0

我正在从 openSSL 创建 CSR,但由于 OpenSSL 没有将密钥存储在安全飞地中,因此我选择目标 C 在安全飞地中创建密钥对(私钥和公钥)并发送到 OpenSSL 以获得 X509 证书。我在 NSData 中成功获得了 public key ,然后转换const unsigned char * bitsOfKeyDataPublicKey = (unsigned char *) [publicKey bytes];然后创建 public key EC_KEY*_ec_keyPublic = d2i_EC_PUBKEY(NULL,&bitsOfKeyDataPublicKey, publicKeyLegnth);。但是对于我们SecKeyRef从目标 c 获得的私钥,因此对于创建EC_Key我们如何转换私钥或者这是转换或使用私钥的任何方式?寻找回应。谢谢

4

1 回答 1

1

您可以将私钥从更改SecKeyRefNSData

例子:

- (NSData *)getPrivateKeyBits {
    OSStatus sanityCheck = noErr;
    NSData * privateKeyBits = nil;

    NSMutableDictionary * queryPrivateKey = [[NSMutableDictionary alloc] init];

    // Set the public key query dictionary.

    [queryPrivateKey setObject:(id)kSecClassKey forKey:(id)kSecClass];
    [queryPrivateKey setObject:_privateTag forKey:(id)kSecAttrApplicationTag];
    [queryPrivateKey setObject:(id)kSecAttrKeyTypeEC forKey:(id)kSecAttrKeyType];
    [queryPrivateKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnData];

    // Get the key bits.
    sanityCheck = SecItemCopyMatching((__bridge CFDictionaryRef)queryPrivateKey, (void *)&privateKeyBits);

    if (sanityCheck != noErr) {
        privateKeyBits = nil;
    }
    else if (sanityCheck == errSecItemNotFound) {
        privateKeyBits = nil;
    }

    return privateKeyBits;
}

不要忘记使用_privateTag用于生成私钥

现在您可以使用:

const unsigned char *bitsOfKeyDataPrivateKey = (unsigned char *) [[self getPrivateKeyBits] bytes];
EC_KEY *_ec_keyPrivate = d2i_EC_PUBKEY(NULL,&bitsOfKeyDataPrivateKey, privateKeyLegnth);
于 2017-01-20T15:00:21.010 回答