堆栈内存溢出
  简体   繁体   English

如何获取证书公钥字符串“将SecKeyRef转换为NSString”iOS,如果此键字串在所有平台上相似?

[英]How to get the certificate Public Key String “Convert SecKeyRef from to NSString” iOS, and if this key string similar in all platforms?

 原文  2014-03-22 09:08:40       iphone/ objective-c/ certificate/ public-key/ pinning

问题描述

I have to make Certificate Pinning in my iOS app and to make that there is 2 options 1- check on certificate as it is 2- check on public key of the certificate only 我必须在我的iOS应用程序中进行证书固定,并且有2个选项1-检查证书,因为它只检查证书的公钥

in my case, my app connect to a backend server all the time and when the user try to login the app should login on another server for some security issue, also this server may be changed according to user type 在我的情况下,我的应用程序一直连接到后端服务器,当用户尝试登录应用程序时应登录另一台服务器以解决某些安全问题,此服务器也可能根据用户类型进行更改

so my backend server sends to me some urls with server certificate public key string for each login url server, and I have to check on the similarity of the key when the user login 所以我的后端服务器向我发送了一些带有服务器证书公钥字符串的URL用于每个登录URL服务器,我必须在用户登录时检查密钥的相似性

also this app is done for iOS and Android, 此应用程序也适用于iOS和Android,

My question can I get the public key (as a string) from the login server certificate to match it the stored one Also is that key will be similar to the one on the android?, so the back end server sends only one key for me and android ? 我的问题是,我可以从登录服务器证书获取公钥(作为字符串)以匹配存储的那个也是那个键将类似于android上的那个?所以后端服务器只为我发送一个密钥还有android?

1 个解决方案

解决方案1
 0  2014-05-14 21:22:54

As I understand, 我认为,

  1. There is a certificate stored in your APP. 您的APP中存储了证书。

    You can store your public key in keychain and use it. 您可以将公钥存储在钥匙串中并使用它。 Use "SecItemAdd" to add certificate to your application keychain. 使用“SecItemAdd”将证书添加到您的应用程序钥匙串。 Once stored, you should be able to copy the Public key using "SecItemCopyMatching" method. 存储后,您应该能够使用“SecItemCopyMatching”方法复制公钥。

  2. When the user logs in, The app gets a URL to new certificate. 当用户登录时,该应用程序将获取新证书的URL。

  3. If the certificate is different then you need to download and use the new certificate. 如果证书不同,则需要下载并使用新证书。

    For point 2 and 3, either ways we would need the key data to be downloaded. 对于第2点和第3点,无论哪种方式我们都需要下载密钥数据。 So, download the certificate every time, retrieve the public key. 因此,每次下载证书,检索公钥。 We cannot do a string compare, however it should be possible to do a byte comparison to check for equality. 我们不能进行字符串比较,但应该可以进行字节比较以检查是否相等。 If not equal, replace the certificate with downloaded one using, "SecItemUpdate". 如果不相等,请使用“SecItemUpdate”替换已下载的证书。

  4. Will this be same on iOS and Android? 在iOS和Android上这是一样的吗?

    I hope the certificates are used for secure transmission/PKI. 我希望证书用于安全传输/ PKI。 So, the same public key would work for iOS and android. 因此,相同的公钥适用于iOS和Android。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iPhone:如何从公共密钥文件(PEM)创建SecKeyRef - iPhone: How to create a SecKeyRef from a public key file (PEM) 来自iOS中X.509 ASN.1 RSA公钥的SecKeyRef - SecKeyRef from X.509 ASN.1 RSA Public Key in iOS 如何从公钥的指数和模数创建SeckeyRef并在SecKeyEncrypt方法中使用 - How to Create SeckeyRef from exponent and modulus of Public key and use in SecKeyEncrypt method 如何在iOS上固定证书的公钥 - How to pin the Public key of a certificate on iOS iPhone:如何将包含公钥位的SecKeyRef或NSData导出为PEM格式? - iPhone: How do you export a SecKeyRef or an NSData containing public key bits to the PEM format? 将公钥(在 iPhone 中生成为 seckeyref)发送到服务器(在 Java 中) - Send Public key(generated as seckeyref in iPhone) to server(in Java) 在磁盘上保存SecKeyRef设备生成的公钥/私钥对 - Saving SecKeyRef device generated public/private key pair on disk IOS:NSString从字符串中检索子字符串 - IOS : NSString retrieving a substring from a string 将NSString转换为字符串 - Convert NSString to string 将NSString转换为二进制字符串 - Convert NSString to binary string
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM