问题
I've generated an RSA symmetric key pair on a device using SecKeyGeneratePair() on a device. I have SecKeyRef struct pointers for each key. So, how do I save a SecKeyRef to disk? Or even transmit it (I also imagine there are issues with correct encoding too)? Apple's 'Certificate, Key, and Trust Services' Guide notes
You can send your public key to anyone, who can then use it to encrypt data.
I'd like to save the private key especially; so I can use it on deployed devices to decrypt data encrypted with the public key.
P.S. I don't mind if the resulting data for each key is DER-encoded ASN.1 or base-64; I just need to figure out how to pull the key out of a SecKeyRef. I'm also well-aware of the non-existence of OS X's SecKeychainItemExport().
回答1:
Ah, found the answer myself; you can get the bytes for a public key using SecItemCopyMatching().
- (NSData *)getPublicKeyBits {
OSStatus sanityCheck = noErr;
NSData * publicKeyBits = nil;
NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];
// Set the public key query dictionary.
[queryPublicKey setObject:(id)kSecClassKey forKey:(id)kSecClass];
[queryPublicKey setObject:publicTag forKey:(id)kSecAttrApplicationTag];
[queryPublicKey setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
[queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnData];
// Get the key bits.
sanityCheck = SecItemCopyMatching((CFDictionaryRef)queryPublicKey, (CFTypeRef *)&publicKeyBits);
if (sanityCheck != noErr)
{
publicKeyBits = nil;
}
[queryPublicKey release];
return publicKeyBits;
}
The above is from Apple's CryptoExercise. Not sure if it works for private keys though.
回答2:
You can use the latest crypto API of iOS, You can save the key as NSData and retrieve the key from NSData
SecKeyRef key = <# a key #>;
CFErrorRef error = NULL;
NSData* keyData = (NSData*)CFBridgingRelease( // ARC takes ownership
SecKeyCopyExternalRepresentation(key, &error)
);
if (!keyData) {
NSError *err = CFBridgingRelease(error); // ARC takes ownership
// Handle the error. . .
}
https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_as_data?language=objc
回答3:
See the Encrypting and Decrypting Data section of the Certificate, Key, and Trust Services Programming Guide, which has code samples to generate, save, and use public/private key pairs.
来源:https://stackoverflow.com/questions/5988735/saving-seckeyref-device-generated-public-private-key-pair-on-disk