How does one export an RSA public key that has been generated with SecKeyGeneratePair in pkcs#8 format?
如何导出用pkcs#8格式的SecKeyGeneratePair生成的RSA公钥?
I'm currently writing an iOS app that needs to be able to generate RSA private/public key pairs, sign a piece of content and export the public key in pkcs#8 format to be sent to the server. So far I'm generating my pair with SecKeyGeneratePair, retrieving my public and private keys with SecItemCopyMatching and signing things with SecKeyRawSign, which all seems to be working fine and the signature is verifying just fine for testing with SecKeyRawVerify. But I am unfortunately coming up completely blank on how to export the public key properly in pkcs#8.
我目前正在编写一个iOS应用程序,它需要能够生成RSA私钥/公钥对,签署一段内容,并导出pkcs#8格式的公钥以发送到服务器。到目前为止,我正在使用SecKeyGeneratePair生成一对,使用secitemcopymatches匹配检索我的公共和私有密钥,并使用SecKeyRawSign签名,这些似乎都运行得很好,签名对于使用SecKeyRawVerify进行测试来说也很好。但不幸的是,我对如何在pkcs#8中正确导出公钥完全一无所知。
Thank you in advance for any help.
事先谢谢你的帮助。
2 个解决方案
#1
2
The process described on http://blog.wingsofhermes.org/?p=42 allows exporting properly formatted rsa public keys easily without the need for adding external libraries. In short, iOS was doing things properly except that it exports keys without proper encoding.
http://blog.wingsofhermes.org/?p=42允许轻松导出格式正确的rsa公钥,无需添加外部库。简而言之,iOS的工作做得很好,只是在没有正确编码的情况下导出键。
It wasn't the easiest post to find so hopefully this link to it saves someone some time in the future.
这并不是最容易找到的帖子,所以希望这个链接可以为别人节省一些时间。
#2
2
From experience, if you need to do something that doesn't look like it's supported by the iOS security framework then build and link your own copy of OpenSSL into your project. Although iOS apparently uses OpenSSL internally, very little of it is exposed to application developers.
根据经验,如果您需要做一些看起来不受iOS安全框架支持的事情,那么构建并链接您自己的OpenSSL副本到您的项目中。尽管iOS显然在内部使用了OpenSSL,但它很少接触到应用程序开发人员。
Grab one of the many OpenSSL-for-iOS projects out there, for example this one, and get going.
从众多的openssl -for ios项目中选择一个,例如这个,然后开始。
Using OpenSSL directly has a number of advantages, a few of them being lots of sample code and on-line documentation at http://openssl.org, and you can pretty much do anything you need to that's crypto-related.
直接使用OpenSSL有很多优点,其中有一些在http://openssl.org上有大量的示例代码和在线文档,您几乎可以做任何与加密相关的事情。
Update: there are now multiple versions of OpenSSL available via Cocopods: OpenSSL and OpenSSL-Universal which should make importing OpenSSL into your iOS or OSX project a lot easier.
更新:现在有多个版本的OpenSSL可以通过Cocopods提供:OpenSSL和OpenSSL- universal,这将使将OpenSSL导入iOS或OSX项目变得更加容易。
#1
2
The process described on http://blog.wingsofhermes.org/?p=42 allows exporting properly formatted rsa public keys easily without the need for adding external libraries. In short, iOS was doing things properly except that it exports keys without proper encoding.
http://blog.wingsofhermes.org/?p=42允许轻松导出格式正确的rsa公钥,无需添加外部库。简而言之,iOS的工作做得很好,只是在没有正确编码的情况下导出键。
It wasn't the easiest post to find so hopefully this link to it saves someone some time in the future.
这并不是最容易找到的帖子,所以希望这个链接可以为别人节省一些时间。
#2
2
From experience, if you need to do something that doesn't look like it's supported by the iOS security framework then build and link your own copy of OpenSSL into your project. Although iOS apparently uses OpenSSL internally, very little of it is exposed to application developers.
根据经验,如果您需要做一些看起来不受iOS安全框架支持的事情,那么构建并链接您自己的OpenSSL副本到您的项目中。尽管iOS显然在内部使用了OpenSSL,但它很少接触到应用程序开发人员。
Grab one of the many OpenSSL-for-iOS projects out there, for example this one, and get going.
从众多的openssl -for ios项目中选择一个,例如这个,然后开始。
Using OpenSSL directly has a number of advantages, a few of them being lots of sample code and on-line documentation at http://openssl.org, and you can pretty much do anything you need to that's crypto-related.
直接使用OpenSSL有很多优点,其中有一些在http://openssl.org上有大量的示例代码和在线文档,您几乎可以做任何与加密相关的事情。
Update: there are now multiple versions of OpenSSL available via Cocopods: OpenSSL and OpenSSL-Universal which should make importing OpenSSL into your iOS or OSX project a lot easier.
更新:现在有多个版本的OpenSSL可以通过Cocopods提供:OpenSSL和OpenSSL- universal,这将使将OpenSSL导入iOS或OSX项目变得更加容易。