堆栈内存溢出
  简体   繁体   English

将证书和私钥分发到iOS设备

[英]Distributing certificate and private key to iOS devices

 原文  2013-01-08 23:10:24       ios/ certificate/ distribution/ private/ mdm

问题描述

I have an iOS application that uses certificates for messaging-signing following the Digital Signature Algorithm (DSA). 我有一个iOS应用程序,它使用证书进行数字签名算法(DSA)之后的消息签名。 In order to perform this signing, the app needs the certificate as well as the private key associated with the certificate. 为了执行此签名,应用程序需要证书以及与证书关联的私钥。 And, I cannot embed the certificate in the app as my customers need to be able to generate and distribute their own certificates to be used by the app whenever they need. 并且,我无法在应用程序中嵌入证书,因为我的客户需要能够生成和分发他们自己的证书,以便应用程序在需要时使用。 (And, embedding a certificate would constitute a security risk anyway.) (而且,嵌入证书无论如何都会构成安全风险。)

Does anyone have any thoughts on how I might go about distributing the certificates and private keys? 有没有人对我如何分发证书和私钥有任何想法?

PS. PS。 We do the same thing on BlackBerry and, there, we use BlackBerry Enterprise Server and APIs on the BlackBerry device to push certificates to the devices in the organization. 我们在BlackBerry上做同样的事情,在那里,我们在BlackBerry设备上使用BlackBerry Enterprise Server和AP​​I将证书推送到组织中的设备。 I'm hoping there's a MDM solution to this for iOS but haven't been able to find anything yet. 我希望有一个针对iOS的MDM解决方案,但还没有找到任何东西。

Thanks much 非常感谢

2 个解决方案

解决方案1
 2  2013-01-08 23:17:33

You ask: 你问:

Does anyone have any thoughts on how I might go about distributing the certificates and private keys? 有没有人对我如何分发证书和私钥有任何想法?

I'm sorry I don't know enough about your specific situation to tell you exactly how to meet your requirement, but I can tell that's not how it's usually done. 对不起,我对你的具体情况了解不多,无法告诉你如何满足你的要求,但我可以说这不是通常的做法。 Instead the public/private key pair is normally generated on the device, then the public key (only) is submitted with additional data (in a Certificate Signing Request, CSR, for example), to a server (Certification Authority, CA), which generates the certificate and returns it to the requester (and possibly publishes it in a directory). 相反,通常在设备上生成公钥/私钥对,然后将公钥(仅)与附加数据(例如,在证书签名请求中,CSR)一起提交给服务器(证书颁发机构,CA),生成证书并将其返回给请求者(并可能将其发布到目录中)。

An important security benefit to this approach is no third party has access to the private key (the CA needs the public key and doesn't need the private key). 这种方法的一个重要安全优势是没有第三方可以访问私钥(CA需要公钥而不需要私钥)。 This is required for non-repudiation (so the device owner can't claim someone got his private key from the central server). 这是不可否认性所必需的(因此设备所有者不能声称某人从中央服务器获取了他的私钥)。

解决方案2
 2  2013-01-09 15:54:30

On iOS, there is no straight forward way to distribute a certificate and it's private key to an app. 在iOS上,没有直接的方式来分发证书,它是应用程序的私钥。 Apple suggests using PKCS12 and provides some guidance in this document: Technical Q&A QA1745: Making Certificates and Keys Available To Your App . Apple建议使用PKCS12并在本文档中提供一些指导: 技术问答QA1745:为您的应用程序提供证书和密钥

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ios私钥和证书不配对 - ios private key and certificate not pairing 证书和私钥对IOS - Certificate and private key pair IOS ios开发人员证书私钥 - ios developer certificate private key iOS:将私钥添加到设备KeyChain - iOS: Adding a Private Key to the devices KeyChain 如何下载私钥证书Distribucion iOS? - How to download private key certificate Distribucion iOS? 将私钥添加到iOS的生产证书中 - Add private key to production certificate for iOS iOS开发/发行证书-缺少私钥 - ios development/distribution certificate - missing private key iOS开发人员证书私钥丢失 - iOS developer certificate private key lost iOS 开发/分发证书,缺少私钥 - iOS development/distribution certificate, missing private key 我的iOS开发人员证书还是git中的私钥? - Is my iOS developer certificate or private key in the git?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM