如何解析x509证书并在Swift中提取其密钥签名？开发者社区

link之家

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

旅行中的蛋挞 · 企业财产险 | 中银保险· 4 月前 ·

失落的企鹅 · 四步解决联想电脑摄像头打不开问题_easyc ...· 6 月前 ·

健壮的山寨机 · “三全育人”工作研讨 | ...· 7 月前 ·

谦和的自行车 · 衡阳市老科协举办2023年全国科普日科普报告 ...· 9 月前 ·

活泼的木耳 · 医疗康养正式启幕 | ...· 11 月前 ·

腾讯云

开发者社区

文档意见反馈控制台

首页 TVP

文章/答案/技术大牛

发布

    if let password = passwordTextField.text {
        //Generate RSA
        guard let keyPair = try? SwiftyRSA.generateRSAKeyPair(sizeInBits: 2048),
              let privateKeyPem = try? keyPair.privateKey.pemString(),
              let publicKeyPem = try? keyPair.publicKey.pemString()
        else {
            return
        /// Generate Certificate in format X.509 from Public Key
        let publicKey = try! PublicKey(data: keyPair.publicKey.data())
        let publicKeyData = try! keyPair.publicKey.data()
        let publicKey_with_X509_header = try! SwiftyRSA.prependX509KeyHeader(keyData: publicKeyData)
        let publicKey509 = try! PublicKey(data: publicKey_with_X509_header)
        print(try! publicKey.pemString()) // Without Certificate
        print(try! publicKey509.pemString()) // With Certificate
        // These two print results are completely the same, but it should be different.
        // Encrypt private key
        let salt = String.random(length: 32)
        let aesKey = Array(String((password + salt).prefix(32)).utf8)
        let iv = [UInt8](String(salt.prefix(16)).utf8)
        guard let aes = try? AES(key: aesKey, blockMode: CBC(iv: iv), padding: .pkcs7),
              let inputData = privateKeyPem.data(using: .utf8),
              let encryptedBytes = try? aes.encrypt(inputData.bytes)
        else {
            return
        let encryptedData = NSData(bytes: encryptedBytes, length: encryptedBytes.count)
        let base64String = encryptedData.base64EncodedString(options: NSData.Base64EncodingOptions(rawValue: 0))
        // Print keys and salt
        print(try! publicKey509.pemString())
        print(base64String)
        print(salt)
    }

extension Data {
    public func dataByPrependingX509Header() -> Data { 
        let result = NSMutableData()
        let encodingLength: Int = (self.count + 1).encodedOctets().count
        let OID: [CUnsignedChar] = [0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00]
        var builder: [CUnsignedChar] = []
        // ASN.1 SEQUENCE
        builder.append(0x30)
        // Overall size, made of OID + bitstring encoding + actual key
        let size = OID.count + 2 + encodingLength + self.count
        let encodedSize = size.encodedOctets()
        builder.append(contentsOf: encodedSize)
        result.append(builder, length: builder.count)
        result.append(OID, length: OID.count)
        builder.removeAll(keepingCapacity: false)
        builder.append(0x03)
        builder.append(contentsOf: (self.count + 1).encodedOctets())
        builder.append(0x00)
        result.append(builder, length: builder.count)
        // Actual key bytes
        result.append(self)
        return result as Data
}

    // Generate keys
    if let password = passwordTextField.text {
        //Generate RSA
        let attributes: [String: Any] = [
            String(kSecAttrKeyType):            kSecAttrKeyTypeRSA,
            String(kSecAttrKeySizeInBits):      4096, // you can change the size to 2048, but 4096 has higher security.
            String(kSecPrivateKeyAttrs): [
                String(kSecAttrIsPermanent):    true,
                String(kSecAttrApplicationTag): "com.example.keys.mykey"]
        var error: Unmanaged<CFError>?
        // Private Key
        guard let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
            fatalError("Error: \(error.debugDescription)")
        let privateKeyData = SecKeyCopyExternalRepresentation(privateKey, &error)
        let privData = privateKeyData as Data?
        let privateKeyString = privData!.base64EncodedString()
        print("Private Key")
        print(privateKeyString)
        // You'll probably need to structure Private and public key to go in new line every time after 76 character
        let structuredPrivateKeyString = privateKeyString.inserting(separator: "\n", every: 76)
        let privateKeyFinal = "-----BEGIN RSA PRIVATE KEY-----\n" + structuredPrivateKeyString + "\n\n-----END RSA PRIVATE KEY-----" 
        print(privateKeyFinal)
        // Public Key
        let publicKey = SecKeyCopyPublicKey(privateKey) // generate public key from private key
        let publicKeyData = SecKeyCopyExternalRepresentation(publicKey!, &error)
        let pubData = publicKeyData as Data? // We need to turn it into data so we can add the certificate or print it as string
        print("Public Key")
        print(pubData!.base64EncodedString())
        // Add x509 certificate to public key
        let publicKeyX509 = SecKeyCopyPublicKey(privateKey)
        let publicKeyDataX509 = SecKeyCopyExternalRepresentation(publicKeyX509!, &error)
        let pubData1 = publicKeyDataX509 as Data?
        let x509Data = pubData1!.dataByPrependingX509Header() // Here we add the certificate (Function that we created previosly in Data extension).
        var publicKeyX509String = x509Data.base64EncodedString()
        print("Public Key x509")
        print(publicKeyX509String)
        let structuredPublicKeyX509String = publicKeyX509String.inserting(separator: "\n", every: 76)
        let publicKeyFinal = "-----BEGIN RSA PUBLIC KEY-----\n\(structuredPublicKeyX509String)\n\n-----END RSA PUBLIC KEY-----"
        print("Public Key for the API")
        print(publicKeyFinal)
        // Encrypt private key
        let salt = String.random(length: 32)
        let aesKey = Array(String((password + salt).prefix(32)).utf8)
        let iv = [UInt8](String(salt.prefix(16)).utf8)
        guard let aes = try? AES(key: aesKey, blockMode: CBC(iv: iv), padding: .pkcs7),
              let inputData = privateKeyFinal.data(using: .utf8),
              let encryptedBytes = try? aes.encrypt(inputData.bytes)
        else {
            setLoadingView(visible: false)
            return
        let encryptedData = NSData(bytes: encryptedBytes, length: encryptedBytes.count)
        let base64String = encryptedData.base64EncodedString(options: NSData.Base64EncodingOptions(rawValue: 0))

回答 1

Stack Overflow用户