iPhone: How to create a SecKeyRef from a public key file (PEM)

Question

In order to send and receive encrypted messages from/to the iPhone I need to read a public key (server's public key) PEM file and create a SecKeyRef (later I could even store it on the keychain in order not to create it again).

This is my current workflow:

1. On the server: Create a P12 file with the user's certificate and private key. Store the user's public key on the server's keychain.
2. On the iPhone: Retrieve the P12 file from the server, use the password to open it and store the private key on the keychain.
3. On the iPhone: Retrieve a PEM file with the server's public key from the server. Create a SecKeyRef and store it on the keychain
4. On the iPhone: use both keys to send/receive encrypted messages to/from the server.
5. Live happily ever after.

I'm having problems with 3, as I cannot create a SecKeyRef from the PEM file data. I cannot find any documentation on how to do it, Did anybody had the same problem? Any hints? As I cannot find any code examples or documentation on this it feels that I'm doing something wrong...

thanks!

Answer 1

You should be able to interpret a DER encoded pem and get a cert using SecCertificateCreateWithData() from which you can then extract a key;

NSData *myCertData = ....;

SecCertificateRef cert = SecCertificateCreateWithData (kCFAllocatorDefault, myCertData); 
CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &cert, 1, NULL); 

SecTrustRef trust;
SecTrustCreateWithCertificates(certs, policy, &trust);
SecTrustResultType trustResult;
SecTrustEvaluate(trust, &trustResult);
SecKeyRef pub_key_leaf = SecTrustCopyPublicKey(trust);

Answer 2

I'm having an important headache dealing with RSA... sorry to bother you... but i've got a really basic question.

How do you manage to create a certificate ???.

I need to send data from the iPhone to a backend, encrypted (only in that direction). So... i need to generate a private key, plus a public key.

As far as i understand, the process is easier if the public key is stored within a certificate. (Since the import process 'is easy').

But i've got no idea how to generate the keys.

Any help will be very welcome.

Thank you!

Answer 3

To Jorge Leandro Perez

From apple documentation,

static const UInt8 publicKeyIdentifier[] = "com.apple.sample.publickey\0"; static const UInt8 privateKeyIdentifier[] = "com.apple.sample.privatekey\0";

OSStatus status = noErr; NSMutableDictionary *privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary *publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary *keyPairAttr = [[NSMutableDictionary alloc] init];

NSData * publicTag = [NSData dataWithBytes:publicKeyIdentifier

length:strlen((const char *)publicKeyIdentifier)];
NSData * privateTag = [NSData dataWithBytes:privateKeyIdentifier length:strlen((const char *)privateKeyIdentifier)];
SecKeyRef publicKey = NULL;
SecKeyRef privateKey = NULL;
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecAttrIsPermanent]; [privateKeyAttr setObject:privateTag forKey:(id)kSecAttrApplicationTag]; [publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecAttrIsPermanent]; // 9 [publicKeyAttr setObject:publicTag forKey:(id)kSecAttrApplicationTag]; //

[keyPairAttr setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType]; [keyPairAttr setObject:[NSNumber numberWithInt:1024] forKey:(id)kSecAttrKeySizeInBits]; [keyPairAttr setObject:privateKeyAttr forKey:(id)kSecPrivateKeyAttrs]; [keyPairAttr setObject:publicKeyAttr forKey:(id)kSecPublicKeyAttrs];

status = SecKeyGeneratePair((CFDictionaryRef)keyPairAttr, &publicKey,

&privateKey);