iOS: SecRSAPublicKeyCopyPublicSerialization?

Question

I'm trying to pin a public key. I have a SecKeyRef, and I want to serialize it with SecRSAPublicKeyCopyPublicSerialization. SecRSAPublicKeyCopyPublicSerialization will serialize in PKCS#1 (i.e., SubjectPublicKeyInfo), and the function is documented at http://www.opensource.apple.com/source/Security/Security-55163.44/sec/Security/SecRSAKey.c.

PKCS#1 is an ASN.1 encoding of the public key (i.e., SubjectPublicKeyInfo). That format is fine for pinning. For those who are not familiar, pinning is a whitelist of expected certificates or public keys for a host. They are usually interchangeable when identifying a host, but there are occasions where they are not. For example, Google's public keys are static (fixed), but Google rotates the 'outer' X509 certificate. In this case, you would pin the public key, and not the certificate.

What are the proper headers and frameworks for SecRSAPublicKeyCopyPublicSerialization? I have included Security.framework, but the declaration for SecRSAPublicKeyCopyPublicSerialization is missing, and the function is missing during link. I did try to include SecRSAKey.h.

Sorry about the crummy tags.

Jeff

Answer 1

static OSStatus SecRSAPublicKeyCopyPublicSerialization(SecKeyRef key, CFDataRef* serialized)

is a static function used by the Security Framework internally, and you cannot call this function from outside the framework.

Have a look at SecItemExport. This function can convert a SecKeyRef to different external representations.

Update: I had missed the ios tag in the question. SecItemExport is available only on OSX 10.7 and later, but not on iOS.

On iOS, (I think) you have to add the key to the KeyChain (SecItemAdd) and then use SecItemCopyMatching() (with kSecReturnData set to YES) to retrieve the raw data.

The getPublicKeyRef method in SecKeyWrapper.m of the "CryptoExercise" sample project might help.