Exporting public key in pkcs#1 format on iOS?

Question

How does one export an RSA public key that has been generated with SecKeyGeneratePair in pkcs#8 format?

I'm currently writing an iOS app that needs to be able to generate RSA private/public key pairs, sign a piece of content and export the public key in pkcs#8 format to be sent to the server. So far I'm generating my pair with SecKeyGeneratePair , retrieving my public and private keys with SecItemCopyMatching and signing things with SecKeyRawSign , which all seems to be working fine and the signature is verifying just fine for testing with SecKeyRawVerify . But I am unfortunately coming up completely blank on how to export the public key properly in pkcs#8.

Thank you in advance for any help.

Answer 1

From experience, if you need to do something that doesn't look like it's supported by the iOS security framework then build and link your own copy of OpenSSL into your project. Although iOS apparently uses OpenSSL internally, very little of it is exposed to application developers.

Grab one of the many OpenSSL-for-iOS projects out there, for example this one , and get going.

Using OpenSSL directly has a number of advantages, a few of them being lots of sample code and on-line documentation at http://openssl.org , and you can pretty much do anything you need to that's crypto-related.

Update : there are now multiple versions of OpenSSL available via Cocopods: OpenSSL and OpenSSL-Universal which should make importing OpenSSL into your iOS or OSX project a lot easier.

Answer 2

The process described on http://blog.wingsofhermes.org/?p=42 allows exporting properly formatted rsa public keys easily without the need for adding external libraries. In short, iOS was doing things properly except that it exports keys without proper encoding.

It wasn't the easiest post to find so hopefully this link to it saves someone some time in the future.