1

我尝试从证书中提取公钥,以便使用 SHA256 验证我的签名,但每次我有 SecKeyRawVerify - OSError Unknown (-9809)

   // data to signed
    NSString* filePath = [[NSBundle mainBundle] pathForResource:@"data" ofType:@"der"];
    NSData* willBeSigned = [NSData dataWithContentsOfFile:(filePath)];
    // Signature
    NSString* signaturePath = [[NSBundle mainBundle] pathForResource:@"signedData" ofType:@"der"];
    NSData* signatureData = [NSData dataWithContentsOfFile:(signaturePath)];
    // Certificate
    NSString* certificatePath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"cer"];
    NSData* certificateData = [NSData dataWithContentsOfFile:(certificatePath)];
    SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (CFDataRef)certificateData); // load the certificate
    SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
    SecTrustResultType resultType;
    OSStatus statusTrustEval =  SecTrustEvaluate(trust, &resultType);
    SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
    size_t keysize = SecKeyGetBlockSize(publicKey);
    NSData* keyData = [NSData dataWithBytes:publicKey length:keysize];
   // NSData* keyData = [self getPublicKeyBitsFromKey:publicKey];

    size_t signedHashBytesSize  = SecKeyGetBlockSize(publicKey);


    OSStatus verficationResult  =   SecKeyRawVerify (publicKey, kSecPaddingPKCS1SHA256, (const uint8_t *)[self sha256:willBeSigned], CC_SHA256_DIGEST_LENGTH,(uint8_t *)sigValue, &signedHashBytesSize);

    if (verficationResult == errSecSuccess) NSLog(@"Verified");
4

0 回答 0