在iphone上生成不可用的RSA密钥

时间:2013-10-28 17:08:05

标签: objective-c cryptography rsa

我正在尝试使用标准的objective-c函数生成RSA密钥对:SecKeyGeneratePair。

一切正常,我可以将此密钥导出到某个文件,但此密钥无法使用。当我导入到C#应用程序时,我收到“错误数据”错误。

如果我深入研究这个键(f.eg. using http://lapo.it/asn1js/),我可以看到素数“P”比使用不同工具生成的任何键都要大。这个数字有1025位,而不是超过1024 ......

生成密钥:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAw7plSEd4ZCK8O8n+z4wePDhR4VaKhl1ynOy4YJNTbpbBjSbV
sbr+wU8GqnkTj/NSjw0ypRWxognEZkt/SkLDrZ3dCgeLyuLntEMAZ2azWyrnsJWy
jBYhJ3nh3ZwW9K/0gQa5qOaWjstFuCLSHYiQktgFfjx4JpLCgpKkhEr8xBhnEJWn
kUwGbxRdWpeWcIiz7DFmqRKQ1cf+8WlkAuxVAcslhxDZaC/+OLCkrlFpMjRt2Dks
FYsaqBmKfeU8Oq00/m5ZBUwoKR9S1l/KTxtSQgvMAENs7XtwA9+LGZR6RXc1/7hk
GYL38ATmSA5YLXRTxg98n0prvgYj23nK5SYIyQIDAQABAoIBAFIRGpyG0xTxd4l+
NagicR8A4lwgZC7YidEAdIKR416wOXGMwfcml+DH2Nyrraci+A/hEcYkZXmyrLXT
nAiwG8n1MhQde+DS6SItIcM5TaTBRapF6jpQoRAjS7AW3Y01Jcjf4ALQxHoVAyOk
/gLCGxRnHU6D3kEWMhZ7lB2gL4Gscxe/G01piioPZfuzBGAUS+btsfGnPJdtNQJz
M9cX3FR00r4aBTYUndL90orQClkNrxqrGRCjZ3ThG+mAgUPx7X0FZvG6eUATIjFl
AhQfOSeLFRJXFj8VqffffbDDcW6yWP1png5r3ltfo4F/VZJ1pZIyruts5+RQq7YT
XTvyCs0CgYEBpZa8d0KChXv1fEaVjDA+db/s/5bDdb46bq5vTCNCNE772iN31dkI
/PGXisSgrTmyrwugZ1T5THPmMDDlBPu8JSACPlzgg31PWvQ4S429dsd/kbrxMq5u
rZQ2gRDjGVg32CJErV+UzHJ97g1HST4IkSTaIlqTHTLzfRTkairFbIcCgYB22fF0
+2PSPyK3ktRX5psgVyAgYt+1rc5+T/++2GQyRBEL4ZU86KeduBaZeUaOVGuSPu7C
doBYlYy3OWesp1/fzDXKfaCT/9TnRIgSY1XaJg6Qnma6HnGnTWjfjLiM3rdfImB/
2Bsyeak5+QjbqSf05sLFgZlcj+S2iCLjW2MELwKBgQC8YRJtp8ZypuUWVuPT9Gq0
asIXouJL5mhttHv+5XJbtT9MRbTyVTxy6fDxDNNPFA0HsoZGJe4Pf2pH9lEfXOzB
GgBmpVGc741Z8u6EtB0IyjPyhjnoj5Dc9vEz0rvnQ0gQx58waRkwEai7iitkStfB
I1plJ1u9HFs4dPFrjxkQWQKBgEHGkFj7n90F0ALkodwb5hJZ5Y/G6KQ1kqhZQeKv
A5TGEuEOcXeKEum4rdk2QxQWKIqBhcXdq15bNctZW8UzxF2pOMPeDvaZiYyMYvo6
O5NFqJ3k7Flo6+F5d+bwjFp6D+X4sotOYI7owf0xk/NthI2HAJgqB2QwxpU2doh5
VS1FAoGBAWw6lShxyuMwFIzD6EmOnX+HjYLlDTeVNy7pv/Vm7DtSIPsY2dg/iqU/
uCXsjQf5U1chYeE3hFUbPAGGbTxIL7/m6Y+ZjoKBywjSB9favG9BfQmjpRBBjmPO
cdPbTs9imzSaavoTPinJ/PeiqrfrW0tPKA049qP/X8xQrQe2erKp
-----END RSA PRIVATE KEY-----

还有其他方法可以生成此密钥吗?

------- EDIT --------------------

我生成了新密钥:

-----开始RSA私钥----- 

MIIEowIBAAKCAQEAvMkeQSIYKof9baN+ZMvtlhkcJdiQvyoVJwEST285/9h+CB4c
2/6gCp9/OvsWAADqLGA9R/XxUjezkC28efoLguiSmO8b+1BLB+05eE8V7dwJT2zG
lHrGzjcN+ZhqO3uHRhVcckUWXygb+YZl02mtSidXr9PmlI53pECJTgmM6wZOu1Df
CU1nCyLwN9zomkTAfkp7UX2pMJBARVod73FFILaRxJXNX6/61jMrVuTlGXLshDgr
BsfgHd9D4rnfMZtIn7DTUSit+Za0zmvJDKKtXSNYdGO82UnSUv+IlyzVcCNH+uPe
nSEPMqrHi83fi/aX/SwwdD+yA+jv4n2cfm75zwIDAQABAoIBAGO9mkdtPPlTidig
NYoJmAfiUlXIeokVMcG+ti7TpAABIG0ng7XTbDjQlcbSm4f6873oRtg7H3mBxlPZ
ZifHrMdIGxPD2LPJcyrH8cIXfo2B4EVfQfd2eoy+15pUJWQx2oFzjbktuSkjJsyJ
bkjpH037RT+3I66/KoTUN/bL4vDT9kejp4+11Cs5moP9Li/uXFsPJqfYTcQx19sc
w6+m9LU3WVW/7AJ3bPJvW/uwF/SE08YjPQ32vkDVwTsKCmrUaZrfUhCxlo0QCjC4
vVgVzVgs7fv1JVIgtDfp+1SuuEcHGx4j/tewoP3GX3LAA6lQYfz13LLkD0lO58Qg
MzCs95ECgYEBn5fAEfZ2YtKpOGNxyA5lIp/mG4Va2xEUY9xZ2d73g3gtN2pP8rNe
O5yjbO9eLKaJ17aU/HuwyCEkyIic7d6XfJmJEiiOXIXLSxXrh7C0d1VyWdoPfrxz
3Yk6fuBOIah2v/QalPXNPeMOE6AkzpnZmdNjmmmzdxAvAbRWdqU9uBkCgYB0SiNU
1ngVtpaN/jGp3XTtI4SARu9XhSeeeaG/s+tEKObvkUsc3UDyJRn2UjPsXnCBgLcg
yFMetCGv76UGKuJYdiUstjaOS8iym4xuklh5hKHUTE3y3fBmc4fH7e+1Jk7VGhjm
q/eQWUPtaVi16DpSE7FffmfeI4JSxMYKDL0eJwKBgQGcd2v1Z/tPUW0JvgjrWP4f
QzuKDOyDh4wJIGU8ywI0xU17NlRquILJ/0hjkZ6SCie8pEVx4QEvX1W2gX/exZDr
5SYZk47XXSLLPtIoNcSmu3NmofnG+xqzwMMBsXVaCmzxTkAjn2E4DuWlrMdbFW7W
MOsmEcpAXRuKQYWe85kx4QKBgASbOzMNG8ygYu5U91qnLw6FraX3KVvqJlucrc+O
LO+SPzOWKceG7B+rYI/lSbE/PG2kz5w40zIQKJVzhLHt2PFwHKDcxuR0FAsfJjzr
Bx4pJs/mBeBs8izcvrAouKoQTmcalYntnezV3F73IVBzVnwR06DYvPyLo4nryXx0
bLlZAoGBATNu+VCOU+y5tXNN8rwGBZO+fjAidgVXwo24DxFUdXIWZUT7DvXz+1HH
B900fBkQWXGPaDQhmqtz5eJUOlgUIlTqRo7tWivQcioq8xdvk3LA81GhGxeDpSAU
W59OGqm3ApaKnZla0B3nQ9AxdAzqf5x5SOhL9PqBbVuTRm49BIj8
-----END RSA PRIVATE KEY-----

这是iPhone导出的公钥:

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMkeQSIYKof9baN+ZMvt
lhkcJdiQvyoVJwEST285/9h+CB4c2/6gCp9/OvsWAADqLGA9R/XxUjezkC28efoL
guiSmO8b+1BLB+05eE8V7dwJT2zGlHrGzjcN+ZhqO3uHRhVcckUWXygb+YZl02mt
SidXr9PmlI53pECJTgmM6wZOu1DfCU1nCyLwN9zomkTAfkp7UX2pMJBARVod73FF
ILaRxJXNX6/61jMrVuTlGXLshDgrBsfgHd9D4rnfMZtIn7DTUSit+Za0zmvJDKKt
XSNYdGO82UnSUv+IlyzVcCNH+uPenSEPMqrHi83fi/aX/SwwdD+yA+jv4n2cfm75
zwIDAQAB
-----END RSA PUBLIC KEY-----

这里C#导出了publi密钥:

-----BEGIN RSA PUBLIC KEY-----
MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQC8yR5BIhgqh/1to35ky+2W
GRwl2JC/KhUnARJPbzn/2H4IHhzb/qAKn386+xYAAOosYD1H9fFSN7OQLbx5+guC
6JKY7xv7UEsH7Tl4TxXt3AlPbMaUesbONw35mGo7e4dGFVxyRRZfKBv5hmXTaa1K
J1ev0+aUjnekQIlOCYzrBk67UN8JTWcLIvA33OiaRMB+SntRfakwkEBFWh3vcUUg
tpHElc1fr/rWMytW5OUZcuyEOCsGx+Ad30Piud8xm0ifsNNRKK35lrTOa8kMoq1d
I1h0Y7zZSdJS/4iXLNVwI0f6496dIQ8yqseLzd+L9pf9LDB0P7ID6O/ifZx+bvnP
AgMBAAE=
-----END RSA PUBLIC KEY-----

要将密钥导入C#,请使用BouncyCastle库:

Org.BouncyCastle.OpenSsl.PemReader pemReader = new PemReader(File.OpenText("C:\\Users\\pawel_000\\Documents\\Tmp\\mBankFasada\\klucze4\\private2048.pem"));
        RsaPrivateCrtKeyParameters bckey = (RsaPrivateCrtKeyParameters)((AsymmetricCipherKeyPair)pemReader.ReadObject()).Private;
        RSAParameters key = DotNetUtilities.ToRSAParameters(bckey);

在iPhone中我签名以下字符串:607767767

并且符号结果是(在base64中,哈希:SHA512):

SQ3FqzCko8t3oL14czjjEkRgRVO4Z8F5135MFvJNKcN6w/JPYLxtWQicHQi5N
p72uNAh4Xy3g/EVukme1bZScE4prng0huZY/aWv2jUUhgRtNYrExlY6ScHkh+
asUgj8jThGB2CPQq1qSOroCcFeRAoGk7f4JPZnuZkvvgnTIPu72OrsuGhWH
AE5SFF+Z0MGbtdKM1mhK6PMeAEHBm2Iu0axN3G9IWoLF613dzHPPK6wrkkd8
8mGqrzlw/Pwo6d9IzSdHWnteGBUaOvx2EH5MQiMhJtiAnbhBtPLrmYn2bxP9
bsg3ymYW4gdmOtMgLRaheoaxBfgZ6Hrl5BAtwO7BA==

我可以为C#准备公钥(模数和指数都可以),但验证失败..

2 个答案:

答案 0 :(得分:0)

这是一个2048位密钥,包括CRT(中国剩余定理)参数。这些参数可用于加速签名生成和解密。该密钥的PKCS#1(+ PEM)编码似乎没有任何问题,但问题是接收应用程序是否真的期望该格式。

请注意,CRT参数大约是私钥大小的一半,并在私钥的末尾进行编码。

以下是给定私钥的openssl asn1parse输出,首先是版本整数(0),然后是模数,公共指数,私有指数,然后是CRT参数。

    0:d=0  hl=4 l=1187 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=4 l= 257 prim: INTEGER           :C3BA654847786422BC3BC9FECF8C1E3C3851E1568A865D729CECB86093536E96C18D26D5B1BAFEC14F06AA79138FF3528F0D32A515B1A209C4664B7F4A42C3AD9DDD0A078BCAE2E7B443006766B35B2AE7B095B28C16212779E1DD9C16F4AFF48106B9A8E6968ECB45B822D21D889092D8057E3C782692C28292A4844AFCC418671095A7914C066F145D5A97967088B3EC3166A91290D5C7FEF1696402EC5501CB258710D9682FFE38B0A4AE516932346DD8392C158B1AA8198A7DE53C3AAD34FE6E59054C28291F52D65FCA4F1B52420BCC00436CED7B7003DF8B19947A457735FFB8641982F7F004E6480E582D7453C60F7C9F4A6BBE0623DB79CAE52608C9
  268:d=1  hl=2 l=   3 prim: INTEGER           :010001
  273:d=1  hl=4 l= 256 prim: INTEGER           :52111A9C86D314F177897E35A822711F00E25C20642ED889D100748291E35EB039718CC1F72697E0C7D8DCABADA722F80FE111C6246579B2ACB5D39C08B01BC9F532141D7BE0D2E9222D21C3394DA4C145AA45EA3A50A110234BB016DD8D3525C8DFE002D0C47A150323A4FE02C21B14671D4E83DE411632167B941DA02F81AC7317BF1B4D698A2A0F65FBB30460144BE6EDB1F1A73C976D35027333D717DC5474D2BE1A0536149DD2FDD28AD00A590DAF1AAB1910A36774E11BE9808143F1ED7D0566F1BA79401322316502141F39278B151257163F15A9F7DF7DB0C3716EB258FD699E0E6BDE5B5FA3817F559275A59232AEEB6CE7E450ABB6135D3BF20ACD
  533:d=1  hl=3 l= 129 prim: INTEGER           :01A596BC774282857BF57C46958C303E75BFECFF96C375BE3A6EAE6F4C2342344EFBDA2377D5D908FCF1978AC4A0AD39B2AF0BA06754F94C73E63030E504FBBC2520023E5CE0837D4F5AF4384B8DBD76C77F91BAF132AE6EAD94368110E3195837D82244AD5F94CC727DEE0D47493E089124DA225A931D32F37D14E46A2AC56C87
  665:d=1  hl=3 l= 128 prim: INTEGER           :76D9F174FB63D23F22B792D457E69B2057202062DFB5ADCE7E4FFFBED8643244110BE1953CE8A79DB8169979468E546B923EEEC2768058958CB73967ACA75FDFCC35CA7DA093FFD4E74488126355DA260E909E66BA1E71A74D68DF8CB88CDEB75F22607FD81B3279A939F908DBA927F4E6C2C581995C8FE4B68822E35B63042F
  796:d=1  hl=3 l= 129 prim: INTEGER           :BC61126DA7C672A6E51656E3D3F46AB46AC217A2E24BE6686DB47BFEE5725BB53F4C45B4F2553C72E9F0F10CD34F140D07B2864625EE0F7F6A47F6511F5CECC11A0066A5519CEF8D59F2EE84B41D08CA33F28639E88F90DCF6F133D2BBE7434810C79F3069193011A8BB8A2B644AD7C1235A65275BBD1C5B3874F16B8F191059
  928:d=1  hl=3 l= 128 prim: INTEGER           :41C69058FB9FDD05D002E4A1DC1BE61259E58FC6E8A43592A85941E2AF0394C612E10E71778A12E9B8ADD936431416288A8185C5DDAB5E5B35CB595BC533C45DA938C3DE0EF699898C8C62FA3A3B9345A89DE4EC5968EBE17977E6F08C5A7A0FE5F8B28B4E608EE8C1FD3193F36D848D8700982A076430C69536768879552D45
 1059:d=1  hl=3 l= 129 prim: INTEGER           :016C3A952871CAE330148CC3E8498E9D7F878D82E50D3795372EE9BFF566EC3B5220FB18D9D83F8AA53FB825EC8D07F953572161E13784551B3C01866D3C482FBFE6E98F998E8281CB08D207D7DABC6F417D09A3A510418E63CE71D3DB4ECF629B349A6AFA133E29C9FCF7A2AAB7EB5B4B4F280D38F6A3FF5FCC50AD07B67AB2A9

请注意,ASN.1 DER编码中的值可能以00添加额外字节开头。这是因为ASN.1 INTEGER值是签名的。因此,如果模数不以00开头,则表示负整数。

答案 1 :(得分:0)

我无法解决问题,但其中一部分仅用于测试目的。导出在iphone上生成的私钥不应该是所需的应用程序功能:)

Despide这仍然不起作用,我现在能够使用iphone上生成的密钥对数据进行签名,并在c#中正确验证它

在使用SHA512哈希时,所有都是关于填充的,它应该是:

#define kTypeOfSigPadding   kSecPaddingPKCS1SHA512 
#define kDigestLength   CC_SHA512_DIGEST_LENGTH

... 

sanityCheck = SecKeyRawSign(privateKey,
                            kTypeOfSigPadding,
                            (const uint8_t *)[shaHash bytes],
                            kDigestLength,
                            (uint8_t *)signedHashBytes,
                            &signedHashBytesSize);

手动将公钥导入.NET,从ASN1读取模数和指数。

相关问题
最新问题