1
我需要在Mac上对数据进行数字签名,然后在iOS上验证它。所以我用DER格式生成RSA密钥对和公开密钥证书,并打开ssl(尝试使用SecKeyGeneratePair生成,但难以导入公钥到iOS,而SecKeyRawVerify仍然无法使用相同结果),并在我的数据上签名Mac应用程序。然后,如果我在iOS上验证此数据,验证失败并显示-9809错误代码,但是如果在mac验证上执行相同的代码,则成功。SecKeyRawVerify在mac上验证但在iOS上失败-9809
这里是我的验证码:
NSString* certPath = [[NSBundle mainBundle] pathForResource: @"Public" ofType:@"der"];
NSData* certificateData = [NSData dataWithContentsOfFile: certPath];
SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); // load the certificate
SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates(certificateFromFile, secPolicy, &trust);
SecTrustResultType resultType;
OSStatus statusTrustEval = SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
NSString* licensingPolicyString = @"ZKL3YXtqtFcIeWRqSekNuCmtu/nvy3ApsbJ+8xad6cO/E8smLHGfDrTQ3h/38d0IMJcUThsVMyX8qtqILmPeTnBpZgJetBjb8kAfuPznzxOrIcYd27/50ThWv6guLqZL7j1apnfRZHAdMiozvEYH62sma1Q9qTl+W7qxEAxWs2AXDTQcF7nGciEM6MEohs8u879VNIE1VcPW8ahMoe25wf8pvBvrzE0z0MR4UFE3ZSWIeeQsiaUPYFwHbfQAOifaw/qIisjL5Su6WURoaSupWTMdQh3ZNyqZuYJaT70u8S7NgF3BzG8uBiYOUYsf6UayvkABmF0UuMdcvhPQefyhuXsiYWxsb3dFeGNoYW5nZSI6dHJ1ZSwiYWxsb3dTaGFmZXIiOnRydWUsInBvbGljeSBuYW1lIjp0cnVlfQ==";
size_t signedHashBytesSize = SecKeyGetBlockSize(publicKey);
NSData* messageData = [[NSData alloc] initWithBase64EncodedData:[licensingPolicyString dataUsingEncoding: NSUTF8StringEncoding] options:0];
NSData* signatureData = [messageData subdataWithRange:NSMakeRange(0, signedHashBytesSize)];
NSData* rawMessageData = [messageData subdataWithRange: NSMakeRange(signedHashBytesSize, messageData.length - signedHashBytesSize)];
uint8_t sha1HashDigest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1([rawMessageData bytes], (CC_LONG)[rawMessageData length], sha1HashDigest);
OSStatus verficationResult = SecKeyRawVerify(publicKey, kSecPaddingPKCS1SHA1, sha1HashDigest, CC_SHA1_DIGEST_LENGTH, [signatureData bytes], [signatureData length]);
CFRelease(publicKey);
CFRelease(trust);
CFRelease(secPolicy);
CFRelease(certificateFromFile);
if (verficationResult == errSecSuccess) NSLog(@"Verified");
是否有适用于Mac和iOS在数字签名验证一些区别?我没有在苹果的文档中找到任何有关它的信息。
即使更改填充,我也有同样的问题。你是如何在OS X上签署数据的?你是否使用变换明确地设置了填充? 'SecTransformSetAttribute(签名者, kSecPaddingKey, kSecPaddingPKCS1Key, &错误);' – Maurizio
我直接在'SecKeyRawSign(privateKeyRef, kSecPaddingPKCS1设置填充, (常量uint8_t *)[[自getHashBytes:明文]字节], CC_SHA1_DIGEST_LENGTH , (uint8_t *)signedHashBytes, &signedHashBytesSize );'和'SecKeyRawVerify'中的相同 –