Re: SecKeyGeneratePair export Public Key and OpenSSL API
Re: SecKeyGeneratePair export Public Key and OpenSSL API
- Subject: Re: SecKeyGeneratePair export Public Key and OpenSSL API
- From: Jacopo Mangiavacchi <email@hidden>
- Date: Wed, 5 Nov 2008 12:41:57 +0100
Some more info.
I obtained a persistence reference of an auto generated Public key
calling the SecItemCopyMatching then I encoded it in base64 format.
After that I added the strings "---- BEGIN..." at the top and "----
END..." at the bottom obtaining this final string an save it on a file:
-----BEGIN PUBLIC KEY-----
MIGIAoGAUHmlTMGzxJ8Q+M3hlqSiZmn0wKKYqaih9gGfMkRPXBT4jpOiE6VOVuWN
jedIs97H4GRe4ZlmGAqMD5BK9NztHVOGPPYYjXT7u02kppkgYDoOhI7iYFJ/iHGi
eDwzUzCo5QEjeateX1fNVNhXzLs3T45/YVN3ezRqOmjJqs31cvUCAwEAAQ==
-----END PUBLIC KEY-----
Than if I try this command: openssl rsa -pubin -in iphonepubkey.pem -
modulus -noout
I obtain this following error:
unable to load Public Key
22483:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1007:
22483:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:305:Type=X509_ALGOR
22483:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
asn1 error:tasn_dec.c:567:Field=algor, Type=X509_PUBKEY
22483:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:
82:
Btw, if I generate the key pair using the OpenSSL API the output of
the last command instead is correct (Modulus=B744103A06A...)
I really can't understand where is my fault, I double checked the
parameter that I pass to SecItemCopyMatching and SecKeyGeneratePair
and of course the public key is valid by itself. I'm able to decrypt
etc. with it.
j
From: Jacopo Mangiavacchi <email@hidden>
Subject: SecKeyGeneratePair export Public Key and OpenSSL API
To: email@hidden, email@hidden
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
I need to export a public key generated with the SecKeyGeneratePair
API and send it to a WebServices (written in PHP) that using the
OpenSSL API must encrypt something using this key and return back the
ciphered value to the cocoa client.
In order to pass the public key NSData buffer I've tried to encode
that in Base64 format and to pass it as a standard RSA pubkey string
because I know that OpenSSL can accept a string like that.
An example of this kind of string is the following:
-----BEGIN PUBLIC KEY-----
MIGIAoGAUHmlTMGzxJ8Q+M3hlqSiZmn0wKKYqaih9gGfMkRPXBT4jpOiE6VOVuWN
jedIs97H4GRe4ZlmGAqMD5BK9NztHVOGPPYYjXT7u02kppkgYDoOhI7iYFJ/iHGi
eDwzUzCo5QEjeateX1fNVNhXzLs3T45/YVN3ezRqOmjJqs31cvUCAwEAAQ==
-----END PUBLIC KEY-----
Any way, the OpenSSL is telling me that this is not a valid public
key. Btw, an OpenSSL auto-generated public key is a little bit longer
than this, like the following for eample:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5F3OcVyc93DPSYgltiYN6zkwM
Aq30nGq1j8PSJbfqu99q1xwprK0Uh078d09piTrOwjdmqUUHjHhJqSdeSbnF0oYp
XIQLXUb01wMfB6pKpfOHpLtDjAKJBeEfIK5Zig5nF1cQrKTIlR+LLR+7m0u5UDGB
rO7yvd5dYDJAKh9BawIDAQAB
-----END PUBLIC KEY-----
Am I missing something ?
Thanks for any help,
jacopo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.apple.com/mailman/private/apple-cdsa/attachments/20081104/e8e39c47/attachment.html
------------------------------
_______________________________________________
Apple-cdsa mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/apple-cdsa
End of Apple-cdsa Digest, Vol 5, Issue 156
******************************************
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden