iPhone 使用证书加密
我必须加密一个字符串,并在 xCode 项目的 Resources 文件夹中包含一个 .CER (x.509)。这两天我一直在想怎么做,但没有成功,所以是时候问一下了。
Apple 的文档非常难以阅读...而且我认为这个框架可能是最难理解的框架...两个示例都没有帮助。
因此,我尝试使用以下代码:显然它不起作用:
在我的 Mac 上,我使用了 OPENSSL,但我发现无法在 SDK 中重新创建 OPENSSL 命令。所以,我很困惑...有人吗???
多谢 :)
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"Certificate" ofType:@"cer"];
SecCertificateRef myCertificate = nil;
NSData *certificateData = [[NSData alloc] initWithContentsOfFile:certPath];
myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certificateData);
SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
SecTrustRef myTrust;
SecTrustCreateWithCertificates(myCertificate, myPolicy, &myTrust);
SecKeyRef publicKey = SecTrustCopyPublicKey(myTrust);
uint8_t *pPlainText = (uint8_t*)"This is a test";
uint8_t aCipherText[1024];
size_t iCipherLength = 1024;
OSStatus status = SecKeyEncrypt(publicKey,
kSecPaddingPKCS1,
pPlainText,
strlen( (char*)pPlainText ) + 1,
aCipherText,
&iCipherLength);
}
I have to encrypt a string and have a .CER (x.509) in the Resources folder of my xCode project. The last two days I have spent to imagine how, but no success, so it's time to ask.
The documentation of Apple is very difficult to read... and I see this framework is probably the hardest one to understand... neither the samples have helped.
So, I have tried with the following code: obviously it does not work:
On my Mac I used OPENSSL but I found no way to recreate OPENSSL commands in the SDK. So, I'm pretty confused... anyone???
Thanks a lot :)
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"Certificate" ofType:@"cer"];
SecCertificateRef myCertificate = nil;
NSData *certificateData = [[NSData alloc] initWithContentsOfFile:certPath];
myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certificateData);
SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
SecTrustRef myTrust;
SecTrustCreateWithCertificates(myCertificate, myPolicy, &myTrust);
SecKeyRef publicKey = SecTrustCopyPublicKey(myTrust);
uint8_t *pPlainText = (uint8_t*)"This is a test";
uint8_t aCipherText[1024];
size_t iCipherLength = 1024;
OSStatus status = SecKeyEncrypt(publicKey,
kSecPaddingPKCS1,
pPlainText,
strlen( (char*)pPlainText ) + 1,
aCipherText,
&iCipherLength);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我尝试了更新后的代码,在末尾添加了两行:
效果很好:
现在的一个区别是我使用的公钥位于我的钥匙串中。如果您的不是,您可能需要查看下面的 importing-an-ssl-cert-under-the-iphone-sdk 链接。到目前为止,我只在模拟器上进行了测试,模拟器也可能有所不同,但我相信这是正确的。
如果仍然遇到问题,请确保检查每个调用的结果(如果它返回 OSStatus,请检查)。哪一块失败了?
您忘记在调用
SecTrustCopyPublicKey()之前对SecTrustRef调用SecTrustEvaluate()。查看 SecTrustCopyPublicKey() 上的文档,其中对此进行了解释。不太有用的旧信息:
我相信这些帖子应该为您指明正确的方向:
http://greghaygood.com/2009/01/17/ametry-encryption-with-the-iphone-sdk-and-securityframework< /a>
在 iPhone SDK 下导入 SSL 证书
另外请注意,如果您已有适用于 Mac 的 OpenSSL 代码,则可以编译适用于 iPhone 的 OpenSSL。当我开发构建脚本时,这篇文章对我很有用:
I tried your updated code with the addition of two lines at the end:
That works fine:
Now one difference is that the public key I'm using is in my keychain. If yours isn't, you may want to look at the importing-an-ssl-cert-under-the-iphone-sdk link below. So far I've only tested on Simulator, which also can be different, but I believe this is correct.
If you still have trouble, make sure to check the result of each call (and if it returns OSStatus, check that). Which piece is failing?
You forgot to call
SecTrustEvaluate()on yourSecTrustRefbefore callingSecTrustCopyPublicKey(). Check the docs onSecTrustCopyPublicKey()which explains this.Old information that wasn't as useful:
I believe these posts should point you in the right direction:
http://greghaygood.com/2009/01/17/asymmetric-encryption-with-the-iphone-sdk-and-securityframework
Importing an SSL cert under the iPhone SDK
Also note that if you have OpenSSL code for Mac already, you can compile OpenSSL for iPhone. This post was useful for me when I developed my build scripts:
http://www.therareair.com/2009/01/01/tutorial-how-to-compile-openssl-for-the-iphone/