Objective C: Exporting Private and Public Key from Keychain

2018-06-08 21:41:47

I am able to create a public-private keypair using SecKeyGeneratePair [Apple CryptoExercise]function.

Q1. The keys in the keychain appear as without displaying any name. How can we add a friendly name to the keys. 在这里输入图像描述

Q2. However how can i export public and private key that has been generated in the usable format:

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCWtYiGnhAv... 
-----END RSA PUBLIC KEY-----

and:

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

Note that they can be manually exported from the keychain but how can this be achieved using objective C Apis.

Any help would be appreciable.

There is a similar question here but without any answer: iPhone: How do you export a SecKeyRef or an NSData containing public key bits to the PEM format? There is no need of using OpenSSL just for this purpose.

Maybe you could refer to these documents from Apple:

Obtaining a SecKeyRef Object for Public Key Cryptography and Certificate, Key, and Trust Services Programmer's Guide

Obtaining a SecKeyRef Object for Public Key Cryptography

Extracting Keys from the Keychain If you are using existing public and private keys from your keychain, read Certificate, Key, and Trust Services Programming Guide to learn how to retrieve a SecKeychainItemRef object for that key.

Once you have obtained a SecKeychainItemRef, you can cast it to a SecKeyRef for use with this API.

Importing Existing Public and Private Keys Importing and exporting public and private key pairs is somewhat more complicated than generating new keys because of the number of different key formats in common use.

This example describes how to import and export a key pair in PEM (Privacy Enhanced Mail) format.

To export keys to a CFDataRef object

Create and populate the key usage array.

Create and populate the key attributes array.

Set the key usage and attributes fields in the parameters object.

Set the external format and flag values appropriately.

Export the key with API as follows.

OSStatus oserr = SecItemExport(publickey,
    externalFormat, // See SecExternalFormat for details
    flags, // See SecItemImportExportFlags for details
    &params,
    (CFDataRef *)&pkdata); if (oserr) {
    fprintf(stderr, "SecItemExport failed (oserr=%d)n", oserr);
    exit(-1); }

Q1. How can we add a friendly name to the keys?

Use kSecAttrLabel key to pass label in parameters dictionary of SecKeyGeneratePair() .

Q2. How to export keys to PEM format?

PEM format is the same data as the DER-encoded file but it is encoded in base64 with additional header and footer lines. Data in DER format can received using kSecFormatX509Cert parameter and kSecItemPemArmour flag when calling SecItemExport() .

CFTypeRef key = NULL; // your key
CFDataRef data;
SecItemExport(key, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
NSString* base64EncodedString = [(__bridge NSData*)data base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength];
NSString* pemString = [NSString stringWithFormat:@"-----BEGIN FOO BAR KEY-----n%@n-----END FOO BAR KEY-----", base64EncodedString];
NSData* pemData = [pemString dataUsingEncoding:NSUTF8StringEncoding];

链接地址: http://www.djcxy.com/p/26834.html

上一篇: PCRE：反向引用在lookbehinds中是不允许的？

下一篇: 目标C：从钥匙串中导出私钥和公钥