[英]get SecKeyRef from base64 coded string
I'm working on an iOS app and I get a base64 coded public key such as: 我正在开发一个iOS应用程序,我得到一个base64编码的公钥,例如:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3gn+tJ1+PbP0GHa6hmM35WsVyibpypWAwRuBYY4MGfh3VWoXgiyiLo5HJTW1eR9BUFq3z+yOG1rwzSabZ8I4zneWm0kH7xErSjNrMbmjirbL7e6TQNa1ujP/x4x9XVbqf3vIsNVs19kn/qSX/HGzd5Ct3TGAo0AT0T4JwkCfciwIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3gn +口令是tJ1 + PbP0GHa6hmM35WsVyibpypWAwRuBYY4MGfh3VWoXgiyiLo5HJTW1eR9BUFq3z + yOG1rwzSabZ8I4zneWm0kH7xErSjNrMbmjirbL7e6TQNa1ujP / x4x9XVbqf3vIsNVs19kn / QSX / HGzd5Ct3TGAo0AT0T4JwkCfciwIDAQAB
I'd like to encode some text with this public key, but I cannot find a way to convert this string to a useful public key. 我想用这个公钥编码一些文本,但我找不到将这个字符串转换为有用的公钥的方法。
What do I need to do? 我需要做什么?
First, you must base64 decode your NSString to NSData: See this answer for solutions. 首先,您必须将NSString的base64解码为NSData:请参阅此答案以获取解决方案。 If you are developing for iOS 7, you can use
initWithBase64EncodedString::options
. 如果您正在为iOS 7开发,则可以使用
initWithBase64EncodedString::options
。
Once you have the string decoded as NSData, you can attempt to create a certificate from it. 将字符串解码为NSData后,您可以尝试从中创建证书。 The format of the certificate you received matters - you can use DER (which is common) or PKCS12.
您收到的证书格式很重要 - 您可以使用DER(通用)或PKCS12。 You're likely to be getting it as DER, so that's what I'll assume you need guidance on.
你可能会把它作为DER,所以我认为你需要指导。
Create a certificate and policy: 创建证书和策略:
SecCertificateRef cert = NULL;
SecPolicyRef policy = NULL;
cert = SecCertificateCreateWithData(kCFAllocatorDefault, data);
policy = SecPolicyCreateBasicX509();
If the cerificate data was in an incorrect format when passed to SecCertificateCreateWithData
you will get a NULL result. 如果传递给
SecCertificateCreateWithData
时证书数据格式不正确,您将获得NULL结果。
At this point you have the certificate, but not the public key. 此时您拥有证书,但不是公钥。 To obtain the public key you must create a trust reference and evaluate the trust of the certificate.
要获取公钥,您必须创建信任引用并评估证书的信任 。
OSStatus status = noErr;
SecKeyRef *publicKey = NULL;
SecTrustRef trust = NULL;
SecTrustResultType trustType = kSecTrustResultInvalid;
if (cert != NULL){
SecCertificateRef certArray[1] = {cert};
certs = CFArrayCreate(kCFAllocatorDefault, (void *)certArray, 1, NULL);
status = SecTrustCreateWithCertificates(certs, policy, &trust);
if (status == errSecSuccess){
status = SecTrustEvaluate(trust, &trustType);
// Evaulate the trust.
switch (trustType) {
case kSecTrustResultInvalid:
case kSecTrustResultConfirm:
case kSecTrustResultDeny:
case kSecTrustResultUnspecified:
case kSecTrustResultFatalTrustFailure:
case kSecTrustResultOtherError:
break;
case kSecTrustResultRecoverableTrustFailure:
*publicKey = SecTrustCopyPublicKey(trust);
break;
case kSecTrustResultProceed:
*publicKey = SecTrustCopyPublicKey(trust);
break;
}
}
}
If everything went well, you should now have a populated SecKeyRef with the public key. 如果一切顺利,您现在应该使用公钥填充SecKeyRef。 If it didn't go well, you will have a NULL SecKeyRef and an OSStatus indicating what went wrong.
如果它不顺利,你将有一个NULL SecKeyRef和一个指示出错的OSStatus。
SecBase.h
in the Security framework gives more detailed information on those error codes. 安全框架中的
SecBase.h
提供了有关这些错误代码的更多详细信息。
Now that you have a SecKeyRef with a public key, using it to encrypt data with a corresponding private key is covered well by the programming guide . 现在你有一个带有公钥的SecKeyRef, 编程指南很好地使用它来用相应的私钥加密数据。
Note that you will have to release the things you allocated above (policy, certs) using ARC or CFRelease. 请注意,您必须使用ARC或CFRelease释放您在上面分配的内容(策略,证书)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.