将私有 base64 编码密钥转换为 SecKey
Posted
技术标签:
【中文标题】将私有 base64 编码密钥转换为 SecKey【英文标题】:Convert private base64 encoded key to SecKey 【发布时间】:2019-02-28 05:41:50 【问题描述】:我确实像这样使用 OpenSSL 生成了私钥:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 563 -nodes -subj "//C=LT\ST=Vilnius\L=Vilnius\O=Briedis\OU=Org\CN=www.example.com"
key.pem 文件包含 base64 格式的私钥。删除了 BEGIN 和 END 标记。以及新的线路。应用这些更改后,私钥如下所示:
let privteKeyString = “MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxFZF3YHfkbvNbC5kuXo4QxtHVRBKe35lOUVFPIRPxc87QUJHwb0b62aG84AHRhx6fawX66Sby/U31U0HBXh0QY3IRGqSm3xOZBjrJvAk2vd8T5y4fCYFuEk3exTm7FNVeucf0W3ibPyW/zWTbMek1XMSbii130LUKBhMFg1Jmf/M2YwSRmPO4gZ3uzK+hvE02QtvEI8/ruiO1GfRsqsYNPd67Cayley8DvYXzQKCS6+LJUW1lTQObgY0xHLpmlLmXjLj9pAvXPVp0jqbVml2TcKCeC/7cyaf0jxEfkajlYGORpw/0/zcYk2mde/UzzEzvKsOXAnZo1XTj+BdOMVuaeKdxjtEOoFBGVabSmBl0NRTg2JEZKTHJ6gywiua1jemnKAnwrwsc3DOFIKDpGS9EBiFgbg86c/2/76EcQ4pYtiZgwYABahPpC+JAEpw99PGK9jZcSsFpTO81ZNIwoy/deH/frZ0G1hQCnB85T3DDELC8aJMM9R+NUJcLnq9NHywE15Sm2xzepkY1sWo0XmcSn/e3lBqOLAIIw+bygsM9Xksxhs6FLb0BOWMh/C3urKnG/jdPLp0ROKD6t9/5iVgCPDftHEEVxPrKcVqOSBoFPRhKvl8SP6OdyS4ken8xzKNCN7bs1ZvhpvhtpFysgAOHZF9y9GcafltZEFVECfBd0wIDAQABAoICAQCJle9ip/Ie6tFrMLTAYTjR8hfAMlahV6r+PZIF//ZFyCuskJ0DCQJGDmdqn0TqbaguRnHsA9B+RK6YaCqTubKtNAbBIUlCWdoZL8znRpCGFrnG9fxQowsL4W7dIbF8GHC7W27u/U7UmBiVUFkHMV03V69uBcrT57VxZ0zKIMEZ4FmwLPi0wvjBpvt1OVVQPURkX0fuucBnL0VlBRhygbDFQwfVnGumWvIpXsw/NjxMSrf2oKx1Y4PlA6AWw3JUF0Onau+kKhwFDKdGHjujhH8l+gDhKwLGumsjSTENrRdjuCNEXF+6g7xj/My3TkMyDo7L2BcFMiWbyBU8tlotJ446R6SnnfHclwMIe1/XNRyCToKNIa6W/J2pk6hVum7fKfPPxJS7GAs5VAH3nH2ZhCrzH/h9oTHneeLbSpSHkDvisTLDX9zgvX2F9iHg6Vyox931xzCmkXiWt4+g/tx0EYz6pivgWucx9/BY31SSwDMBc5sIAJsAciK2ylMJT2YYIJbzOf2KHaMLqZq36NDszzCsJNfm2d/0g9pgp6DNPgS2P9vP/sKzAptJtO7UVydH7Crf1RlWl09UqTvyYB/BEv9HWbJaTFf+ISTB45ad76m1fyJfTgUL9NLMbSqX3E7rwah+ls9gTal+188c9MF2Qaf+12fA0fEbQQSy63KOzjEWOQKCAQEA5evQ+mX30QBpsZmfR18gbl6ab/3KOgXY/3SFApE9A7gaF+Li/FsU8pkpjltTHt+5xrZbSJy1dS1fsIbOfPMZ7k4TeYaadFzdYPhT9T4qH+OXXCUdDgsThXScMm3wyyNOsAgKkiN54dKv+JAVp6H7Q4ENEQpJzvoIXRK+03AuXZ/cR2D6Dr1yPbB3dOkcq+dx2/tVE+53le6SLZTR9JuQvmKGwylOy4+UfWOrUnNBpVuteZTUpJCa1rOVhN+XnAWwO3yce+WMNu4V2a4gG3J87HtUJyy18UFUnlsXMQvWJlei/uxSilTOd5UCYZtrwe+W0exv1Hx6KcxbSSf/MYKprwKCAQEAxSuI/1FPWIG+QIN/LUt3e2oakRRAr15ELT7jW4uI2vEdIHWlf0tBhw49mDVWLcVTM3WXEZc3snp1YqTJwyzASn/t0vnRApBxArOMdqt02Ni7M5fC8Hpilrl+721E7UPnz5l/5VCXaSzfGz+xXpEmIt00R0E+mdITpjLE84KxgMWHfArZtDMDY4955MIugcI2NUrh0hAIRMPrTDY4Oyt1cFzTRhFTsqcSIEAcqgXQGUjmsb3Ljj9C6YdMAriK0VTIN35lSAGXYAM1SXymiEdwdbKDqv0UCQJoiiXBc4Hteh8oHJJbxAQrk9RveDIz5sPSkgYiLoB+KYM2RG/ZGvlrHQKCAQEAmsKVQsZ5/VtqyVmfRbo5KTFSgMlyYoXnH2P919GNIUC9h5B3uudP/U+tEh5Un7Z15NSAMysQVRQ6kabbvG0h6i7xmt5IfsS3WnssgCnczuQx0JtGqFo6RJ1OOf+YkhNs9r4i52UruB5JxmStvs0gRLrL4clsDv5rvMJOYiHjg6+D5SPYjS1lhTKP5ci3PNqn4CuXg7gDFI+mIzpF7ID997h3/0uBtzEpARGikvfzmutPpEPSsgaHwrbUkMCz2xhVHGVvK1JChALUAFbdU7xHbCJDba8BtKeF3qVvwdq2xc49b5wAnw4gf4t0M+Easkqj2R9t0rgKvrHITEC43EmYDwKCAQASfxcG/JW489LpMmzHzwCSb022tnOq/+jdZbzmZZydDWlyFhdEbcbj6I4WrUo8WPqJJUrat5jeAWbprhPPX29ajc29sPnOh8ZSPo26xDLd9Nb67A25iYGeKiCiTVnd+DTS4M+Cr6DEmRUE9WCqQmuVcbLpzFEXFQIK4VBgl64XKnCfTlVF9lMnD9qbfyvluFZlgXTVw/NCoC5+o8d6pYUK2WpodE+pvsqQg/MscAcpmBEsM2XZHk4kojCbQLylDpMJwa22p4+Pzj09e5gTyL/gCrMXY05x2ev8qbYQI+wnPK0CoShCpzF/WLpsSCleSJiEYlbqjdtIAashmGyBf0xxAoIBAF70oKa2tyxe513PWy3JLR5M8YvG55fyrdV+947Mv8l8h5L2EhsNXVvN6wLL7AeNuM/fNQ+M1QEYZJdPOwMP1qRFQuU8DVUlvluGAMS8/VPO5lDXQ4B0kk8Y3Ou/bhobvw5pAXK0yDUaElClw+IRDy4U0KjgJq04sTnDqhjLrV++f1vTtTUOWSIawIVxequ/QKO24lyRtEqYQZtCFs+AEeZNFkay9npYY/nNplQV/K/b9E4WYUtNWHukjwll8ftwsiDJqj2JV5GYmfLbUgJbuxJ6eGNXcgrW3Vs8ye9mVHiL8QSpYpQS3ys0Kiv3zjvkobCO4bQVfIQGxIj5mnWL/is=“
base64到SecKey的转换:
let privateKeyData = Data(privteKeyString.utf8)
var error: Unmanaged<CFError>?
let secKey = SecKeyCreateWithData(privateKeyData as! NSData, [
kSecAttrKeyType: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits: 4096,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
] as NSDictionary, &error)
执行后得到 -50 错误。
base64私钥转SecKey有什么方法?
【问题讨论】:
【参考方案1】:通常所有 RSAPrivateKey 都不是普通的 RSAPrivateKey,而是 PrivateKeyInfo(参见 RFC 5208 的第 5 节)。 ios 不支持 PrivateKeyInfo 密钥结构。在这种情况下,需要转换为 RSAPrivateKey。从 PrivateKeyInfo 创建 iOS SecKey 的步骤:
使用 OpenSSL 将 private key.pem 转换为 DER 格式。
openssl rsa -in key.pem -outform der -out key.der
将 key.der 文件拖放到 Xcode 项目中。
将私钥加载并打印为 vanilla RSAPrivateKey:
let keyUrl = Bundle.main.url(forResource: "key", withExtension: "der")
let keyDerData = try? Data(contentsOf: keyUrl!)
print(keyDerData?.base64EncodedString())
将普通 RSAPrivateKey 原始数据转换为 SecKey。
var error: Unmanaged<CFError>?
let secKey = SecKeyCreateWithData(keyDerData as! NSData, [
kSecAttrKeyType: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits: 4096,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
] as NSDictionary, &error)
【讨论】:
以上是关于将私有 base64 编码密钥转换为 SecKey的主要内容,如果未能解决你的问题,请参考以下文章