堆棧內存溢出
  簡體   English   中英

在 iOS/Swift 中創建並導出為 base64 的 RSA 公鑰在 Java 中無法識別

[英]RSA public key created in iOS/Swift and exported as base64 not recognized in Java

 原文  2018-12-23 18:50:04       java/ ios/ swift/ rsa/ public-key

問題描述

TL;DR:無法識別在 iOS 中生成並存儲在鑰匙串中、導出為 base64 並發送到 java 后端的 RSA 公鑰。

我正在 iOS 應用程序中實現聊天加密功能,我正在使用對稱 + 非對稱密鑰來處理它。

無需過多介紹,在后端,我使用用戶的公鑰來加密用於加密和解密消息的對稱密鑰。

我分別在 Swift 和 Java(后端)中創建了兩個框架來處理密鑰生成、加密、解密等。我也對它們進行了測試,所以我 100% 一切都按預期工作。

但是,后端似乎無法識別從 iOS 傳遞的公鑰格式。 雙方都使用 RSA,這是我在 Swift 中用來生成密鑰的代碼:

// private key parameters
static let privateKeyParams: [String : Any] = [
        kSecAttrIsPermanent as String: true,
        kSecAttrApplicationTag as String: "..." // I have a proper unique tag here
]

// public  key parameters
static let publicKeyParams: [String : Any] = [
        kSecAttrIsPermanent as String: true,
        kSecAttrApplicationTag as String: "..." // I have a proper unique tag here
]

// global parameters for our key generation
static let keyCreationParameters: [String : Any] = [
        kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
        kSecAttrKeySizeInBits as String: 2048,
        kSecPublicKeyAttrs as String: publicKeyParams,
        kSecPrivateKeyAttrs as String: privateKeyParams
]

...

var publicKey, privateKey: SecKey?
let status = SecKeyGeneratePair(Constants.keyCreationParameters as CFDictionary, &publicKey, &privateKey)

我使用鏡面反射代碼從鑰匙串中讀取鑰匙。

這是我用來將公鑰導出為 base64 字符串的一段代碼:

extension SecKey {
  func asBase64() throws -> String {
    var dataPtr: CFTypeRef?
    let query: [String:Any] = [
      kSecClass as String: kSecClassKey,
      kSecAttrApplicationTag as String: "...", // Same unique tag here
      kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
      kSecReturnData as String: kCFBooleanTrue
    ]
    let result = SecItemCopyMatching(query as CFDictionary, &dataPtr)

    switch (result, dataPtr) {
    case (errSecSuccess, .some(let data)):
      // convert to Base64 string
      let base64PublicKey = data.base64EncodedString(options: [])
      return base64PublicKey
    default:
      throw CryptoError.keyConversionError
    }
  }
}

在后端級別,我使用此 Java 代碼將 base64 字符串轉換為公鑰:

public PublicKey publicKeyFrom(String data) throws NoSuchAlgorithmException, InvalidKeySpecException {
    byte[] publicBytes = Base64.decodeBase64(data);
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    return keyFactory.generatePublic(keySpec);
}

但這在最后一行失敗了,除了這個例外:

java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: algid parse error, not a sequence

在進行一些手動調試時,我注意到公鑰的格式不同——當我在 iOS 中生成一個密鑰然后導出為 base 64 時,它看起來像這樣:

MIIBCgKCAQEA4M/bRDdH0f6qFIXxOg13RHka+g4Yv8u9PpPp1IR6pSwrM1aq8B6cyKRwnLe/MOkvODvDfJzvGXGQ01zSTxYWAW1B4uc/NCEemCmZqMosSB/VUJdNxxWtt2hJxpz06hAawqV+6HmweAB2dUn9tDEsQLsNHdwYouOKpyRZGimcF9qRFn1RjR0Q54sUh1tQAj/EwmgY2S2bI5TqtZnZw7X7Waji7wWi6Gz88IkuzLAzB9VBNDeV1cfJFiWsZ/MIixSvhpW3dMNCrJShvBouIG8nS+vykBlbFVRGy3gJr8+OcmIq5vuHVhqrWwHNOs+WR87K/qTFO/CB7MiyiIV1b1x5DQIDAQAB

總共 360 個字符,而在 Java 中做同樣的事情(仍然使用 RSA)就像:

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAAnWO4BXUGP0qM3Op36YXkWNxb4I2pPZuZ7jJtfUO7v+IO1mq43WzNaxLqqLPkTnMrv2ACRDK55vin+leQlL1z0LzVxjtZ9F6pajQo1r7PqBlL5N8bzBFKpagEf0QfyHPw0/0kG9DMnvQ+Im881QyN2zdl33wp5Fi+jRT7cunFQIDAQAB

長度為 216 個字符。

我無法弄清楚出了什么問題 - 顯然,如果 iOS 以不同的密鑰處理密鑰,並且需要特殊處理才能與其他人交談,我不會感到驚訝。

任何的想法?

2 個解決方案

解決方案1
 7  2019-06-03 08:37:44

在將 iOS 應用程序連接到 Java 后端時,我們遇到了完全相同的問題。 pedrofb提到的CryptoExportImportManager也幫助了我們,這太棒了。 但是, CryptoExportImportManager類中的代碼有點復雜,可能難以維護。 這是因為在向 DER 編碼添加新組件時使用了自上而下的方法。 因此,必須提前計算長度字段包含的數字(即在定義長度適用的內容之前)。 因此,我創建了一個新類,我們現在使用它來轉換 RSA 公鑰的 DER 編碼:

class RSAKeyEncoding: NSObject {

  // ASN.1 identifiers
  private let bitStringIdentifier: UInt8 = 0x03
  private let sequenceIdentifier: UInt8 = 0x30

  // ASN.1 AlgorithmIdentfier for RSA encryption: OID 1 2 840 113549 1 1 1 and NULL
  private let algorithmIdentifierForRSAEncryption: [UInt8] = [0x30, 0x0d, 0x06,
    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00]

  /// Converts the DER encoding of an RSA public key that is either fetched from the
  /// keychain (e.g. by using `SecItemCopyMatching(_:_:)`) or retrieved in another way
  /// (e.g. by using `SecKeyCopyExternalRepresentation(_:_:)`), to a format typically
  /// used by tools and programming languages outside the Apple ecosystem (such as
  /// OpenSSL, Java, PHP and Perl). The DER encoding of an RSA public key created by
  /// iOS is represented with the ASN.1 RSAPublicKey type as defined by PKCS #1.
  /// However, many systems outside the Apple ecosystem expect the DER encoding of a
  /// key to be represented with the ASN.1 SubjectPublicKeyInfo type as defined by
  /// X.509. The two types are related in a way that if the SubjectPublicKeyInfo’s
  /// algorithm field contains the rsaEncryption object identifier as defined by
  /// PKCS #1, the subjectPublicKey field shall contain the DER encoding of an
  /// RSAPublicKey type.
  ///
  /// - Parameter rsaPublicKeyData: A data object containing the DER encoding of an
  ///     RSA public key, which is represented with the ASN.1 RSAPublicKey type.
  /// - Returns: A data object containing the DER encoding of an RSA public key, which
  ///     is represented with the ASN.1 SubjectPublicKeyInfo type.
  func convertToX509EncodedKey(_ rsaPublicKeyData: Data) -> Data {
    var derEncodedKeyBytes = [UInt8](rsaPublicKeyData)

    // Insert ASN.1 BIT STRING bytes at the beginning of the array
    derEncodedKeyBytes.insert(0x00, at: 0)
    derEncodedKeyBytes.insert(contentsOf: lengthField(of: derEncodedKeyBytes), at: 0)
    derEncodedKeyBytes.insert(bitStringIdentifier, at: 0)

    // Insert ASN.1 AlgorithmIdentifier bytes at the beginning of the array
    derEncodedKeyBytes.insert(contentsOf: algorithmIdentifierForRSAEncryption, at: 0)

    // Insert ASN.1 SEQUENCE bytes at the beginning of the array
    derEncodedKeyBytes.insert(contentsOf: lengthField(of: derEncodedKeyBytes), at: 0)
    derEncodedKeyBytes.insert(sequenceIdentifier, at: 0)

    return Data(derEncodedKeyBytes)
  }

  private func lengthField(of valueField: [UInt8]) -> [UInt8] {
    var length = valueField.count

    if length < 128 {
      return [ UInt8(length) ]
    }

    // Number of bytes needed to encode the length
    let lengthBytesCount = Int((log2(Double(length)) / 8) + 1)

    // First byte encodes the number of remaining bytes in this field
    let firstLengthFieldByte = UInt8(128 + lengthBytesCount)

    var lengthField: [UInt8] = []
    for _ in 0..<lengthBytesCount {
      // Take the last 8 bits of length
      let lengthByte = UInt8(length & 0xff)
      // Insert them at the beginning of the array
      lengthField.insert(lengthByte, at: 0)
      // Delete the last 8 bits of length
      length = length >> 8
    }

    // Insert firstLengthFieldByte at the beginning of the array
    lengthField.insert(firstLengthFieldByte, at: 0)

    return lengthField
  }
}

用法

您可以在函數asBase64()中使用此類,如下所示:

extension SecKey {
  func asBase64() throws -> String {
    var dataPtr: CFTypeRef?
    let query: [String:Any] = [
      kSecClass as String: kSecClassKey,
      kSecAttrApplicationTag as String: "...", // Same unique tag here
      kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
      kSecReturnData as String: kCFBooleanTrue
    ]
    let result = SecItemCopyMatching(query as CFDictionary, &dataPtr)

    switch (result, dataPtr) {
    case (errSecSuccess, .some(let data)):

      // convert to X509 encoded key
      let convertedData = RSAKeyEncoding().convertToX509EncodedKey(data)

      // convert to Base64 string
      let base64PublicKey = convertedData.base64EncodedString(options: [])
      return base64PublicKey
    default:
      throw CryptoError.keyConversionError
    }
  }
}

更新 - 其他問題

使用上面的類一段時間后,我們偶然發現了另一個問題。 有時,從鑰匙串中獲取的公鑰似乎無效,因為由於某種原因,它的大小增加了。 此行為與問題中描述的發現相匹配(盡管在我們的例子中,Base64 編碼密鑰的大小已增長到 392 個字符而不是 360 個字符)。 不幸的是,我們沒有找到這種奇怪行為的確切原因,但我們找到了兩種解決方案。 第一個解決方案是在定義查詢時指定kSecAttrKeySizeInBitskSecAttrEffectiveKeySize ,如以下代碼片段所示:

let keySize = ... // Key size specified when storing the key, for example: 2048

let query: [String: Any] = [
    kSecAttrKeySizeInBits as String: keySize,
    kSecAttrEffectiveKeySize as String: keySize,
    ... // More attributes
]

var dataPtr: CFTypeRef?

let result = SecItemCopyMatching(query as CFDictionary, &dataPtr)

第二種解決方案是在添加具有相同標簽的新密鑰之前始終從鑰匙串(如果有的話)中刪除舊密鑰。

更新 - 替代解決方案

我在 GitHub 上發布了這個項目,可以作為上述課程的替代品。

參考

ASN.1、BER 和 DER 子集的外行指南

RFC 5280 (X.509 v3)

RFC 8017 (PKCS #1 v2.2)

在創建lengthField(...)函數時,我在這里找到的一些代碼啟發了我。

解決方案2
 5  2018-12-23 19:26:30

Java 需要一個以 DER 格式編碼的公鑰。 不幸的是 iOS 不支持這種標准格式,需要額外的轉換(我不知道這是否會在最新版本的 swift 中得到改進)

在這里查看我的答案您可以使用CryptoExportImportManager轉換密鑰

func exportPublicKeyToDER(keyId:String) -> NSData?{

    let publicKey = loadKeyStringFromKeyChainAsNSData(PUBLIC_KEY + keyId)
    let keyType = kSecAttrKeyTypeRSA
    let keySize = 2048
    let exportImportManager = CryptoExportImportManager()
    if let exportableDERKey = exportImportManager.exportPublicKeyToDER(publicKey, keyType: keyType as String, keySize: keySize) {
        return exportableDERKey
    } else {
        return nil
    }
}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 檢查 base64 文本是否是有效的 RSA 公鑰 (4096) RSA使用Android中的base64編碼公鑰進行加密 在Node.js中使用base64 rsa公鑰加密 使用RSA從C#到Java的Base64編碼的字符串到公鑰 在C#中編碼base64公鑰並在Java中解碼base64 如何在Java中使用RSA密鑰對通用文本進行簽名並使用Base64進行編碼? 使用 RSA 私鑰解密 Base64 字符串 如何在Java中使用sha1-rsa base64簽名xml Java,從證書導出公鑰(X.509、Base64 .cer) 從Base64編碼的字符串中檢索ECC公鑰
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM