在iOS / Swift中创建并导出为Java无法识别的base64的RSA公钥
作者:互联网
TL; DR:无法识别在iOS中生成并存储在钥匙串中,作为base64导出并发送到Java后端的RSA公钥.
我正在iOS应用程序中实现聊天加密功能,并且使用对称非对称密钥来处理它.
无需赘述,在后端,我使用用户的公共密钥来加密用于加密和解密消息的对称密钥.
我分别在Swift和Java(后端)中创建了两个框架来处理密钥生成,加密,解密等.我也对它们进行了测试,因此我100%都能按预期工作.
但是,后端似乎无法识别从iOS传递的公钥格式.双方都使用RSA,这是我在Swift中用于生成密钥的代码:
// private key parameters
static let privateKeyParams: [String : Any] = [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: "..." // I have a proper unique tag here
]
// public key parameters
static let publicKeyParams: [String : Any] = [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: "..." // I have a proper unique tag here
]
// global parameters for our key generation
static let keyCreationParameters: [String : Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits as String: 2048,
kSecPublicKeyAttrs as String: publicKeyParams,
kSecPrivateKeyAttrs as String: privateKeyParams
]
...
var publicKey, privateKey: SecKey?
let status = SecKeyGeneratePair(Constants.keyCreationParameters as CFDictionary, &publicKey, &privateKey)
我使用镜面代码从钥匙串中读取钥匙.
这是我用来将公钥导出为base64字符串的代码:
extension SecKey {
func asBase64() throws -> String {
var dataPtr: CFTypeRef?
let query: [String:Any] = [
kSecClass as String: kSecClassKey,
kSecAttrApplicationTag as String: "...", // Same unique tag here
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecReturnData as String: kCFBooleanTrue
]
let result = SecItemCopyMatching(query as CFDictionary, &dataPtr)
switch (result, dataPtr) {
case (errSecSuccess, .some(let data)):
// convert to Base64 string
let base64PublicKey = data.base64EncodedString(options: [])
return base64PublicKey
default:
throw CryptoError.keyConversionError
}
}
}
在后端级别,我使用以下Java代码将base64字符串转换为公钥:
public PublicKey publicKeyFrom(String data) throws NoSuchAlgorithmException, InvalidKeySpecException {
byte[] publicBytes = Base64.decodeBase64(data);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(keySpec);
}
但这在最后一行失败,但有以下例外:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: algid parse error, not a sequence
在进行一些手动调试时,我注意到公钥的格式是不同的-当我在iOS中生成密钥然后导出为base 64时,它看起来像这样:
MIIBCgKCAQEA4M/bRDdH0f6qFIXxOg13RHka+g4Yv8u9PpPp1IR6pSwrM1aq8B6cyKRwnLe/MOkvODvDfJzvGXGQ01zSTxYWAW1B4uc/NCEemCmZqMosSB/VUJdNxxWtt2hJxpz06hAawqV+6HmweAB2dUn9tDEsQLsNHdwYouOKpyRZGimcF9qRFn1RjR0Q54sUh1tQAj/EwmgY2S2bI5TqtZnZw7X7Waji7wWi6Gz88IkuzLAzB9VBNDeV1cfJFiWsZ/MIixSvhpW3dMNCrJShvBouIG8nS+vykBlbFVRGy3gJr8+OcmIq5vuHVhqrWwHNOs+WR87K/qTFO/CB7MiyiIV1b1x5DQIDAQAB
总共有360个字符,而在Java中(仍然使用RSA)做同样的事情,就像:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAAnWO4BXUGP0qM3Op36YXkWNxb4I2pPZuZ7jJtfUO7v+IO1mq43WzNaxLqqLPkTnMrv2ACRDK55vin+leQlL1z0LzVxjtZ9F6pajQo1r7PqBlL5N8bzBFKpagEf0QfyHPw0/0kG9DMnvQ+Im881QyN2zdl33wp5Fi+jRT7cunFQIDAQAB
长度为216个字符.
我无法弄清楚出了什么问题-如果iOS处理其他密钥中的密钥,并且需要进行特殊处理才能与其他人交谈,那么我显然不会感到惊讶.
任何想法?
解决方法:
Java需要以DER格式编码的公共密钥.不幸的是,iOS不支持此标准格式,因此需要进行额外的转换(我不知道在最新版本的swift中是否会有所改善)
查看我的答案here您可以使用CryptoExportImportManager转换密钥
func exportPublicKeyToDER(keyId:String) -> NSData?{
let publicKey = loadKeyStringFromKeyChainAsNSData(PUBLIC_KEY + keyId)
let keyType = kSecAttrKeyTypeRSA
let keySize = 2048
let exportImportManager = CryptoExportImportManager()
if let exportableDERKey = exportImportManager.exportPublicKeyToDER(publicKey, keyType: keyType as String, keySize: keySize) {
return exportableDERKey
} else {
return nil
}
}
标签:swift,rsa,public-key,ios,java 来源: https://codeday.me/bug/20191108/2007288.html