Exporting a public key from the secure enclave
Exporting a public key from the secure enclave
- Subject: Exporting a public key from the secure enclave
- From: Doug Hill <email@hidden>
- Date: Mon, 15 May 2017 14:08:07 -0700
I'm attempting to implement what is described in this developer forum post:
https://forums.developer.apple.com/message/84684#84684 <https://forums.developer.apple.com/message/84684#84684>
That is, export an elliptic curve public key from the secure enclave.
Unfortunately, this doesn't work for me. Also, the Security developer forum has held up my forum post for moderation for almost 4 days. So I thought I'd ask here.
----------------------------------
I'm trying to send secure messages between our server and iOS app. I see the following forum post about how to do send a public key to a server:
https://forums.developer.apple.com/message/84684#84684 <https://forums.developer.apple.com/message/84684#84684>
except it doesn't work. I even use the sample code in the referenced git repo
https://github.com/hfossli/EskimoKeys/tree/master <https://github.com/hfossli/EskimoKeys/tree/master>
but this sample code fails key verification. FWIW, here is my output of running the sample code:
>>>>>>>>>>>>>>>>>>
#! /bin/sh
echo This string was signed after 2017-05-15 20:57:20 +0000. | xxd -r -p > dataToSign.dat
echo 3044022036fb9f4f0bb18cffae4da20be7130a9e2d2a22529ce97cf63302c099ac150f64022038c7f7cfb94510a1eb1397650eb2f8952c5a996dc5f5680ae91c0bfe40162b24 | xxd -r -p > signature.dat
cat > key.pem <<EOF
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQu+2TulrqxL0QwSQ9DR0mH4dRCNI
OMoi4TNh+MGDIGpLG2KVyPDHx8Dlf7pfOwv2xGyRm3Wo8HRvVs/4TdxYbQ==
-----END PUBLIC KEY-----
EOF
openssl dgst -ecdsa-with-SHA1 -verify key.pem -signature signature.dat dataToSign.dat
>>>>>>>>>>>>>>>>>>
Runing the script I get the following error message:
"Verification Failure"
Unfortunately, I don't know enough about openssl to figure what the problem is. FWIW I can analyze the public key with the following script:
$ openssl asn1parse -in pubkey.b64 -inform PEM
Output:
0:d=0 hl=2 l= 89 cons: SEQUENCE
2:d=1 hl=2 l= 19 cons: SEQUENCE
4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1
23:d=1 hl=2 l= 66 prim: BIT STRING
So the public key looks valid, but I can't do the signature verification as the above-mentioned forum post describes.
Any ideas? Thanks.
Doug Hill
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden