Seckey from public key string from server in Swift

2020-06-18 08:25发布

问题:

I want to encrypt data using RSA , I tried to generate the key in my code and it's working , But what I actually need is to get the public key as a string from server and then use it as Seckey so I can use it to encrypt data using RSA, I tried this code:

//KeyString is the string of the key from server
let KeyData = (keyString as NSString).dataUsingEncoding(NSUTF8StringEncoding) as NSData!


    var cert : Unmanaged<SecCertificateRef>!;
    var  policy : Unmanaged<SecPolicy>!;
    cert = SecCertificateCreateWithData(kCFAllocatorDefault, KeyData);
    policy = SecPolicyCreateBasicX509();
    var status : OSStatus = noErr
    var trust: SecTrust?
    var certArray : [Unmanaged<SecCertificateRef>!] = [cert];
    var certArrayPointer = UnsafeMutablePointer<UnsafePointer<Void>>(certArray)
    status = SecTrustCreateWithCertificates(cert, policy, trust);
    let publicKey: SecKeyRef = SecTrustCopyPublicKey(trust!).takeUnretainedValue()

I couldn't run this code because SecTrustCreateWithCertificates Method is expecting certificate as anyObject! , I don't Know how to fix this,And if solving this will let me get the SecKey.

I got the code above from this answer in objective-c

So if any one can help me getting the right code to solve this , I will be very thankful :)

回答1:

For mac:

let pubKey = "-----BEGIN PUBLIC KEY-----MIICIjANBgAgK.......InbFk1FkucQqruMyUCAwEAAQ==-----END PUBLIC KEY-----"
let pubKeyData = pubKey.dataUsingEncoding(NSASCIIStringEncoding)
var error: Unmanaged<CFErrorRef>?
let secKey = SecKeyCreateFromData(NSDictionary(), pubKeyData!, &error)

Where pubKey is a string representation of your public key. If you don't know your public key, you can infer it from your private key with the following command:

openssl rsa -in server.key -pubout  > mykey.pub

Where server.key is the file containing -----BEGIN RSA PRIVATE KEY----- as the first line.

For iOS:

It's a bit more complicate. You need a der file. It's a binary representation of your certificate. If you need to convert an existing certificate, you can do so with the following command:

 openssl x509 -outform der -in file.crt|pem -out mycert.der

The .crt or .pem file contains -----BEGIN CERTIFICATE----- as the first line.

Put the der file in your bundle and do:

let certificateData = NSData(contentsOfURL:NSBundle.mainBundle().URLForResource("mycert", withExtension: "der")!)

let certificate = SecCertificateCreateWithData(nil, certificateData!)

var trust: SecTrustRef?

let policy = SecPolicyCreateBasicX509()
let status = SecTrustCreateWithCertificates(certificate!, policy, &trust)

if status == errSecSuccess {
    let key = SecTrustCopyPublicKey(trust!)!;
}

Yatta ! Key now contains a SecKey representation of your public key. Happy Pinning.



回答2:

Here's how I did this:

let cert = SecCertificateCreateWithData(kCFAllocatorDefault, certData)?.takeRetainedValue()

if cert != nil {
    var trust: Unmanaged<SecTrust>?

    let policy = SecPolicyCreateBasicX509().takeRetainedValue()
    let status = SecTrustCreateWithCertificates(cert, policy, &trust)

    if status == errSecSuccess {
        let trustRef = trust!.takeRetainedValue()
        let key = SecTrustCopyPublicKey(trustRef)!.takeRetainedValue();
    }
}

This works, but you need to make sure that what you pass to SecCertificateCreateWithData() is a DER-encoded certificate, and not just a DER-encoded key. You need a certificate signed by your server's private key to the get the associated public key.



回答3:

I Did this used Alamofire:

private static func publicKeyForCertificate(certificate: SecCertificate) -> SecKey? {
    var publicKey: SecKey?
    var trust: Unmanaged<SecTrust>?

    let policy = SecPolicyCreateBasicX509().takeRetainedValue()
    let status = SecTrustCreateWithCertificates(certificate, policy, &trust)

    if status == errSecSuccess {
        let trustRef = trust!.takeRetainedValue()
        publicKey = SecTrustCopyPublicKey(trustRef)!.takeRetainedValue()

    }
    return publicKey

}