将私有 base64 编码密钥转换为 SecKey

Posted

技术标签:

【中文标题】将私有 base64 编码密钥转换为 SecKey【英文标题】:Convert private base64 encoded key to SecKey 【发布时间】:2019-02-28 05:41:50 【问题描述】:

我确实像这样使用 OpenSSL 生成了私钥:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 563 -nodes -subj "//C=LT\ST=Vilnius\L=Vilnius\O=Briedis\OU=Org\CN=www.example.com"

key.pem 文件包含 base64 格式的私钥。删除了 BEGIN 和 END 标记。以及新的线路。应用这些更改后,私钥如下所示:

let privteKeyString = “MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxFZF3YHfkbvNbC5kuXo4QxtHVRBKe35lOUVFPIRPxc87QUJHwb0b62aG84AHRhx6fawX66Sby/U31U0HBXh0QY3IRGqSm3xOZBjrJvAk2vd8T5y4fCYFuEk3exTm7FNVeucf0W3ibPyW/zWTbMek1XMSbii130LUKBhMFg1Jmf/M2YwSRmPO4gZ3uzK+hvE02QtvEI8/ruiO1GfRsqsYNPd67Cayley8DvYXzQKCS6+LJUW1lTQObgY0xHLpmlLmXjLj9pAvXPVp0jqbVml2TcKCeC/7cyaf0jxEfkajlYGORpw/0/zcYk2mde/UzzEzvKsOXAnZo1XTj+BdOMVuaeKdxjtEOoFBGVabSmBl0NRTg2JEZKTHJ6gywiua1jemnKAnwrwsc3DOFIKDpGS9EBiFgbg86c/2/76EcQ4pYtiZgwYABahPpC+JAEpw99PGK9jZcSsFpTO81ZNIwoy/deH/frZ0G1hQCnB85T3DDELC8aJMM9R+NUJcLnq9NHywE15Sm2xzepkY1sWo0XmcSn/e3lBqOLAIIw+bygsM9Xksxhs6FLb0BOWMh/C3urKnG/jdPLp0ROKD6t9/5iVgCPDftHEEVxPrKcVqOSBoFPRhKvl8SP6OdyS4ken8xzKNCN7bs1ZvhpvhtpFysgAOHZF9y9GcafltZEFVECfBd0wIDAQABAoICAQCJle9ip/Ie6tFrMLTAYTjR8hfAMlahV6r+PZIF//ZFyCuskJ0DCQJGDmdqn0TqbaguRnHsA9B+RK6YaCqTubKtNAbBIUlCWdoZL8znRpCGFrnG9fxQowsL4W7dIbF8GHC7W27u/U7UmBiVUFkHMV03V69uBcrT57VxZ0zKIMEZ4FmwLPi0wvjBpvt1OVVQPURkX0fuucBnL0VlBRhygbDFQwfVnGumWvIpXsw/NjxMSrf2oKx1Y4PlA6AWw3JUF0Onau+kKhwFDKdGHjujhH8l+gDhKwLGumsjSTENrRdjuCNEXF+6g7xj/My3TkMyDo7L2BcFMiWbyBU8tlotJ446R6SnnfHclwMIe1/XNRyCToKNIa6W/J2pk6hVum7fKfPPxJS7GAs5VAH3nH2ZhCrzH/h9oTHneeLbSpSHkDvisTLDX9zgvX2F9iHg6Vyox931xzCmkXiWt4+g/tx0EYz6pivgWucx9/BY31SSwDMBc5sIAJsAciK2ylMJT2YYIJbzOf2KHaMLqZq36NDszzCsJNfm2d/0g9pgp6DNPgS2P9vP/sKzAptJtO7UVydH7Crf1RlWl09UqTvyYB/BEv9HWbJaTFf+ISTB45ad76m1fyJfTgUL9NLMbSqX3E7rwah+ls9gTal+188c9MF2Qaf+12fA0fEbQQSy63KOzjEWOQKCAQEA5evQ+mX30QBpsZmfR18gbl6ab/3KOgXY/3SFApE9A7gaF+Li/FsU8pkpjltTHt+5xrZbSJy1dS1fsIbOfPMZ7k4TeYaadFzdYPhT9T4qH+OXXCUdDgsThXScMm3wyyNOsAgKkiN54dKv+JAVp6H7Q4ENEQpJzvoIXRK+03AuXZ/cR2D6Dr1yPbB3dOkcq+dx2/tVE+53le6SLZTR9JuQvmKGwylOy4+UfWOrUnNBpVuteZTUpJCa1rOVhN+XnAWwO3yce+WMNu4V2a4gG3J87HtUJyy18UFUnlsXMQvWJlei/uxSilTOd5UCYZtrwe+W0exv1Hx6KcxbSSf/MYKprwKCAQEAxSuI/1FPWIG+QIN/LUt3e2oakRRAr15ELT7jW4uI2vEdIHWlf0tBhw49mDVWLcVTM3WXEZc3snp1YqTJwyzASn/t0vnRApBxArOMdqt02Ni7M5fC8Hpilrl+721E7UPnz5l/5VCXaSzfGz+xXpEmIt00R0E+mdITpjLE84KxgMWHfArZtDMDY4955MIugcI2NUrh0hAIRMPrTDY4Oyt1cFzTRhFTsqcSIEAcqgXQGUjmsb3Ljj9C6YdMAriK0VTIN35lSAGXYAM1SXymiEdwdbKDqv0UCQJoiiXBc4Hteh8oHJJbxAQrk9RveDIz5sPSkgYiLoB+KYM2RG/ZGvlrHQKCAQEAmsKVQsZ5/VtqyVmfRbo5KTFSgMlyYoXnH2P919GNIUC9h5B3uudP/U+tEh5Un7Z15NSAMysQVRQ6kabbvG0h6i7xmt5IfsS3WnssgCnczuQx0JtGqFo6RJ1OOf+YkhNs9r4i52UruB5JxmStvs0gRLrL4clsDv5rvMJOYiHjg6+D5SPYjS1lhTKP5ci3PNqn4CuXg7gDFI+mIzpF7ID997h3/0uBtzEpARGikvfzmutPpEPSsgaHwrbUkMCz2xhVHGVvK1JChALUAFbdU7xHbCJDba8BtKeF3qVvwdq2xc49b5wAnw4gf4t0M+Easkqj2R9t0rgKvrHITEC43EmYDwKCAQASfxcG/JW489LpMmzHzwCSb022tnOq/+jdZbzmZZydDWlyFhdEbcbj6I4WrUo8WPqJJUrat5jeAWbprhPPX29ajc29sPnOh8ZSPo26xDLd9Nb67A25iYGeKiCiTVnd+DTS4M+Cr6DEmRUE9WCqQmuVcbLpzFEXFQIK4VBgl64XKnCfTlVF9lMnD9qbfyvluFZlgXTVw/NCoC5+o8d6pYUK2WpodE+pvsqQg/MscAcpmBEsM2XZHk4kojCbQLylDpMJwa22p4+Pzj09e5gTyL/gCrMXY05x2ev8qbYQI+wnPK0CoShCpzF/WLpsSCleSJiEYlbqjdtIAashmGyBf0xxAoIBAF70oKa2tyxe513PWy3JLR5M8YvG55fyrdV+947Mv8l8h5L2EhsNXVvN6wLL7AeNuM/fNQ+M1QEYZJdPOwMP1qRFQuU8DVUlvluGAMS8/VPO5lDXQ4B0kk8Y3Ou/bhobvw5pAXK0yDUaElClw+IRDy4U0KjgJq04sTnDqhjLrV++f1vTtTUOWSIawIVxequ/QKO24lyRtEqYQZtCFs+AEeZNFkay9npYY/nNplQV/K/b9E4WYUtNWHukjwll8ftwsiDJqj2JV5GYmfLbUgJbuxJ6eGNXcgrW3Vs8ye9mVHiL8QSpYpQS3ys0Kiv3zjvkobCO4bQVfIQGxIj5mnWL/is=“

base64到SecKey的转换:

let privateKeyData = Data(privteKeyString.utf8)
var error: Unmanaged<CFError>?
 let secKey = SecKeyCreateWithData(privateKeyData as! NSData, [
 kSecAttrKeyType: kSecAttrKeyTypeRSA,
 kSecAttrKeySizeInBits: 4096,
 kSecAttrKeyClass: kSecAttrKeyClassPrivate,
 ] as NSDictionary, &error)

执行后得到 -50 错误。

base64私钥转SecKey有什么方法?

【问题讨论】:

【参考方案1】:

通常所有 RSAPrivateKey 都不是普通的 RSAPrivateKey,而是 PrivateKeyInfo(参见 RFC 5208 的第 5 节)。 ios 不支持 PrivateKeyInfo 密钥结构。在这种情况下,需要转换为 RSAPrivateKey。从 PrivateKeyInfo 创建 iOS SecKey 的步骤:

    使用 OpenSSL 将 private key.pem 转换为 DER 格式。

    openssl rsa -in key.pem -outform der -out key.der
    

    将 key.der 文件拖放到 Xcode 项目中。

    将私钥加载并打印为 vanilla RSAPrivateKey:

    let keyUrl = Bundle.main.url(forResource: "key", withExtension: "der")
    let keyDerData = try? Data(contentsOf: keyUrl!)
    print(keyDerData?.base64EncodedString())
    

    将普通 RSAPrivateKey 原始数据转换为 SecKey。

       var error: Unmanaged<CFError>?
     let secKey = SecKeyCreateWithData(keyDerData as! NSData, [
     kSecAttrKeyType: kSecAttrKeyTypeRSA,
     kSecAttrKeySizeInBits: 4096,
     kSecAttrKeyClass: kSecAttrKeyClassPrivate,
     ] as NSDictionary, &error)
    

【讨论】:

以上是关于将私有 base64 编码密钥转换为 SecKey的主要内容,如果未能解决你的问题,请参考以下文章

python:将base64编码的png图像转换为jpg

只能为 HMAC 签名指定 Base64 编码的密钥字节

将base 64编码字符串转换为图像

Android将base64编码的字符串转换为图像视图

如何将图像的字节数组转换为表示 jpg 的 base64 编码字符串

js 将图片转换为base64编码