Few iOS Security API hints

Sharing a RSA public key

On the iOS you can generate a RSA key pair using the SecKeyGeneratePair function. However this function doesn't pack the public key into a complete PublicKeyInfo structure. It generates only the public key data annotated below:
So if you need to share the public key (e.g. with the backend) you would usually need to manually add the header. When doing this pay attention to properly adjust the lengths of the first SEQUENCE and the BIT_STRING.

Getting an identity reference for a certificate created in runtime

Let's say you have created your key pair, and shared the public key with the backend. And you have received a certificate containing your public key, which should be used as a client certificate for establishing a 2-way SSL:
  1. DO NOT add the certificate to the keychain by simply inserting it's bytes using the SecItemAdd function. If you do this, you would be able to access the certificate, even get a proper reference for it, but it want get associated  to your private key. So, you want be able to get a proper identity reference for establishing the SSL connection.
  2. You should first use the SecCertificateCreateWithData function, to create a proper certificate reference (SecCertificateRef), which then you provide to the SecItemAdd function, to insert the certificate.
  3. Now you should be able to query the keychain and get a valid SecIdentityRef instance. You can use the same filtering parameters (e.g. keychain item label) which you have used for your certificate.

No comments:

Post a Comment