我正在尝试使用CryptoExercise的SecKeyWrapper addPeerPublicKey:keyBits:方法将RSA公钥添加到我的iPhone的钥匙串中。
这种方法的逻辑是它首先尝试将密钥添加到密钥链中,如果它已经存在(sanityCheck==errSecDuplicateItem),它会尝试通过调用SecKeyItemCopyMatching()从密钥链中检索此密钥。
这正是我的情况:密钥已经存在于钥匙串中,因此呼叫SecKeyItemAdd() returns errSecDuplicateItem。
然后它尝试检索现有密钥但SecKeyItemCopyMatching() returns 0(表示没有错误),但第二个参数(peerKeyRef)仍然是零。
这怎么可能?这有什么问题?
以下是来自CryptoExercise示例的[SecKeyWrapper addPeerPublicKey:keyBits:]代码供参考:
- (SecKeyRef)addPeerPublicKey:(NSString *)peerName keyBits:(NSData *)publicKey {
OSStatus sanityCheck = noErr;
SecKeyRef peerKeyRef = NULL;
CFTypeRef persistPeer = NULL;
LOGGING_FACILITY( peerName != nil, @"Peer name parameter is nil." );
LOGGING_FACILITY( publicKey != nil, @"Public key parameter is nil." );
NSData *peerTag = [[NSData alloc] initWithBytes:(const void *) [peerName UTF8String] length:[peerName length]];
NSMutableDictionary *peerPublicKeyAttr = [[NSMutableDictionary alloc] init];
[peerPublicKeyAttr setObject:(__bridge id) kSecClassKey forKey:(__bridge id) kSecClass];
[peerPublicKeyAttr setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id) kSecAttrKeyType];
[peerPublicKeyAttr setObject:peerTag forKey:(__bridge id) kSecAttrApplicationTag];
[peerPublicKeyAttr setObject:publicKey forKey:(__bridge id) kSecValueData];
[peerPublicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id) kSecReturnPersistentRef];
sanityCheck = SecItemAdd((__bridge CFDictionaryRef) peerPublicKeyAttr, (CFTypeRef *) &persistPeer);
// The nice thing about persistent references is that you can write their value out to disk and
// then use them later. I don't do that here but it certainly can make sense for other situations
// where you don't want to have to keep building up dictionaries of attributes to get a reference.
//
// Also take a look at SecKeyWrapper's methods (CFTypeRef)getPersistentKeyRefWithKeyRef:(SecKeyRef)key
// & (SecKeyRef)getKeyRefWithPersistentKeyRef:(CFTypeRef)persistentRef.
LOGGING_FACILITY1( sanityCheck == noErr || sanityCheck == errSecDuplicateItem, @"Problem adding the peer public key to the keychain, OSStatus == %ld.", sanityCheck );
if (persistPeer) {
peerKeyRef = [self getKeyRefWithPersistentKeyRef:persistPeer];
} else {
[peerPublicKeyAttr removeObjectForKey:(__bridge id) kSecValueData];
[peerPublicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id) kSecReturnRef];
// Let's retry a different way.
sanityCheck = SecItemCopyMatching((__bridge CFDictionaryRef) peerPublicKeyAttr, (CFTypeRef *) &peerKeyRef);
}
LOGGING_FACILITY1( sanityCheck == noErr && peerKeyRef != NULL, @"Problem acquiring reference to the public key, OSStatus == %ld.", sanityCheck );
if (persistPeer) CFRelease(persistPeer);
return peerKeyRef;
}
答案 0 :(得分:4)
我遇到了同样的问题,我假设您尝试导入未从其他iOS设备导出的RSA密钥。
原因似乎是一种不兼容的密钥格式 - 详细地说,iOS期望不要设置一些ASN1标头。为什么函数返回OK对我来说只能解释一个bug ...
查看http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/处的代码这是正确的解决方案,对我有用 - 感谢Chris Luke