Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Saving SecKeyRef device generated public/private key pair on disk

I've generated an RSA symmetric key pair on a device using SecKeyGeneratePair() on a device. I have SecKeyRef struct pointers for each key. So, how do I save a SecKeyRef to disk? Or even transmit it (I also imagine there are issues with correct encoding too)? Apple's 'Certificate, Key, and Trust Services' Guide notes

You can send your public key to anyone, who can then use it to encrypt data.

I'd like to save the private key especially; so I can use it on deployed devices to decrypt data encrypted with the public key.

P.S. I don't mind if the resulting data for each key is DER-encoded ASN.1 or base-64; I just need to figure out how to pull the key out of a SecKeyRef. I'm also well-aware of the non-existence of OS X's SecKeychainItemExport().

like image 577
Alan Zeino Avatar asked May 13 '11 07:05

Alan Zeino


People also ask

How do I save a public and private key?

Go to Properties (Ctrl+P) -> Destination -> SFTP -> Edit configuration. Under Private key section, select Key file. Press Create key pair button. Type a name for the private key file and press Save.

What is public private key pairing?

Public and Private key pair helps to encrypt information that ensures data is protected during transmission. Private Key and public key are a part of encryption that encodes the information. Both keys work in two encryption systems called symmetric and asymmetric.

Can you generate private key from public key?

You cannot generate private key from public key but you can generate public key from the private key using puttygen. As @alfasin mentioned if you could generate the private key from public key then RSA would be useless and this would make you vulnerable to attack.


2 Answers

Ah, found the answer myself; you can get the bytes for a public key using SecItemCopyMatching().

- (NSData *)getPublicKeyBits {
    OSStatus sanityCheck = noErr;
    NSData * publicKeyBits = nil;

    NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];

    // Set the public key query dictionary.
    [queryPublicKey setObject:(id)kSecClassKey forKey:(id)kSecClass];
    [queryPublicKey setObject:publicTag forKey:(id)kSecAttrApplicationTag];
    [queryPublicKey setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
    [queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnData];

    // Get the key bits.
    sanityCheck = SecItemCopyMatching((CFDictionaryRef)queryPublicKey, (CFTypeRef *)&publicKeyBits);

    if (sanityCheck != noErr)
    {
        publicKeyBits = nil;
    }

    [queryPublicKey release];

    return publicKeyBits;
}

The above is from Apple's CryptoExercise. Not sure if it works for private keys though.

like image 100
Alan Zeino Avatar answered Sep 30 '22 21:09

Alan Zeino


You can use the latest crypto API of iOS, You can save the key as NSData and retrieve the key from NSData

SecKeyRef key = <# a key #>;
CFErrorRef error = NULL;
NSData* keyData = (NSData*)CFBridgingRelease(  // ARC takes ownership
                       SecKeyCopyExternalRepresentation(key, &error)
                   );
if (!keyData) {
    NSError *err = CFBridgingRelease(error);  // ARC takes ownership
    // Handle the error. . .
}

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_as_data?language=objc

like image 39
ShivaPrasad Avatar answered Sep 30 '22 22:09

ShivaPrasad