无法使SecKeySign()的基本版本工作(即将工作的OSX SecSignTransformCreate()/ SecTransformSetAttribute()/ SecTransformExecute()移植到iOS):
代码几乎与http://developer.apple.com/library/ios/#samplecode/CryptoExercise/Listings/Classes_SecKeyWrapper_m.html相同 - 尽管进一步简化了。
首先 - 设置 - 按照上面的链接。没有变化。
const char someData[] = "No one loves pain itself, but those who seek...";
NSData * blob = [NSData dataWithBytes:someData length:sizeof(someData)];
assert(blob);
SecKeyRef publicKeyRef, privateKeyRef;
int keySize = 2048;
OSStatus sanityCheck = noErr;
NSMutableDictionary * privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * keyPairAttr = [[NSMutableDictionary alloc] init];
// attribute dictionaries for 2048 bit RSA key pair.
//
[keyPairAttr setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[keyPairAttr setObject:[NSNumber numberWithUnsignedInteger:keySize] forKey:(__bridge id)kSecAttrKeySizeInBits];
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
[keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];
实际工作从生成密钥对开始:
sanityCheck = SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttr, &publicKeyRef, &privateKeyRef);
assert(sanityCheck == noErr);
NSLog(@"Pub/Priv: %@/%@", publicKeyRef, privateKeyRef);
在我能看到的范围内,它的作用非常出色。
麻烦在于用它们签字;或者更确切地说是签署:
// Zero-ed Buffer for the signature.
//
size_t signatureBytesSize = SecKeyGetBlockSize(privateKeyRef);
assert(signatureBytesSize == keySize / 8);
uint8_t * signatureBytes = malloc( signatureBytesSize * sizeof(uint8_t) );
memset((void *)signatureBytes, 0x0, signatureBytesSize);
// Sign the binary blob; with type 1 padding.
//
sanityCheck = SecKeyRawSign(privateKeyRef,
kSecPaddingPKCS1,
(const uint8_t *)[blob bytes], [blob length],
(uint8_t *)signatureBytes, &signatureBytesSize
);
assert(sanityCheck == noErr);
总是返回-50 / errSecParam(传递给函数的一个或多个参数无效。)。
有什么建议吗?这是在一个真正的iPhone?
谢谢,
DW传递。
答案 0 :(得分:0)
只要我可以解决 - SecKeyRawSign()唯一可接受的输入是SHA_DIGEST_LEN的数据块。其他任何事情都被拒绝了。
SHA1哈希值由此函数计算 - 因此只需要传递所需的空间。
我还没有找到指定SHA2或其他哈希的方法。
了Dw
答案 1 :(得分:0)
我的Xcode iOS单元测试项目失败,所有与Keychain相关的API都返回-50。我通过创建一个新的目标“单页”应用程序并将其设置为单元测试的主机来修复它。 How to take iOS Framework testing target and run it in a dummy app?