将XML格式的RSA公钥（2048位）转换为适用于iOS的DER ASN.1公钥

Question

我试图通过C＃以XML格式共享的PublicKey（2048位）数据创建SecKeyRef。数据是这样的：

<Modulus>yLgpOFtg14GjDdle0xha2JCbYrpmKCpXcv+zFx2pi6OlIF8cOSXF6dE19W15+WfuCc2SznVQlVDOLp/NlPGLXKN5L47XYQrPpcls8/xp2PYYW7hjezx7Ig6+WDJnUxSbWgxZQMaiyO1XbCKll5yT2AxUj4od/DfylsVe8ljq154rEb+vCjr/LDpxExijHouJYDNqFV1jglWHWfftBQAzEZADPx7NpHsgXSYrFeVY/WH38GIlyO8FvGWIuDiwyRrHUEXhljmBqAJ3lgULyik3ShfjpN1W4h7BbzFs27mpiAPMtPgToADPNzOadRWFJQjeVVknIq5g6SHHnaZK8wBwrQ==</Modulus><Exponent>AQAB</Exponent>]]>"

我都跟着Convert XML Dsig format to DER ASN.1 public key链接，这仅适用于1024位密钥，但同样的逻辑不能DER编码上述密钥（2048位）。虽然我可以在评论中看到转换逻辑需要修改为256字节的密钥，但无法通过更改成功！

我也试过Generate Public Key From Modulus & Exponent on iOS using OpenSSL库，但是没有用这个生成RSA对象！下面是示例：

NSString *mod = @"yLgpOFtg14GjDdle0xha2JCbYrpmKCpXcv+zFx2pi6OlIF8cOSXF6dE19W15+WfuCc2SznVQlVDOLp/NlPGLXKN5L47XYQrPpcls8/xp2PYYW7hjezx7Ig6+WDJnUxSbWgxZQMaiyO1XbCKll5yT2AxUj4od/DfylsVe8ljq154rEb+vCjr/LDpxExijHouJYDNqFV1jglWHWfftBQAzEZADPx7NpHsgXSYrFeVY/WH38GIlyO8FvGWIuDiwyRrHUEXhljmBqAJ3lgULyik3ShfjpN1W4h7BbzFs27mpiAPMtPgToADPNzOadRWFJQjeVVknIq5g6SHHnaZK8wBwrQ==";

BIGNUM *modulus = BN_new(); 
int res = BN_hex2bn(&modulus,[mod cStringUsingEncoding:NSUTF8StringEncoding]); 

BIGNUM *exponent = BN_new(); 
NSString *exp = @"AQAB"; 
res = BN_hex2bn(&exponent,[exp cStringUsingEncoding:NSUTF8StringEncoding]); 

RSA *rsa = RSA_new(); 

rsa->n = BN_new(); 
BN_copy(rsa->n,modulus); 
rsa->e = BN_new(); 
BN_copy(rsa->e,exponent); 
rsa->iqmp=NULL; 
rsa->d=NULL; 
rsa->p=NULL; 
rsa->q=NULL; 

FILE *fp = fopen("/publicKey.pem", "wb"); 
int suc = PEM_write_RSAPublicKey(fp, rsa, NULL, NULL, 0, 0, NULL); 

生成publicKey.pem文件显然是空的！ 如果任何人都可以帮助我将XML RSA公钥导入到iOS SecKetRef对象中，那将会很棒。

在此先感谢:)

Answer 1

我可以用上述两种方法成功解决此问题。这是我的解决方案：

方法＃1.将XML密钥转换为ASN.1 DER格式使用256字节密钥（2048位）与此链接一起工作。 https://github.com/meinside/iphonelib/blob/master/security/CryptoUtil.m#L67

方法＃2能成功地与RSA加密对象（参考：Generate Public Key From Modulus & Exponent on iOS using OpenSSL）用下面的代码创建的：

`的NSString * MOD = @“yLgpOFtg14GjDdle0xha2JCbYrpmKCpXcv + zFx2pi6OlIF8cOSXF6dE19W15 + WfuCc2SznVQlVDOLp/NlPGLXKN5L47XYQrPpcls8/xp2PYYW7hjezx7Ig6 + WDJnUxSbWgxZQMaiyO1XbCKll5yT2AxUj4od/DfylsVe8ljq154rEb + vCjr/LDpxExijHouJYDNqFV1jglWHWfftBQAzEZADPx7NpHsgXSYrFeVY/WH38GIlyO8FvGWIuDiwyRrHUEXhljmBqAJ3lgULyik3ShfjpN1W4h7BbzFs27mpiAPMtPgToADPNzOadRWFJQjeVVknIq5g6SHHnaZK8wBwrQ ==“;

NSString * exp = @“AQAB”;

NSData *modBits = [[NSData alloc] initWithBase64EncodedString:mod options:NSDataBase64DecodingIgnoreUnknownCharacters]; 
NSData *expBits = [[NSData alloc] initWithBase64EncodedString:exp options:NSDataBase64DecodingIgnoreUnknownCharacters]; 

unsigned char *modBin = (unsigned char *)malloc(modBits.length); 
[modBits getBytes:modBin length:modBits.length]; 

unsigned char *expBin = (unsigned char *)malloc(expBits.length); 
[expBits getBytes:expBin length:expBits.length]; 


BIGNUM *returnValue = BN_new(); 
BIGNUM *modulus = BN_bin2bn(modBin, modBits.length, returnValue); 
BIGNUM *exponent = BN_bin2bn(expBin, expBits.length, NULL); 

RSA *rsa = RSA_new(); 
rsa->n = BN_new(); 
BN_copy(rsa->n,modulus); 
rsa->e = BN_new(); 
BN_copy(rsa->e,exponent); 
rsa->iqmp=NULL; 
rsa->d=NULL; 
rsa->p=NULL; 
rsa->q=NULL; 


unsigned char *orgTxt = (unsigned char*)strdup("Hello World"); 

int lenrsa = RSA_size(rsa) - 11; // man RSA_public_encrypt for the -11 

unsigned char *encrText = (unsigned char *)malloc(lenrsa); 
int result = RSA_public_encrypt(strlen((const char*)orgTxt), orgTxt, encrText, rsa,RSA_PKCS1_PADDING); 

Be sure of the glen param of RSA_public_encrypt API, it depends on the padding used.人RSA_public_encrypt`了解更多详情。