyAttr setObject:privateTag forKey:(__bridge id) kSecAttrApplicationTag];

    [publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
    [publicKeyAttr setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];

    [keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
    [keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];

    SecItemDelete((__bridge CFDictionaryRef)keyPairAttr);

    status = SecKeyGeneratePair((__bridge CFDictionaryRef) keyPairAttr, &publicKey, &privateKey);

    if(status != noErr){
        NSLog(@"status = %@",status);
    }
    if(publicKey){
        NSLog(@"public key %@",publicKey);
    }

    if(privateKey){
        NSLog(@"private key %@",privateKey);
    }

    [self getPublicKeyBits:publicIdentifier];
}


- (NSData *)getPublicKeyBits: (NSString*) publicKeyIdentifier {

    OSStatus sanityCheck = noErr;
    NSData * publicKeyBits = nil;
    CFTypeRef pk;
    NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];

    NSData* publicTag = [publicKeyIdentifier dataUsingEncoding:NSUTF8StringEncoding];

    // Set the public key query dictionary.
    [queryPublicKey setObject:(__bridge_transfer id)kSecClassKey forKey:(__bridge_transfer id)kSecClass];

    [queryPublicKey setObject:publicTag forKey:(__bridge_transfer id)kSecAttrApplicationTag];
    [queryPublicKey setObject:(__bridge_transfer id)kSecAttrKeyTypeRSA forKey:(__bridge_transfer id)kSecAttrKeyType];
    [queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge_transfer id)kSecReturnData];

    // Get the key bits.
    sanityCheck = SecItemCopyMatching((__bridge_retained CFDictionaryRef)queryPublicKey, &pk);
    if (sanityCheck != noErr)
    {
        publicKeyBits = nil;
    }
    publicKeyBits = (__bridge_transfer NSData*)pk;
    NSLog(@"public bits %@",publicKeyBits);

    return publicKeyBits;
}

输出("公共位" - 部分(最后一行)始终相同):

2012-07-13 10:39:28.391 [12279:707] begin generating key...
2012-07-13 10:39:39.376 [12279:707] public key <SecKeyRef: 0xeb56e00>
2012-07-13 10:39:39.381 [12279:707] private key <SecKeyRef: 0xeb57800>
2012-07-13 10:39:39.397 [12279:707] public bits <3082010a 02820101 00ea41ec 12780dff 20a55d67 62ec9890 028ed031 eccd1163 5b4bd039 01adffb5 766f37b8 31be8d03 4a41240b 4e127b75 bc4dd8fb 5b404d4d ad18d711 5cf64a04 61c49970 1fef5434 215f80e4 efee8894 1f282f77 8ea5f7e3 35673260 80ee5f80 818d19d3 b7b15e5c f013ad7d 5ff5dd33 b3e57544 de50dc02 f28aa2ae d4b9590a 1e71bd05 79e81fb7 2a9cd592 cf412fe1 db7a89d4 05bd1731 f95f7aae 56ec4171 e9f352ec c26c3c15 05a0e84b 16c5e89d cec8b1a3 24365d4e dcea88a2 92d8c2e6 8f0e9aee e83703bc e66418af aa9dceea 1129f669 cf069b87 edde4cf7 5e313212 80f44e04 d5b5e2db 9e7f26ae 9b8ef8ee 2e177702 18673b1a f125d3c8 d9ddf978 fb020301 0001>

Answer 1

因此,您的SecItemDelete代码无法按预期工作.如果要删除钥匙串中的所有项目(显然是出于测试目的),您应该查看-[Credentials resetCredentials]AdvancedURLConnections示例代码中方法中的代码.

https://developer.apple.com/library/ios/#samplecode/AdvancedURLConnections/

您可能还会-dumpCredentials在调试过程中找到方法.

所以SecItemDelete的问题意味着SecKeyGeneratePair每次运行应用程序时都会生成一组新的键.这些密钥中的每一个都具有相同的应用程序标记,这使得在SecItemCopyMatching调用中返回的密钥不确定 - getPublicKeyBits:.事实证明,在当前的系统软件中,您总是会收到第一个密钥,因此您始终可以获得相同的公钥位.