Geek asks and answers

IOS: verification of the file with the certificate and signature - the public key is incorrect, verification is completed

I have three things: a file, a signature file, and an x509.cer certificate file. The file must be verified using the public key in the certificate and the signature file. I want to do this with Security.h / CommonCrypto.

What I have tried so far:

// load all the files
NSData* fileData = [NSData dataWithContentsOfFile:(...)];
NSData* signatureData = [NSData dataWithContentsOfFile:(...)];
NSData* certificateData = [NSData dataWithContentsOfFile:(...)];  

SecCertificateRef certificate = SecCertificateCreateWithData(NULL, CFBridgingRetain(certificateData)); // load the certificate

The certificate loads just fine. His name can be verified using

CFStringRef certificateDescription = SecCertificateCopySubjectSummary(certificate);

which is working. Since there seems to be no method in iOS for directly copying the public key, I first create trust.

SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates( certificate, secPolicy, &trust);
SecTrustResultType resultType;
OSStatus statusTrustEval =  SecTrustEvaluate(trust, &resultType);

All this works fine with the errSecSuccess result.

Now I am trying to get the public key.

SecKeyRef publicKey;
publicKey = SecTrustCopyPublicKey(trust);
size_t keysize = SecKeyGetBlockSize(publicKey);

But the contents of publicKey

NSData* keyData = [NSData dataWithBytes:publicKey length:keysize];

- This is not the same as the public key that opens when you open the .cer file. So this is the number one problem.

, , . .

OSStatus verficationResult = SecKeyRawVerify(publicKey,  kSecPaddingPKCS1, [fileData bytes], [fileData length], [signatureData bytes], [signatureData length]);

OSStatus -9809 ( ). , -25293 errSecAuthFailed.

- ?

+4
2

Apple Dev Forums.

. . () , .

NSData* fileData = [NSData dataWithContentsOfFile:(...)];
NSData* signatureData = [NSData dataWithContentsOfFile:(...)];
NSData* certificateData = [NSData dataWithContentsOfFile:(...)];  

SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); // load the certificate

SecPolicyRef secPolicy = SecPolicyCreateBasicX509();

SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
SecTrustResultType resultType;
OSStatus statusTrustEval =  SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);

uint8_t sha1HashDigest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1([fileData bytes], [fileData length], sha1HashDigest);

OSStatus verficationResult = SecKeyRawVerify(publicKey,  kSecPaddingPKCS1SHA1, sha1HashDigest, CC_SHA1_DIGEST_LENGTH, [signatureData bytes], [signatureData length]);
CFRelease(publicKey);
CFRelease(trust);
CFRelease(secPolicy);
CFRelease(certificateFromFile);
if (verficationResult == errSecSuccess) NSLog(@"Verified");
+8

, :

SecKeyRef publicKey;
publicKey = SecTrustCopyPublicKey(trust);
size_t keysize = SecKeyGetBlockSize(publicKey);
But the content of publicKey

NSData* keyData = [NSData dataWithBytes:publicKey length:keysize];

. "X" SecKeyRef ( "X" - ). .

, , SecKeyRef NSData. SecKeyRef (SecItemAdd), (SecItemCopyMatching kSecReturnData). , NSData.

( , Apple Security.framework ....)

+1

More articles:


All Articles