从 objective c 生成密钥并从 OpenSSL 签名创建 CSR

Generate Key from objective c and create CSR with signed from OpenSSL

我正在开发需要从 objective c 生成密钥的应用程序,如以下代码。

    - (NSData *) getKeyDataWithIdentifier
{
    NSData * keyBits = nil;
    NSMutableDictionary * keyQuery = [[NSMutableDictionary alloc] init];


[keyQuery setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
[keyQuery setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[keyQuery setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnData];
[keyQuery setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];

OSStatus sanityCheck = SecItemCopyMatching((CFDictionaryRef)keyQuery, (void *)&keyBits);

if (sanityCheck != noErr) {
    NSLog(@"Error: %d", (int)sanityCheck);
}

    return keyBits;
}

并使用 OpenSSL 签名创建 CSR。我完成了以下操作,但在此行上签名返回 0 ret = X509_REQ_sign(x509_req, pKey, EVP_sha512()); 以上一切都很好,但无法在此处签名 下面是我正在做的代码。

    - (void)genCSRX509ForRSA:(NSData *) keyData
{
    int             ret = 0;
    RSA             *rsa = NULL;

BIGNUM          *bne = NULL;

BN_GENCB        *bGen = NULL;

int             nVersion = 1;
int             bits = 2048;
unsigned long   e = RSA_F4;

X509_REQ        *x509_req = NULL;
X509_NAME       *x509_name = NULL;
EVP_PKEY        *pKey = NULL;
RSA             *tem = NULL;
BIO             *out = NULL, *bio_err = NULL;

const char      *szCountry = "US";
const char      *szProvince = "MU";
const char      *szCity = "Boston";
const char      *szOrganization = "MyOrg";
const char      *szCommon = "MO";

const char      *szPath = "x509Req.pem";

const unsigned char * bitsOfKeyData = (unsigned char *) [keyData bytes];
int lengthOfKeyData = [keyData length];

// 1. generate rsa key
bne = BN_new();
ret = BN_set_word(bne,e);
if(ret != 1){
    goto free_all;
}

rsa = RSA_new();

rsa = d2i_RSAPublicKey(&rsa, &bitsOfKeyData, lengthOfKeyData);


// 2. set version of x509 req
x509_req = X509_REQ_new();
ret = X509_REQ_set_version(x509_req, nVersion);
if (ret != 1){
    goto free_all;
}

// 3. set subject of x509 req
x509_name = X509_REQ_get_subject_name(x509_req);

ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0);
if (ret != 1){
    goto free_all;
}

ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0);
if (ret != 1){
    goto free_all;
}

ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0);
if (ret != 1){
    goto free_all;
}

ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0);
if (ret != 1){
    goto free_all;
}

ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0);
if (ret != 1){
    goto free_all;
}

// 4. set public key of x509 req
pKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pKey,rsa);
if(ret != 1){
    goto free_all;
}



ret = X509_REQ_set_pubkey(x509_req, pKey);
if (ret != 1){
    goto free_all;
}

// 5. set sign key of x509 req

ret = X509_REQ_sign(x509_req, pKey, EVP_sha512());    // return x509_req->signature->length
if (ret <= 0){
    goto free_all;
}

out = BIO_new_file(szPath,"w");
ret = PEM_write_bio_X509_REQ(out, x509_req);
X509_REQ_print_fp(stdout, x509_req);


[self createFileForPEM:x509_req];

//    PEM_write_X509_REQ(pemFile, certSigningRequest);
// 6. free
free_all:

    X509_REQ_free(x509_req);
    BIO_free_all(out);

    EVP_PKEY_free(pKey);
    BN_free(bne);

}

https://github.com/ateska/ios-csr (which is for RSA) but I converted to EC with 256 and also upload into Github 的帮助下,我终于完成了这项工作。 谢谢希望这也能帮助很多其他正在寻找这个的人。