IPhone - Get private SecKeyRef from DER file

Added by Son over 7 years ago

Hi,

In my previous iphone app, I have done this successfully by getting a base64 string content of DER file from Server then extract SecKeyRef, but now with Nordnet, I have to get it from a DER file, I don't know if the problem comes from my code or there is a problem with DER file, my code could not extract the key and always return nil, I have tried to read DER file by using KeyChain Access app but app always return an error message: "An error has occurred. Unable to import an item. The content of this item cannot be retrieved.", so I guess that there may a problem with the DER file, could you please help me double check this?


Replies (9)

RE: IPhone - Get private SecKeyRef from DER file - Added by Son over 7 years ago

The same with PEM file :(

RE: IPhone - Get private SecKeyRef from DER file - Added by Son over 7 years ago

I have tried to generate a key using openssl without MD5 or SHA signature, then I could extract the key successfully, So I think the problem come from the Public Key file, please help me double check this.

RE: IPhone - Get private SecKeyRef from DER file - Added by Son over 7 years ago

I think the root cause is the cert file was MD5 signed (hashed) so the structure was changed and KeyChain cannot read it anymore.

How can I have an unsigned cert file (.der)?

RE: IPhone - Get private SecKeyRef from DER file - Added by Nordnet Simon over 7 years ago

Hi, we cannot provide the files in any other way (not for production anyway).

It is possible to use openSSL library and use the .PEM file in Objective-C.

I will see if I can come up with an example.

RE: IPhone - Get private SecKeyRef from DER file - Added by Son over 7 years ago

in iOS, we cannot use these certs directly, we must add to KeyChain to get SecKeyRef then use it to encrypt data.

RE: IPhone - Get private SecKeyRef from DER file - Added by Son about 7 years ago

Hi Nordnet team, I still not find out any solution, Any help is very appreciated ^^

RE: IPhone - Get private SecKeyRef from DER file - Added by Nordnet Simon about 7 years ago

Son wrote:

in iOS, we cannot use these certs directly, we must add to KeyChain to get SecKeyRef then use it to encrypt data.

Can't you treat the .PEM file like any file and use the openSSL-lib?

Something like this:


#import <openssl/rsa.h>
#import <openssl/pem.h>

static inline NSData *encryptString(NSString *raw) {
    RSA *rsa = NULL;
    if (rsa == NULL) {
        NSString *path = [[NSBundle mainBundle] pathForResource:@"publickey" ofType:@"pem"];
        FILE *fp;
        if ((fp = fopen([path cStringUsingEncoding:NSUTF8StringEncoding], "r"))) {
            rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
            fclose(fp);
            fp = NULL;
        }
    }
    size_t plainTextLen = [raw lengthOfBytesUsingEncoding:NSUTF8StringEncoding];
    unsigned char plainText[plainTextLen+1];

    size_t cipherTextLen = RSA_size(rsa);
    unsigned char cipherText[cipherTextLen + 1];
    [raw getCString:(char *)plainText maxLength:plainTextLen+1 encoding:NSUTF8StringEncoding];

    RSA_public_encrypt(plainTextLen, plainText, cipherText, rsa, RSA_PKCS1_PADDING);

    NSData *encrypted = [NSData dataWithBytes:cipherText length:cipherTextLen];
    return encrypted;
}


RE: IPhone - Get private SecKeyRef from DER file - Added by Son about 7 years ago

Hi, I solved it in another way by read the public key from pem file, remove pre-fix and sub-fix, decode base64, strip public key header and import it into keychain, finally it's done.

RE: IPhone - Get private SecKeyRef from DER file - Added by Nordnet Simon about 7 years ago

Glad it works for you.

(1-9/9)