我尝试从证书中提取公钥,以便使用 SHA256 验证我的签名,但每次我有 SecKeyRawVerify - OSError Unknown (-9809)
// data to signed
NSString* filePath = [[NSBundle mainBundle] pathForResource:@"data" ofType:@"der"];
NSData* willBeSigned = [NSData dataWithContentsOfFile:(filePath)];
// Signature
NSString* signaturePath = [[NSBundle mainBundle] pathForResource:@"signedData" ofType:@"der"];
NSData* signatureData = [NSData dataWithContentsOfFile:(signaturePath)];
// Certificate
NSString* certificatePath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"cer"];
NSData* certificateData = [NSData dataWithContentsOfFile:(certificatePath)];
SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (CFDataRef)certificateData); // load the certificate
SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
SecTrustResultType resultType;
OSStatus statusTrustEval = SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
size_t keysize = SecKeyGetBlockSize(publicKey);
NSData* keyData = [NSData dataWithBytes:publicKey length:keysize];
// NSData* keyData = [self getPublicKeyBitsFromKey:publicKey];
size_t signedHashBytesSize = SecKeyGetBlockSize(publicKey);
OSStatus verficationResult = SecKeyRawVerify (publicKey, kSecPaddingPKCS1SHA256, (const uint8_t *)[self sha256:willBeSigned], CC_SHA256_DIGEST_LENGTH,(uint8_t *)sigValue, &signedHashBytesSize);
if (verficationResult == errSecSuccess) NSLog(@"Verified");