Geek asks and answers

SecKeyRawSign gives error -50 (errSecParam) - even for trivial apple example

You are having trouble getting a very basic version of SecKeySign () to work (Ie porting a working OSX SecSignTransformCreate () / SecTransformSetAttribute () / SecTransformExecute () on iOS):

The code pretty much matches http://developer.apple.com/library/ios/#samplecode/CryptoExercise/Listings/Classes_SecKeyWrapper_m.html - albeit even more simplified.

First up - setting things up - from the link above. Without changes.

const char someData[] = "No one loves pain itself, but those who seek...";

NSData * blob = [NSData dataWithBytes:someData length:sizeof(someData)];
assert(blob);

SecKeyRef publicKeyRef, privateKeyRef;
int keySize = 2048;

OSStatus sanityCheck = noErr;
NSMutableDictionary * privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * keyPairAttr = [[NSMutableDictionary alloc] init];

// attribute dictionaries for 2048 bit RSA key pair.
//
[keyPairAttr setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[keyPairAttr setObject:[NSNumber numberWithUnsignedInteger:keySize] forKey:(__bridge id)kSecAttrKeySizeInBits];
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
[keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];

And the actual work begins with creating a key pair:

sanityCheck = SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttr, &publicKeyRef, &privateKeyRef);
assert(sanityCheck == noErr);

NSLog(@"Pub/Priv: %@/%@", publicKeyRef, privateKeyRef);

which works great as far as i can see.

The problem is using them for signature; or rather, signing:

// Zero-ed Buffer for the signature.
//
size_t signatureBytesSize = SecKeyGetBlockSize(privateKeyRef);
assert(signatureBytesSize == keySize / 8);

uint8_t * signatureBytes = malloc( signatureBytesSize * sizeof(uint8_t) );
memset((void *)signatureBytes, 0x0, signatureBytesSize);

// Sign the binary blob; with type 1 padding.
//
sanityCheck = SecKeyRawSign(privateKeyRef,
                            kSecPaddingPKCS1,
                            (const uint8_t *)[blob bytes], [blob length],
                            (uint8_t *)signatureBytes, &signatureBytesSize
                            );
assert(sanityCheck == noErr);

-50/errSecParam ( , , .).

? iPhone?

,

Dw.

+3
1

- SecKeyRawSign() SHA_DIGEST_LEN. .

SHA1 - .

SHA2 .

Dw

0

More articles:


All Articles