Geek asks and answers

Verifying a public key digital signature in iOS

How to verify a public key digital signature in iOS without using any third-party code (for example) to open SSL?

I need to verify the digital signature in an iOS public key application. Can anyone help me achieve this without using third-party software.

I am trying to make the code below, but the problem is that I do not have a certificate in my application, so I can not create SecTrustRef.

CODE:

    NSString *certPath              = [[NSBundle mainBundle] pathForResource:@"yyy" 
                                                             ofType:@"xxx"];
    SecCertificateRef myCertificate = nil;
    NSData *certificateData         = [[NSData alloc] initWithContentsOfFile :certPath];
    myCertificate                   = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridge CFDataRef)certificateData);

    SecPolicyRef myPolicy           = SecPolicyCreateBasicX509();
    SecTrustRef trustRef;
    SecTrustCreateWithCertificates(myCertificate, myPolicy, &trustRef);
    SecKeyRef keyRef      = SecTrustCopyPublicKey (trustRef);


    BOOL status = SecKeyRawVerify (keyRef,
                              kSecPaddingPKCS1SHA1,
                              (const uint8_t *)[data bytes],
                              (size_t)[data length],
                              (const uint8_t *)[signature bytes],
                              (size_t)[signature length]
                              );

I have the following:

  • Public Key (NSString *)
  • Signature (NSString *)
  • Data (NSString *)

Please help me that everything I have in the SDK for iOS, if I do not want to use ant third-party open source.

+5
source share
4

X509, iOS, openSSL:

openssl req -x509 -out public_key.pem -outform pem -new -newkey rsa:2048 -keyout private_key.pem

PEM base64, -outform DER, . PEM, const NSString NSData :

- (id) initWithBase64EncodedString:(NSString *) string {
    NSMutableData *mutableData = nil;

    if( string ) {
        unsigned long ixtext = 0;
        unsigned long lentext = 0;
        unsigned char ch = 0;
        unsigned char inbuf[4], outbuf[3]; // buffer sizes fixed by AOL LLC
        short i = 0, ixinbuf = 0;
        BOOL flignore = NO;
        BOOL flendtext = NO;
        NSData *base64Data = nil;
        const unsigned char *base64Bytes = nil;

        // Convert the string to ASCII data.
        base64Data = [string dataUsingEncoding:NSASCIIStringEncoding];
        base64Bytes = [base64Data bytes];
        mutableData = [NSMutableData dataWithCapacity:[base64Data length]];
        lentext = [base64Data length];

        while( YES ) {
            if( ixtext >= lentext ) break;
            ch = base64Bytes[ixtext++];
            flignore = NO;

            if( ( ch >= 'A' ) && ( ch <= 'Z' ) ) ch = ch - 'A';
            else if( ( ch >= 'a' ) && ( ch <= 'z' ) ) ch = ch - 'a' + 26;
            else if( ( ch >= '0' ) && ( ch <= '9' ) ) ch = ch - '0' + 52;
            else if( ch == '+' ) ch = 62;
            else if( ch == '=' ) flendtext = YES;
            else if( ch == '/' ) ch = 63;
            else flignore = YES;

            if( ! flignore ) {
                short ctcharsinbuf = 3;
                BOOL flbreak = NO;

                if( flendtext ) {
                    if( ! ixinbuf ) break;
                    if( ( ixinbuf == 1 ) || ( ixinbuf == 2 ) ) ctcharsinbuf = 1;
                    else ctcharsinbuf = 2;
                    ixinbuf = 3;
                    flbreak = YES;
                }

                inbuf [ixinbuf++] = ch;

                if( ixinbuf == 4 ) {
                    ixinbuf = 0;
                    outbuf [0] = ( inbuf[0] << 2 ) | ( ( inbuf[1] & 0x30) >> 4 );
                    outbuf [1] = ( ( inbuf[1] & 0x0F ) << 4 ) | ( ( inbuf[2] & 0x3C ) >> 2 );
                    outbuf [2] = ( ( inbuf[2] & 0x03 ) << 6 ) | ( inbuf[3] & 0x3F );

                    for( i = 0; i < ctcharsinbuf; i++ )
                        [mutableData appendBytes:&outbuf[i] length:1];
                }

                if( flbreak )  break;
            }
        }
    }

    self = [self initWithData:mutableData];
    return self;
}

, certificateData , X509, openSSL

$ openssl rsa -in id_rsa -out pub.der -outform DER -pubout

+1

PKCS12, SecPKCS12Import .

0

You need to pass the digest (hash) of your data to the validation function. See iOS: verification of the file with the certificate and signature - the public key is invalid, verification is completed

0
source 
@interface HDSecurityPolicy :AFSecurityPolicy
@end

@implementation HDSecurityPolicy
///pem formate(base64) ->  NSData
- (void)setPinnedCertificates:(NSSet *)pinnedCertificates {
    [super setPinnedCertificates:pinnedCertificates];
    if (self.pinnedCertificates) {
        NSMutableSet *mutablePinnedPublicKeys = [NSMutableSet setWithCapacity:[self.pinnedCertificates count]];
        for (NSData *pubCertificate in self.pinnedCertificates) {
            id publicKey = [HDSecurityPolicy publicSecKeyFromKeyBits:pubCertificate];
            if (!publicKey) {
                continue;
            }
            [mutablePinnedPublicKeys addObject:publicKey];
        }
        [self setValue:mutablePinnedPublicKeys forKey:@"pinnedPublicKeys"];
    }
}

// 从公钥证书文件中获取到公钥的SecKeyRef指针
+ (id)publicSecKeyFromKeyBits:(NSData *)givenData {
    NSMutableDictionary *options = [NSMutableDictionary dictionary];
    options[(__bridge id)kSecAttrKeyType] = (__bridge id) kSecAttrKeyTypeRSA;
    options[(__bridge id)kSecAttrKeyClass] = (__bridge id) kSecAttrKeyClassPublic;

    NSError *error = nil;
    CFErrorRef ee = (__bridge CFErrorRef)error;
    ////'SecKeyCreateWithData' is only available on iOS 10.0 or newer
    id ret = (__bridge_transfer id)SecKeyCreateWithData((__bridge CFDataRef)givenData, (__bridge CFDictionaryRef)options, &ee);
    if (error) {
        return nil;
    }
    return ret;
}
@end
0
source

More articles:


All Articles