從證書獲取公鑰/私鑰

Question

我嘗試從保存在設備上的證書中獲取公鑰或私鑰。 我正在使用這種方法：

    - (SecKeyRef)publicKeyFromFile:(NSString *)path
{
    NSData * certificateData = [[NSData alloc] initWithData:[[NSFileManager defaultManager] contentsAtPath:path]];

    if (certificateData != nil && certificateData.bytes != 0) {

        CFDataRef cfDataPath = CFDataCreate(NULL, [certificateData bytes], [certificateData length]);
        SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, cfDataPath);

        if (certificateFromFile) {
            SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
            SecTrustRef trust;
            SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
            SecTrustResultType resultType;
            SecTrustEvaluate(trust, &resultType);
            SecKeyRef publicKeyObj = SecTrustCopyPublicKey(trust);

            return publicKeyObj;
        }
    }

    return nil;
}

cfDataPath中有數據，但是certificateFromFile始終為零...

有人知道哪里出問題了嗎？

Answer 1

蘋果文檔是指：

獲取用於公鑰密碼的SecKeyRef對象，從鑰匙串中提取密鑰如果您正在使用鑰匙串中的現有公鑰和私鑰，請閱讀證書，密鑰和信任服務編程指南，以學習如何為該密鑰檢索SecKeychainItemRef對象。 獲得SecKeychainItemRef后，可以將其轉換為SecKeyRef以便與此API一起使用。 導入現有的公用和專用密鑰導入和導出公用和專用密鑰對比生成新密鑰要復雜一些，這是因為常用的密鑰格式不同。 本示例說明如何以PEM（隱私增強郵件）格式導入和導出密鑰對。

了解更多信息： https : //developer.apple.com/library/mac/documentation/Security/Conceptual/SecTransformPG/SigningandVerifying/SigningandVerifying.html和https://developer.apple.com/library/mac/documentation/Security/Conceptual /CertKeyTrustProgGuide/01introduction/introduction.html#//apple_ref/doc/uid/TP40001358

試試這個：

  -(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
 {
SecTrustResultType trustResult;
SecTrustRef trust = challenge.protectionSpace.serverTrust;
OSStatus status = SecTrustEvaluate(trust, &trustResult);

//DLog(@"Failed: %@",error.localizedDescription);
//DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);

if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {

    SecKeyRef serverKey = SecTrustCopyPublicKey(trust);

    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);

    SecKeyRef localKey = NULL;
    SecTrustRef localTrust = NULL;
    SecCertificateRef certRefs[1] = {localCertificate};
    CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);

    if (status == errSecSuccess)
        localKey = SecTrustCopyPublicKey(localTrust);

    CFRelease(localTrust);
    CFRelease(policy);
    CFRelease(certArray);

     if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
        return YES;
    else
        return NO;
}

//DLog(@"Failed: %@",error.localizedDescription);

return NO;
  }

請遵循接受的答案以獲取更多詳細信息： 從SecKeyRef獲取Objective-C / C私鑰（模數）