投稿
  1. 首页
  2. app

ios – 如何从文件中恢复RSA?

xxxx 2022-5-21 app 阅读 34

ios – 如何从文件中恢复RSA?,第1张

概述我想从文件恢复公钥.以下是适用的 Java代码: PublicKey readPubKeyFromFile(AssetFileDescriptor cle) throws IOException { // read RSA public key byte[] encodedKey = new byte[(int) cle.getDeclaredLength()]; cle 我想从文件中恢复公钥.以下是适用的 Java代码: 

PublicKey readPubKeyFromfile(AssetfileDescriptor cle) throws IOException {    // read RSA public key    byte[] encodedKey = new byte[(int) cle.getDeclaredLength()];    cle.createinputStream().read(encodedKey);    // create public key    X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encodedKey);    PublicKey pk = null;    try {        KeyFactory kf = KeyFactory.getInstance("RSA");        pk = kf.generatePublic(publicKeySpec);    } catch(Exception e) {        Logger.getInstance().logError("KeyUtils",e.toString());    }    return pk;}

这是iOS代码不起作用:

-(SecKeyRef)readPublicKeyFromfile:(Nsstring*)filename andExtension:(Nsstring*)extension {Nsstring*   filePath = [[NSBundle mainBundle] pathForResource:filename ofType:extension];NSData*     encodedKey = [NSData dataWithContentsOffile:filePath];CFDataRef myCertData = (CFDataRef)encodedKey;SecCertificateRef cert = SecCertificateCreateWithData (kcfAllocatorSystemDefault,myCertData);CFArrayRef certs = CFArrayCreate(kcfAllocatorDefault,(const voID **) &cert,1,NulL);SecPolicyRef policy = SecPolicyCreateBasicX509();SecTrustRef trust;Osstatus check =  SecTrustCreateWithCertificates(certs,policy,&trust);if (check != noErr){    NSLog(@"Problem extracting public key from file: %@",filename);    return nil;}SecTrustResultType trustResult;SecTrustEvaluate(trust,&trustResult);SecKeyRef pub_key_leaf = SecTrustcopyPublicKey(trust);return pub_key_leaf;}

知道我的iOS代码有什么问题吗?

解决方法@H_403_24@ 我已经测试了你的代码,它没有任何问题.问题似乎与您尝试获取公钥的证书格式有关.

函数SecCertificateCreateWithData()假定您提供的证书是DER格式.您找到的大多数证书都以base64编码,就像着名的.pem格式一样.我已经使用格式正确的DER证书(证书表单developer.apple.com使用openssl转换为DER)测试了您的代码,并正确提取了公钥.

要将.pem证书转换为DER,只需在终端中使用openssl:

openssl x509 -in developer.apple.com.pem  -outform der -out cert.der

之后,输出证书文件应该可以正常使用您的代码.

但是您可以在应用程序本身上转换证书,您只需要获取de x509 base64编码证书(假设您使用的是.pem编码证书)并将其转换为二进制.

有一个例子,你可以这样做:

此代码将假定证书按以下标准编码:

-----BEGIN CERTIFICATE-----< your base64 encoded certificate goes here >-----END CERTIFICATE-----

将此证书转换为二进制DER的代码是:

-(NSData *)getBinaryCertificateFromPemEncodedfile:(Nsstring *)filename andExtension:(Nsstring *)extension{    Nsstring* filePath = [[NSBundle mainBundle] pathForResource:filename ofType:extension];    Nsstring *pemCert = [Nsstring stringWithContentsOffile:filePath enCoding:NSUTF8StringEnCoding error:nil];    //The header and footer conforms to .pem specificatio    Nsstring *header = @"-----BEGIN CERTIFICATE-----";    Nsstring *footer = @"-----END CERTIFICATE-----";    Nsstring *base64Cert;    NSScanner *scanner = [NSScanner scannerWithString:pemCert];    //First we ignore the header part    [scanner scanString:header intoString:nil];    //Then we copy the base64 string excluding the footer    [scanner scanUpToString:footer intoString:&base64Cert];    //The reason I'm using NSDataBase64DeCodingIgnoreUnkNownCharacters is to exclude possible line breaks in the enCoding    NSData *binaryCertificate = [[NSData alloc] initWithBase64EncodedString:base64Cert options:NSDataBase64DeCodingIgnoreUnkNownCharacters];    return binaryCertificate;}

然后在功能完善的代码中进行一些小修改可以解决问题:

-(SecKeyRef)readPublicKeyFromCertificate:(NSData *)binaryCertificate {    NSData *encodedKey = binaryCertificate;    CFDataRef myCertData = (CFDataRef)CFBrIDgingRetain(encodedKey);    SecCertificateRef cert = SecCertificateCreateWithData(kcfAllocatorSystemDefault,myCertData);    SecPolicyRef policy = SecPolicyCreateBasicX509();    SecTrustRef trust;    //If you only have one certificate you don't need to put it insIDe an array    Osstatus check =  SecTrustCreateWithCertificates(cert,&trust);    if (check != noErr)    {        NSLog(@"Problem extracting public key from certificate");        return nil;    }    SecTrustResultType trustResult;    SecTrustEvaluate(trust,&trustResult);    SecKeyRef pub_key_leaf = SecTrustcopyPublicKey(trust);    return pub_key_leaf;}

然后就叫它:

NSData *data = [self getBinaryCertificateFromPemEncodedfile:@"developer" andExtension:@"pem"];SecKeyRef key = [self readPublicKeyFromCertificate:data];NSLog(@"%@",key);

如果您的证书“有效”,您应该看到:

2014-09-15 21:52:13.275 cert[15813:60b] <SecKeyRef algorithm ID: 1,key type: RSAPublicKey,version: 2,block size: 2048 bits,exponent: {hex: 10001,decimal: 65537},modulus: BE19E30F47F2D31F27D576CF007B3E615F986D14AFD0D52B825E01E90BA3E1CBB6F3A472E6AECDC28BC13D0B6E58FC497ACF61D80F274E4799602DA4F819E54ADDE2FBFA89FC4EB2172501DDED8DE0FBDDBC5550CC018C73E1FD8152C905DE850862B8D57596025DE1908D8337E95637AF0F52C4A11DA178FF737DCE09471BC0A49DAD7DB39F1BA1B693D3A12F9CA50EF388B50292C73076BF1EEE412A5CFA940E99D4CF07F17FAC87F0D0E2FC8FA3ACDDEEFCCE8AFEC407B94536FCB1E4ACF34773728D189F85EAE4347E0BF868D25C7CE89F8A29B4E6865C68F4F915DFA540549EE9333007145D367FE2852622AAD776F3E5D505A02E5155CC8646A01C1031,addr: 0x9a48200>

为了测试,我使用了developer.apple.com的证书,您可以检查日志中的公钥并进行比较.

总结

以上是内存溢出为你收集整理的ios – 如何从文件中恢复RSA?全部内容,希望文章能够帮你解决ios – 如何从文件中恢复RSA?所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。

欢迎分享,转载请注明来源:内存溢出

原文地址: http://outofmemory.cn/web/999366.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
xxxx xxxx 一级用户组
0 0
上一篇 2022-05-21
下一篇 2022-05-21

发表评论

登录后才能评论

评论列表(0条)

保存