问题
In order to send and receive encrypted messages from/to the iPhone I need to read a public key (server's public key) PEM file and create a SecKeyRef (later I could even store it on the keychain in order not to create it again).
This is my current workflow:
- On the server: Create a P12 file with the user's certificate and private key. Store the user's public key on the server's keychain.
- On the iPhone: Retrieve the P12 file from the server, use the password to open it and store the private key on the keychain.
- On the iPhone: Retrieve a PEM file with the server's public key from the server. Create a SecKeyRef and store it on the keychain
- On the iPhone: use both keys to send/receive encrypted messages to/from the server.
- Live happily ever after.
I'm having problems with 3, as I cannot create a SecKeyRef from the PEM file data. I cannot find any documentation on how to do it, Did anybody had the same problem? Any hints? As I cannot find any code examples or documentation on this it feels that I'm doing something wrong...
thanks!
回答1:
You should be able to interpret a DER encoded pem and get a cert using SecCertificateCreateWithData() from which you can then extract a key;
NSData *myCertData = ....;
SecCertificateRef cert = SecCertificateCreateWithData (kCFAllocatorDefault, myCertData);
CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &cert, 1, NULL);
SecTrustRef trust;
SecTrustCreateWithCertificates(certs, policy, &trust);
SecTrustResultType trustResult;
SecTrustEvaluate(trust, &trustResult);
SecKeyRef pub_key_leaf = SecTrustCopyPublicKey(trust);
来源:https://stackoverflow.com/questions/1595013/iphone-how-to-create-a-seckeyref-from-a-public-key-file-pem