[英]iPhone: How do you export a SecKeyRef or an NSData containing public key bits to the PEM format?
I've created a pair of keys using SecKeyGeneratePair
. 我使用
SecKeyGeneratePair
创建了一对密钥。 I'd now like to pass the public key to a server, but I'm not really sure how to proceed. 我现在想将公钥传递给服务器,但我不确定如何继续。
I have a function getPublicKeyBits
(taken from Apple's CryptoExercise
), but I don't really know what to do with the raw NSData. 我有一个函数
getPublicKeyBits
(取自Apple的CryptoExercise
),但我真的不知道如何处理原始NSData。 Here is the function: 这是功能:
- (NSData *)getPublicKeyBits {
OSStatus sanityCheck = noErr;
NSData* publicKeyBits = nil;
NSData* publicTag = [[NSData alloc] initWithBytes:publicKeyIdentifier length:sizeof(publicKeyIdentifier)];
CFDataRef cfresult = NULL;
NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];
// Set the public key query dictionary.
[queryPublicKey setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[queryPublicKey setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
[queryPublicKey setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnData];
// Get the key bits.
sanityCheck = SecItemCopyMatching((__bridge CFDictionaryRef)queryPublicKey, (CFTypeRef*)&cfresult);
if (sanityCheck != noErr)
{
publicKeyBits = nil;
}
else
{
publicKeyBits = (__bridge_transfer NSData *)cfresult;
}
return publicKeyBits;
}
How do I take this raw byte data and turn it into something like PEM
or some other format that a crypto library understands? 如何获取此原始字节数据并将其转换为
PEM
或加密库可以理解的其他格式? Should I base64 encode it? 我应该base64编码吗? Are there other things I need to do as well?
还有其他我需要做的事情吗?
If it helps, I'm trying to use the public key with the M2Crypto
library available for Python. 如果它有帮助,我正在尝试使用可用于Python的
M2Crypto
库的M2Crypto
。
I think you will want to look at http://www.openssl.org/docs/crypto/pem.html# maybe: 我想你会想看http://www.openssl.org/docs/crypto/pem.html#也许:
int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
This page has some great tips and sample code for packaging the data you have into the PEM format so you can send it to a server: 此页面提供了一些很好的提示和示例代码,用于将您拥有的数据打包成PEM格式,以便将其发送到服务器:
http://blog.wingsofhermes.org/?p=42 http://blog.wingsofhermes.org/?p=42
You don't need the whole openssl library compiled from source and statically linked to do it. 您不需要从源编译并静态链接的整个openssl库来执行此操作。 I'm using just this technique, wrapping the base 64 key in "-----BEGIN PUBLIC KEY-----" and it can be read and used by a Rails application using the standard ruby openssl classes.
我正在使用这种技术,将基本64键包装在“----- BEGIN PUBLIC KEY -----”中,并且Rails应用程序可以使用标准的ruby openssl类来读取和使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.