NSString to SecKeyRef

问题

I'm using this code: https://stackoverflow.com/a/19221754/849616, however not everything is clear for me.

I want to encrypt NSString *msg = "0000" using public key NSString *pubKey = "1111". Because of this, I'm updating constants:

static const UInt8 publicKeyIdentifier[] = 1111; 
// i want to encrypt only, so private key doesn't matter and I'm not posting it here

In function testAsymmetricEncryptionAndDecryption I've updated:

const char inputString[] = 0000

However the result is wrong. Is publicKeyIdentifier a right place to put my key string..? How should I do it if my approach is wrong..?

回答1:

Well the question is wrong. I shouldn't even try to convert it to NSString. You should put both keys to your project and use something like:

- (SecKeyRef)getPrivateKeyRef {
    NSString *resourcePath = [[NSBundle mainBundle] pathForResource:@"rsaPrivate" ofType:@"p12"];
    NSData *p12Data = [NSData dataWithContentsOfFile:resourcePath];

    NSMutableDictionary *options = [[NSMutableDictionary alloc] init];

    SecKeyRef privateKeyRef = NULL;

    //change to the actual password you used here
    [options setObject:@"!@#EWQ" forKey:(__bridge id)kSecImportExportPassphrase];
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import((__bridge CFDataRef)p12Data, (__bridge CFDictionaryRef)options, &items);

    if (securityError == noErr && CFArrayGetCount(items) > 0) {
        CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
        SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);

        securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);
        if (securityError != noErr) {
            privateKeyRef = NULL;
        }
    }

    CFRelease(items);
    return privateKeyRef;
}

- (SecKeyRef)getPublicKeyRef {
    NSString *resourcePath = [[NSBundle mainBundle] pathForResource:@"rsaCert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:resourcePath];
    SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
    SecKeyRef key = NULL;
    SecTrustRef trust = NULL;
    SecPolicyRef policy = NULL;

    if (cert != NULL) {
        policy = SecPolicyCreateBasicX509();
        if (policy) {
            if (SecTrustCreateWithCertificates((CFTypeRef)cert, policy, &trust) == noErr) {
                SecTrustResultType result;
                if (SecTrustEvaluate(trust, &result) == noErr) {
                    key = SecTrustCopyPublicKey(trust);
                }
            }
        }
    }
    if (policy) CFRelease(policy);
    if (trust) CFRelease(trust);
    if (cert) CFRelease(cert);
    return key;
}

I didn't write it all by my own (just modified), it's mostly copied but really I have no idea where from - some open source community. Still, many thanks to the person who wrote it.

来源：https://stackoverflow.com/questions/24612507/nsstring-to-seckeyref