iOS - Creating SecKeyRef from exponent+modulus

2019-02-01 13:18发布

问题:

I would like to decrypt a RSA-encoded blob on iPhone, by having an exponent and modulus as private key. In Java (with javax.crypto), this could be easily achieved by code like this:

// 1) key
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(myModulus, myPublicExponent);
KeyFactory fact = KeyFactory.getInstance("RSA");
Key pubKey = fact.generatePublic(keySpec);

// 2) cypher
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, keySpec);

// 3) use cypher to decode my block to an output stream

But with the iPhone security API I can't create a SecKeyRef (key) other than by generating a pair or importing a certificate, which I don't have/want.

Is there a way to create a key manually having a modulus + exponent? If so, can you give me a clue on how?

Thanks in advance

回答1:

How are your exponent and modulus encoded? If they're in a PKCS#12 blob, you can use SecPKCS12Import() and SecIdentityCopyPrivateKey() to achieve what you want.

EDIT: Given that you have the raw keys, you might be interested in looking at the -[SecKeyWrapper addPeerPublicKey:keyBits:] example provided by Apple.



回答2:

I have a library that lets you create the binary data to import RSA keys in modulus and exponent now:

https://github.com/StCredZero/SCZ-BasicEncodingRules-iOS

SCZ-BasicEncodingRules-iOS

Implementation of Basic Encoding Rules to enable import of RSA keys to iOS KeyChain using exponent. Code targets iOS 5 with ARC.

Let's say you already have a modulus and exponent from an RSA public key as an NSData in variables named pubKeyModData and pubKeyExpData. Then the following code will create an NSData containing that RSA public key, which you can then insert into the iOS or OS X Keychain.

NSMutableArray *testArray = [[NSMutableArray alloc] init];
[testArray addObject:pubKeyModData];
[testArray addObject:pubKeyExpData];
NSData *testPubKey = [testArray berData];

This would allow you to store the key using the addPeerPublicKey:keyBits: method from SecKeyWrapper in the Apple CryptoExercise example. Or, from the perspective of the low-level API, you can use SecItemAdd().

NSString * peerName = @"Test Public Key";

NSData * peerTag = 
   [[NSData alloc] 
       initWithBytes:(const void *)[peerName UTF8String] 
       length:[peerName length]];

NSMutableDictionary * peerPublicKeyAttr = [[NSMutableDictionary alloc] init];

[peerPublicKeyAttr 
   setObject:(__bridge id)kSecClassKey 
   forKey:(__bridge id)kSecClass];
[peerPublicKeyAttr 
   setObject:(__bridge id)kSecAttrKeyTypeRSA 
   forKey:(__bridge id)kSecAttrKeyType];
[peerPublicKeyAttr 
   setObject:peerTag 
   forKey:(__bridge id)kSecAttrApplicationTag];
[peerPublicKeyAttr 
   setObject:testPubKey 
   forKey:(__bridge id)kSecValueData];
[peerPublicKeyAttr 
   setObject:[NSNumber numberWithBool:YES] 
   forKey:(__bridge id)kSecReturnPersistentRef];

sanityCheck = SecItemAdd((__bridge CFDictionaryRef) peerPublicKeyAttr, (CFTypeRef *)&persistPeer);