在安全元素中检索私钥的SecKeyRef
在安全元素中检索私钥的SecKeyRef
提问于 2015-11-10 16:40:23
我生成RSA公钥/私钥对,如下所示:
CFDataRef privateTag;
CFDataRef publicTag;
SecKeyRef publicKey;
SecKeyRef privateKey;
const UInt8 publicTagString[] = "com.example.widgets.publickey3";
const UInt8 privateTagString[] = "com.example.widgets.privatekey3";
publicTag = CFDataCreate(0, publicTagString, sizeof(publicTagString));
privateTag = CFDataCreate(0, privateTagString, sizeof(privateTagString));
CFMutableDictionaryRef publicAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(publicAttr, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(publicAttr, kSecAttrApplicationTag, publicTag);
CFDictionaryAddValue(publicAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanDerive, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanSign, kCFBooleanFalse);
CFDictionaryAddValue(publicAttr, kSecAttrCanVerify, kCFBooleanTrue);
CFDictionaryAddValue(publicAttr, kSecAttrCanUnwrap, kCFBooleanFalse);
CFMutableDictionaryRef privateAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(privateAttr, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(privateAttr, kSecAttrApplicationTag, privateTag);
CFDictionaryAddValue(privateAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanDerive, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanSign, kCFBooleanTrue);
CFDictionaryAddValue(privateAttr, kSecAttrCanVerify, kCFBooleanFalse);
CFDictionaryAddValue(privateAttr, kSecAttrCanUnwrap, kCFBooleanFalse);
const void* parameterKeys[] = {
kSecAttrKeyType,
kSecAttrKeySizeInBits,
kSecPublicKeyAttrs,
kSecPrivateKeyAttrs
};
int intKeySize = 512;
CFNumberRef keySize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &intKeySize);
const void* parameterValues[] = {
kSecAttrKeyTypeRSA,
keySize,
publicAttr,
privateAttr
};
CFDictionaryRef parameters = CFDictionaryCreate(
kCFAllocatorDefault,
parameterKeys,
parameterValues,
4,
NULL,
NULL
);
OSStatus status = SecKeyGeneratePair(parameters, &publicKey, &privateKey);
if(status != errSecSuccess) {
[self logError:[NSString stringWithFormat:@"SecKeyGeneratePair status %d", (int)status] :nil];
return;
}在使用公钥签名时,我需要私钥的SecKeyRef,该私钥保存在安全元素中:
NSData *signedHash = nil;
uint8_t *signedHashBytes = NULL;
size_t signedHashBytesSize = SecKeyGetBlockSize(privateKey);
// Malloc a buffer to hold signature
signedHashBytes = malloc(signedHashBytesSize * sizeof(uint8_t));
memset((void *)signedHashBytes, 0x0, signedHashBytesSize);
// Sign SHA1 hash
OSStatus status = SecKeyRawSign(
privateKey,
kSecPaddingPKCS1SHA1,
(const uint8_t *)[[self getSHA1:text] bytes],
CC_SHA1_DIGEST_LENGTH,
(uint8_t *)signedHashBytes,
&signedHashBytesSize
);如何检索私钥的SecKeyRef (给定publicTag )
回答 1
Stack Overflow用户
回答已采纳
发布于 2015-11-11 15:28:57
检索给定的SecKeyRef应用程序标记,使用SecItemCopyMatching将kSecReturnRef设置为kCFBooleanTrue
CFDataRef privateTag; // The same used in SecKeyGeneratePair
SecKeyRef privateKeyRef = nil;
CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
CFDictionaryAddValue(query, kSecClass, kSecClassKey);
CFDictionaryAddValue(query, kSecAttrApplicationTag, privateTag);
CFDictionaryAddValue(query, kSecAttrKeyType, kSecAttrKeyTypeRSA);
CFDictionaryAddValue(query, kSecReturnRef, kCFBooleanTrue);
OSStatus status = SecItemCopyMatching(query, (CFTypeRef *)&privateKeyRef);
if(status != noErr) {
[self logError:[NSString stringWithFormat:@"SecItemCopyMatching status %d", (int)status] :nil];
return nil;
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/33635061
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号