验证签名 Objective-C
Validate Signature Objective-C
我用 OpenSSL 创建了一个 EC public 密钥:
openssl ecparam -name prime256v1 -genkey -noout -out ec-key.pem
openssl ec -in ec-key.pem -pubout -out ecpubkey.pem
如何导入它 (ecpubkey.pem) 并在我的 objective-c 代码中使用它来验证签名?
在 iOS 中使用 EC 密钥的一种方法是使用第 3 方库 GMEllipticCurveCrypto:https://github.com/ricmoo/GMEllipticCurveCrypto。看看吧。
这对我有用:
使用 opens
创建密钥
openssl ecparam -name prime256v1 -genkey -noout -out ec-key.pem
使用openssl生成der编码证书:
openssl req -new -x509 -key ec-key.pem -outform der -out server.pem -days 730
签署内容
openssl dgst -sha256 -sign ec-key.pem content.txt > signature
然后加载证书
NSString *cerPath = [[NSBundle bundleForClass:[self class]] pathForResource:@"server" ofType:@"cer"];
NSData *cerData = [NSData dataWithContentsOfFile:cerPath];
SecCertificateRef certificate = SecCertificateCreateWithData(NULL, (CFDataRef)cerData);
正在从证书中提取 public 密钥
SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
SecTrustRef trust;
SecTrustCreateWithCertificates(certificate, secPolicy, &trust);
SecTrustResultType resultType;
SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
正在验证签名
uint8_t digest[CC_SHA256_DIGEST_LENGTH];
if (!CC_SHA256([content bytes], (CC_LONG)[content length], digest)) return NO;
OSStatus status = SecKeyRawVerify(publicKey,
kSecPaddingPKCS1,
digest,
CC_SHA256_DIGEST_LENGTH,
(uint8_t*)[signature bytes],
[signature length]);
return status == errSecSuccess;
我用 OpenSSL 创建了一个 EC public 密钥:
openssl ecparam -name prime256v1 -genkey -noout -out ec-key.pem
openssl ec -in ec-key.pem -pubout -out ecpubkey.pem
如何导入它 (ecpubkey.pem) 并在我的 objective-c 代码中使用它来验证签名?
在 iOS 中使用 EC 密钥的一种方法是使用第 3 方库 GMEllipticCurveCrypto:https://github.com/ricmoo/GMEllipticCurveCrypto。看看吧。
这对我有用: 使用 opens
创建密钥openssl ecparam -name prime256v1 -genkey -noout -out ec-key.pem
使用openssl生成der编码证书:
openssl req -new -x509 -key ec-key.pem -outform der -out server.pem -days 730
签署内容
openssl dgst -sha256 -sign ec-key.pem content.txt > signature
然后加载证书
NSString *cerPath = [[NSBundle bundleForClass:[self class]] pathForResource:@"server" ofType:@"cer"];
NSData *cerData = [NSData dataWithContentsOfFile:cerPath];
SecCertificateRef certificate = SecCertificateCreateWithData(NULL, (CFDataRef)cerData);
正在从证书中提取 public 密钥
SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
SecTrustRef trust;
SecTrustCreateWithCertificates(certificate, secPolicy, &trust);
SecTrustResultType resultType;
SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
正在验证签名
uint8_t digest[CC_SHA256_DIGEST_LENGTH];
if (!CC_SHA256([content bytes], (CC_LONG)[content length], digest)) return NO;
OSStatus status = SecKeyRawVerify(publicKey,
kSecPaddingPKCS1,
digest,
CC_SHA256_DIGEST_LENGTH,
(uint8_t*)[signature bytes],
[signature length]);
return status == errSecSuccess;