2011-06-26 84 views
0

我有用Java創建的鍵。私鑰是在PEM字符串中加密的PKCS#8。如何使用加密密鑰在iOS下簽名字符串?

下面是使用與M2Crypto私鑰在Python的例子:

from M2Crypto import EVP, BIO 
privpem = "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIICoTAbBgoqhkiG9w0BDAEDMA0ECFavEvdkv3fEAgEUBIICgAWvHvH6OktLiaaqo9v+X6XEuY3M\nZr465VmZWzP9nsbTqwSKQQjseiD/rWAxK7RS+V+hit5ZxlNRAUbkg0kwl8SRNX3v6q8noJtcB0OY\ndBEuNJDmWHMHh8qcnfRYc9WXPPmWdjQM2AkfZNfNOxHVlOMhancScy6P4h3Flri9VyUE8w2/zZqK\nBAd2w39V7gprCQXnnNenNuvr4p8MjsdBm8jh00o2HJzN0I6u+9s7M3qLXxwxNepptgU6Qt6eKHi6\njpsV/musVaohLhFMFAzQ87FeGvz/W8dyS9BtAKMRSuDu/QdWIJMRNKkPT0Tt1243V3tzXVXLjz0u\nm/FX6kfxL8r+eGtTr6NKTG75TJfooQzN/v08OEbmvYD/mfptmZ7uKezOGxDmgynn1Au7T/OxKFhx\nWZHpb9OFPIU0uiriUeyY9sbDVJ054zQ/Zd5+iaIjX5RsLoB4J+pfr4HuiVIZVj+Ss2rnPsOY3SjM\ntbHIFp/fLr/HODcDA5eYADRGpBIL9//Ejgzd7OqpU0mdajzZHcMTjeXfWB0cc769bFyHb3Ju1zNO\ng4gNN1H1kOMAXMF7p6r25f6v1BRS6bQyyiFz7Hs7h7JBylbBAgQJgZvv9Ea3XTMy+DIPMdepqu9M\nXazmmYJCtdLAfLBybWsfSBU5K6Pm6+Bwt6mPsuvYQBrP3h84BDRlbkntxUgaWmTB4dkmzhMS3gsY\nWmHGb1N+rn7xLoA70a3U/dUlI7lPkWBx9Sz7n8JlH3cM6jJUmUbmbAgHiyQkZ2mf6qo9qlnhOLvl\nFiG6AY+wpu4mzM6a4BiGMNG9D5rnNyD16K+p41LsliI/M5C36PKeMQbwjJKjmlmWDX0=\n-----END ENCRYPTED PRIVATE KEY-----\n" 

msg = "This is a message." 
privkeybio = BIO.MemoryBuffer(privpem) 
privkey = EVP.load_key_bio(privkeybio) #pw: 123456 
privkey.sign_init() 
privkey.sign_update(msg) 
print privkey.sign_final().encode('base64') 

這裏是例子我如何在Java中使用PEM(帶頁眉和頁腳剝去):

String msg = "This is a message."; 
String privpem = "MIICoTAbBgoqhkiG9w0BDAEDMA0ECFavEvdkv3fEAgEUBIICgAWvHvH6OktLiaaqo9v+X6XEuY3M\nZr465VmZWzP9nsbTqwSKQQjseiD/rWAxK7RS+V+hit5ZxlNRAUbkg0kwl8SRNX3v6q8noJtcB0OY\ndBEuNJDmWHMHh8qcnfRYc9WXPPmWdjQM2AkfZNfNOxHVlOMhancScy6P4h3Flri9VyUE8w2/zZqK\nBAd2w39V7gprCQXnnNenNuvr4p8MjsdBm8jh00o2HJzN0I6u+9s7M3qLXxwxNepptgU6Qt6eKHi6\njpsV/musVaohLhFMFAzQ87FeGvz/W8dyS9BtAKMRSuDu/QdWIJMRNKkPT0Tt1243V3tzXVXLjz0u\nm/FX6kfxL8r+eGtTr6NKTG75TJfooQzN/v08OEbmvYD/mfptmZ7uKezOGxDmgynn1Au7T/OxKFhx\nWZHpb9OFPIU0uiriUeyY9sbDVJ054zQ/Zd5+iaIjX5RsLoB4J+pfr4HuiVIZVj+Ss2rnPsOY3SjM\ntbHIFp/fLr/HODcDA5eYADRGpBIL9//Ejgzd7OqpU0mdajzZHcMTjeXfWB0cc769bFyHb3Ju1zNO\ng4gNN1H1kOMAXMF7p6r25f6v1BRS6bQyyiFz7Hs7h7JBylbBAgQJgZvv9Ea3XTMy+DIPMdepqu9M\nXazmmYJCtdLAfLBybWsfSBU5K6Pm6+Bwt6mPsuvYQBrP3h84BDRlbkntxUgaWmTB4dkmzhMS3gsY\nWmHGb1N+rn7xLoA70a3U/dUlI7lPkWBx9Sz7n8JlH3cM6jJUmUbmbAgHiyQkZ2mf6qo9qlnhOLvl\nFiG6AY+wpu4mzM6a4BiGMNG9D5rnNyD16K+p41LsliI/M5C36PKeMQbwjJKjmlmWDX0="; 
byte [] privkeybytes = Base64.decode(privpem); 

EncryptedPrivateKeyInfo encprivki = new EncryptedPrivateKeyInfo(privkeybytes); 

Cipher cipher = Cipher.getInstance(encprivki.getAlgName()); 
PBEKeySpec pbeKeySpec = new PBEKeySpec("123456".toCharArray()); 
SecretKeyFactory secFac = SecretKeyFactory.getInstance(encprivki.getAlgName()); 
Key pbeKey = secFac.generateSecret(pbeKeySpec); 
AlgorithmParameters algParams = encprivki.getAlgParameters(); 
cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams); 
KeySpec pkcs8KeySpec = encprivki.getKeySpec(cipher); 
KeyFactory kf = KeyFactory.getInstance("RSA"); 
PrivateKey pk = kf.generatePrivate(pkcs8KeySpec); 

Signature sig = Signature.getInstance("SHA1withRSA"); 
sig.initSign(pk); 
sig.update(msg.getBytes("UTF8")); 
byte[] signatureBytes = sig.sign(); 
String b = Base64.encodeBytes(signatureBytes, Base64.DO_BREAK_LINES); 
System.out.println(b); // Display the string. 

這將如何在iOS中完成?我已經看過CryptoExercise,特別是SecKeyWrapper,但是這裏有很多,而且超出了我的想象。

我不是親自去做iOS開發,但我需要一些代碼給開發者至少展示如何去做。開發人員更多的是UI類型,並不熟悉加密技術。 (我也不是,但那是一個不同的故事......)

雖然我們在這,如何驗證字符串公鑰PEM簽名?我不會把Java和Python的例子放在這裏,因爲它們非常簡單。

回答

0

上週我有同樣的問題。 iOS上的CommonCrypt庫對於對稱密鑰加密來說非常好,但是處理密鑰環執行簡單的公鑰事務太麻煩了。花了大約半小時的時間戳了一下之後,我只包含了OpenSSL。 OpenSSL-Xcode使這個微不足道的設置 - 只需放下項目和OpenSSL tarball,將您的目標設置爲與libssl鏈接,並且您很好。

OpenSSL代碼看起來幾乎與M2Crypto相同。

+0

看起來很有希望。你有可能發佈一些(僞)代碼嗎?我既不知道C也不知道Objective C,所以儘管看了一些文檔和一些在線的例子,但我並沒有那麼接近於「這裏是怎麼做」的例子。 –

相關問題