OpenSSL 不支持 iOS 的 PublicKey
我使用 SecKeyGeneratePair 在 iOS 上创建了密钥对,然后使用 SecItemCopyMatching 将密钥导出到 publicKey 和 privateKey(当然在导出之前进行了 Base64 编码)。现在我在使用公钥加密数据时遇到问题。我使用下一个 OpenSSL 命令:
openssl rsautl -encrypt -inkey publicKey -pubin -in text.txt -out text.enc
我收到来自 OpenSSL 的“无法加载公钥”响应。
我分析了 publicKey 并注意到它只包含下一个内容:
SEQUENCE(2 elem)
| INTEGER(1023 bit)
| INTEGER 65537
当 OpenSSL 生成的公钥包含有关算法的附加信息(如 OpenSSL 创建的示例)时:
SEQUENCE(2 elem)
| SEQUENCE(2 elem)
| | OBJECT IDENTIFIER 1.2.840.113549.1.1.1
| | NULL
| BIT STRING(1 elem)
| | SEQUENCE(2 elem)
| | | INTEGER(1024 bit)
| | | INTEGER 65537
第一个问题是为什么 publicKey 仅包含 1023 位密钥? OpenSSL 的公钥有 1024 位长度。
我尝试为 iOS 生成的 publicKey 创建额外的 ASN.1 结构(使用十六进制编辑器并修复 SEQUENCE 长度)。它的格式是正确的(我在这里检查过http://lapo.it/asn1js/),但是我仍然无法将其用于 OpenSSL。看起来是因为 SecItemCopyMatching 返回的公钥丢失了字节。
我也检查了privateKey的内容,因为里面包含了publicKey。 publicKey的长度也有1023位。
你能帮我吗?提前致谢。以下是在 iOS 设备上生成的密钥对:
publicKey:
MIGIAoGAaXp7vlZ5WmCzaL1rrBKXC8rJuc7EpH7Us/0t4R3hJoDOtRJxywegPY6wm45Oiud7UDh+9loebAg4dcpUP1le5S kbxrC9Qp8XahmvYVMXUYVGDiLTWID3e3PdE7CwEM5/lz1c1vRRWjR+2GzvV4xf5gRwCzZW1tXvXCNWsraqwE8CAwEAAQ==
私钥:
MIICWwiIBAAKBgGl6e75WeVpgs2i9a6wSlwvKybnOxKR+1LP9LeEd4SaAzrUSccsHoD2OsJuOTorne1A4fvZaHmwIOHXKVD9ZXuU pG8awvUKfF2oZr2FTF1GFRg4i01iA93tz3ROwsBDOf5c9XNb0UVo0fths71eMX+YECAs2VtbV71wjVrK2qsBPAgMBAAECgYBolCowc 2hqdUosZPJmbyAXbv5HHXzWY3Hc6v8cHhXnqPpJiXoNhQgZQGpWMOgqzIv0467t7jgPgK8KCosxLBjqvQTVzBkHTsBpBAaJgxzgP04 pD8EnJp6uwwx8fZcP3PQOwGkmtWf2KyAcBZD3A+snCxGTRMDOrEPzQe6kBapBwQJBASG9Go92pjIqTRMMam5A5oUt9R1/iNx0wHowSt yf2KHik1GRidaENIYkobZEzjKEbskcq3LGJGna163uu/Y55l8CQF0yLFHBdMi9hYX49s8Abzkd+3sGI29hFkLrL01ZB2xV/WceNLQH 7jxplRClri9Ccr1QFkMGcaXRv2X+eNu6DBECQQEdlTxZzhQwfBtuPB2nwNa2zL6+rZdj3Lxfc7xGTFQF9MNKcg6P3825rt+qPZWUm45 rMpQXVBBOOkO+kAK6xwU3AkBIE8vPFy25K0qfSOOpSQ68QAIFLcQuGgpbiwU0bwycrwyiuevM6O1J7+aHz3udtWiEHfJ5t/whYM0El wDl/0fhAkEAq0EWoY8mQjHAGPMIhIty48fDbJCeFWFPx8lR+gegR1KwcIzcCGrYnHt8ihrfPm9ySjXwWDLYhBx0A5m+IbRZaA==
I had created key pair on iOS with using SecKeyGeneratePair and then exported keys to publicKey and privateKey with using SecItemCopyMatching (Base64 encoded before exporting of course). Now I have a problem to encrypt data with using public key. I use next OpenSSL command:
openssl rsautl -encrypt -inkey publicKey -pubin -in text.txt -out text.enc
I got "unable to load Public Key" response from OpenSSL.
I have analyzed publicKey and noticed that it contains only next content:
SEQUENCE(2 elem)
| INTEGER(1023 bit)
| INTEGER 65537
when public keys generated by OpenSSL contains additional info about algorithm like that sample which was created by OpenSSL:
SEQUENCE(2 elem)
| SEQUENCE(2 elem)
| | OBJECT IDENTIFIER 1.2.840.113549.1.1.1
| | NULL
| BIT STRING(1 elem)
| | SEQUENCE(2 elem)
| | | INTEGER(1024 bit)
| | | INTEGER 65537
First question is why publicKey contains only 1023 bit for key? OpenSSL's public key has 1024 bit length for that.
I tried to create additional ASN.1 structure for publicKey which was generated by iOS (with using HEX editor and fixing SEQUENCE length). Its format is correct (I have checked that here http://lapo.it/asn1js/), but I still can't use it for OpenSSL. Looks like because public key returned by SecItemCopyMatching has lost byte.
I checked the content of privateKey also, because it contains publicKey inside. The length of the publicKey there also 1023 bits.
Can you help me please? Thanks in advance. Here is a key pair which was generated on iOS device:
publicKey:
MIGIAoGAaXp7vlZ5WmCzaL1rrBKXC8rJuc7EpH7Us/0t4R3hJoDOtRJxywegPY6wm45Oiud7UDh+9loebAg4dcpUP1le5SkbxrC9Qp8XahmvYVMXUYVGDiLTWID3e3PdE7CwEM5/lz1c1vRRWjR+2GzvV4xf5gRwCzZW1tXvXCNWsraqwE8CAwEAAQ==
privateKey:
MIICWwIBAAKBgGl6e75WeVpgs2i9a6wSlwvKybnOxKR+1LP9LeEd4SaAzrUSccsHoD2OsJuOTorne1A4fvZaHmwIOHXKVD9ZXuUpG8awvUKfF2oZr2FTF1GFRg4i01iA93tz3ROwsBDOf5c9XNb0UVo0fths71eMX+YEcAs2VtbV71wjVrK2qsBPAgMBAAECgYBolCowc2hqdUosZPJmbyAXbv5HHXzWY3Hc6v8cHhXnqPpJiXoNhQgZQGpWMOgqzIv0467t7jgPgK8KCosxLBjqvQTVzBkHTsBpBAaJgxzgP04pD8EnJp6uwwx8fZcP3PQOwGkmtWf2KyAcBZD3A+snCxGTRMDOrEPzQe6kBapBwQJBASG9Go92pjIqTRMMam5A5oUt9R1/iNx0wHowStyf2KHik1GRidaENIYkobZEzjKEbskcq3LGJGna163uu/Y55l8CQF0yLFHBdMi9hYX49s8Abzkd+3sGI29hFkLrL01ZB2xV/WceNLQH7jxplRClri9Ccr1QFkMGcaXRv2X+eNu6DBECQQEdlTxZzhQwfBtuPB2nwNa2zL6+rZdj3Lxfc7xGTFQF9MNKcg6P3825rt+qPZWUm45rMpQXVBBOOkO+kAK6xwU3AkBIE8vPFy25K0qfSOOpSQ68QAIFLcQuGgpbiwU0bwycrwyiuevM6O1J7+aHz3udtWiEHfJ5t/whYM0ElwDl/0fhAkEAq0EWoY8mQjHAGPMIhIty48fDbJCeFWFPx8lR+gegR1KwcIzcCGrYnHt8ihrfPm9ySjXwWDLYhBx0A5m+IbRZaA==
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
OpenSSL 需要 X.509 格式的密钥(请参阅 RFC 3280):
“subjectPublicKey”字符串取决于算法。对于 RSA 来说是(RFC 3447):
我认为密钥是 1023 位而不是 1024 位不是问题。但您可以尝试生成更多的数,看看它们是否都是 1023 位长。
当您尝试使用自己的创建(更新的 ASN.1 结构)时,OpenSSL 会说什么?你可以在这里发布吗?
此外,OpenSSL 期望它采用 PEM 格式,并在 Base64 数据周围包含“-----BEGIN RSA PUBLIC KEY-----”和“-----END RSA PUBLIC KEY-----”。
OpenSSL requires the key in X.509 format (see RFC 3280):
The "subjectPublicKey" string depends on the algorithm. For RSA it is (RFC 3447):
I don't think it's a problem that the key is 1023 and not 1024 bits. But you can try to generate a few more and see if they're all 1023 bits long.
What does OpenSSL say when you try to use your own creation (the updated ASN.1 structure)? Can you post it here?
Also, OpenSSL expects it in PEM format with "-----BEGIN RSA PUBLIC KEY-----" and "-----END RSA PUBLIC KEY-----" around the Base64 data.