views:

244

answers:

0

I have a situation where we have some server side data that is generated with a ruby script. That data is signed using the Ruby OpenSSL module like so:

def sign_string(string)
  Base64.encode64(@private_key.sign(OpenSSL::Digest::SHA1.new, string));
end

That data eventually ends up on an iPhone, where I would like to verify it using the signature. Preferably I would like to verify it using the system Security.framework, since if I include crypto code of my own (like an embedded copy of OpenSSL) I will need to deal with export issues etc.

Imagine I have some PEM file containing an RSA public key I can securely transmit to the iPhone. How do I get that key into a form I can use to verify the signature generated by the above Ruby code using Security.framework on the iPhone. I am comfortable with transforming the data in that PEM on the device or before it is transmitted to the device.

Note:

I know the phone can import .p12 files, but in my experience the phone fails to import PKCS#12 data if there is not an included private key, which is a common issue with many PKCS#12 implementations.

The only other way to send a key to the phone seems to be using an undocumented opaque data object you get by asking a key generated on the phone for its data, though it looks like that data may be some sort of DER encoded representation of the key.