输出 SecKeyCopyExternalRepresentation
Output SecKeyCopyExternalRepresentation
我试图将 public 密钥从我的 iPhone 传递给其他方,但是我无法使用 iOS.
的输出
let parameters: [String: Any] = [
kSecAttrKeySizeInBits as String: 384,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: false
]
]
var error: Unmanaged<CFError>?
let privateKey = SecKeyCreateRandomKey(parameters as CFDictionary, &error)
let publicKey = SecKeyCopyPublicKey(privateKey!)
let pub = SecKeyCopyExternalRepresentation(publicKey!, &error)
let pubData = pub as Data?
print(pubData!.base64EncodedString())
示例输出:
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
在python(我的第二方所在的地方)我有以下内容:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
pub_key = serialisation.load_pem_public_key(
data=xcode_data.encode(),
backend=default_backend()
)
我得到的错误是ValueError: Could not deserialize key data.
那么 SecKeyCopyExternalRepresentation 的输出到底是什么,如文档所述:
The method returns data in the PCKS #1 format for an RSA key. For an elliptic curve public key, the format follows the ANSI X9.63 standard using a byte string of 04 || X || Y. For an elliptic curve private key, the output is formatted as the public key concatenated with the big endian encoding of the secret scalar, or 04 || X || Y || K. All of these representations use constant size integers, including leading zeros as needed.
如何描述 X6.93 格式?我该如何将它转换成我可以在 python 代码中使用的东西?
P.S。我尝试将 headers 添加到 xcode 输出中,例如 -----BEGIN PUBLIC KEY-----。
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
密钥似乎格式不正确。
这似乎是一个 EC 密钥。我怀疑是 public 详细描述为 04 || X || Y,但我可能错了。你知道key结束在哪个字段吗?该字段告诉您 X 和 Y.
中有多少字节
$ cat key.dat
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
$ base64 -d key.dat | hexdump -C
00000000 04 94 82 66 d0 5a b5 dd 81 60 41 ed c8 b0 74 a9 |...f.Z...`A...t.|
00000010 36 4d 96 98 4a 7f 76 53 18 8e 8d 91 ed dd 4b 12 |6M..J.vS......K.|
00000020 03 a7 23 fd 15 63 19 6c 6d 33 71 d2 17 58 43 72 |..#..c.lm3q..XCr|
00000030 9d db 24 7f 15 74 36 8f f2 cf 7e bd 9e 02 f6 10 |..$..t6...~.....|
00000040 76 58 c3 a8 20 37 2b 0e 9d 9e 48 41 23 ce 2c 51 |vX.. 7+...HA#.,Q|
00000050 65 e3 89 b5 68 09 34 a3 43 5d 69 15 d3 54 0c f8 |e...h.4.C]i..T..|
00000060 8d |.|
00000061
我还没有完全找到问题的答案,因为我仍然不知道 Apple 提供的输出到底是什么,但是,我想出了一个在 this key import export manager.[=24= 中找到的解决方案]
let parameters: [String: Any] = [
kSecAttrKeySizeInBits as String: 384,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: false
]
]
var pubKey: SecKey?
var priKey: SecKey?
var error: Unmanaged<CFError>?
let keyPair = SecKeyGeneratePair(parameters as CFDictionary, &pubKey, &priKey)
let publicKeyData = SecKeyCopyExternalRepresentation(pubKey!, &error)
// Code from the library
let ieManager = CryptoExportImportManager()
if let exportPEM = ieManager.exportPublicKeyToPEM(publicKeyData as Data!, keyType: kSecAttrKeyTypeEC as String, keySize: 384) {
print(exportPEM)
} else {
print("Error exporting to PEM")
}
示例输出:
Exporting EC raw key: 97 bytes -----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFpCnTrJFQq0mZBvy+vzl9noKLZ4/s1cf I6hygug6s8dvBreMhabAcAbbhSa1losjCxV450nq92W9ZymonYasaAuhshDWjmvx 2qTXHEpVEVb9GawqX6XqpWtIBf+meHKS -----END PUBLIC KEY-----
在pythonusing cryptography
中实施
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
xcode = '-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFpCnTrJFQq0mZBvy+vzl9noKLZ4/s1cf\nI6hygug6s8dvBreMhabAcAbbhSa1losjCxV450nq92W9ZymonYasaAuhshDWjmvx2\nqTXHEpVEVb9GawqX6XqpWtIBf+meHKS\n-----END PUBLIC KEY-----'
pub_key = serialization.load_pem_public_key(xcode.encode(), default_backend())
xcode
输出如下:
<cryptography.hazmat.backends.openssl.ec._EllipticCurvePublicKey object at 0x7fb4f6f50e10>
请注意,您必须自己在 python 中添加新行才能使这一切正常工作。
更新
ECC 密钥的 SecKeyCopyExternalRepresentation 输出是密钥的 X9.62 或 X9.63 格式(未压缩形式)。这与 DER 和 PEM 编码有很大不同。
public 密钥的编码为 04 || X || Y,私钥的编码为 04 || X || Y || K。 04 是此格式的固定字节。 X、Y 和可选的 K 值是定义此键曲线的点或坐标。关于 here.
的更多信息
不会用第三方的我会提供答案
输出格式为04 || X||是 [|| K] 没有许多外部系统期望的 EC header 标识符。将它导出到其他平台时,您需要添加 header。这是一个例子:
let fullKeyData = CFDataCreateMutable(kCFAllocatorDefault, CFIndex(0))
if fullKeyData != nil
{
//Fixed schema header per key size in bits
//var headerBytes256r1: [UInt8] = [0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00] //uncomment if you use 256 bit EC keys
var header384r1: [UInt8] = [0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00] //384 bit EC keys
//var header521r1: [UInt8] = [0x30, 0x81, 0x9B, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, 0x00] // For 521 bit EC keys
let headerSize = CFIndex(header384r1.count)
CFDataAppendBytes(fullKeyData, &header384r1, headerSize)
CFDataAppendBytes(fullKeyData, CFDataGetBytePtr(pub), CFDataGetLength(pub)) //pub = data you got from SecKeyCopyExternalRepresentation
var pem = ""
//pem.append("-----BEGIN PUBLIC KEY-----\n") //uncomment if needed
pem.append((fullKeyData as Data?)?.base64EncodedString() ?? "")
//pem.append("\n-----END PUBLIC KEY-----\n") //uncomment if needed
//do something with pem
}
我试图将 public 密钥从我的 iPhone 传递给其他方,但是我无法使用 iOS.
的输出let parameters: [String: Any] = [
kSecAttrKeySizeInBits as String: 384,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: false
]
]
var error: Unmanaged<CFError>?
let privateKey = SecKeyCreateRandomKey(parameters as CFDictionary, &error)
let publicKey = SecKeyCopyPublicKey(privateKey!)
let pub = SecKeyCopyExternalRepresentation(publicKey!, &error)
let pubData = pub as Data?
print(pubData!.base64EncodedString())
示例输出:
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
在python(我的第二方所在的地方)我有以下内容:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
pub_key = serialisation.load_pem_public_key(
data=xcode_data.encode(),
backend=default_backend()
)
我得到的错误是ValueError: Could not deserialize key data.
那么 SecKeyCopyExternalRepresentation 的输出到底是什么,如文档所述:
The method returns data in the PCKS #1 format for an RSA key. For an elliptic curve public key, the format follows the ANSI X9.63 standard using a byte string of 04 || X || Y. For an elliptic curve private key, the output is formatted as the public key concatenated with the big endian encoding of the secret scalar, or 04 || X || Y || K. All of these representations use constant size integers, including leading zeros as needed.
如何描述 X6.93 格式?我该如何将它转换成我可以在 python 代码中使用的东西?
P.S。我尝试将 headers 添加到 xcode 输出中,例如 -----BEGIN PUBLIC KEY-----。
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
密钥似乎格式不正确。
这似乎是一个 EC 密钥。我怀疑是 public 详细描述为 04 || X || Y,但我可能错了。你知道key结束在哪个字段吗?该字段告诉您 X 和 Y.
$ cat key.dat
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
$ base64 -d key.dat | hexdump -C
00000000 04 94 82 66 d0 5a b5 dd 81 60 41 ed c8 b0 74 a9 |...f.Z...`A...t.|
00000010 36 4d 96 98 4a 7f 76 53 18 8e 8d 91 ed dd 4b 12 |6M..J.vS......K.|
00000020 03 a7 23 fd 15 63 19 6c 6d 33 71 d2 17 58 43 72 |..#..c.lm3q..XCr|
00000030 9d db 24 7f 15 74 36 8f f2 cf 7e bd 9e 02 f6 10 |..$..t6...~.....|
00000040 76 58 c3 a8 20 37 2b 0e 9d 9e 48 41 23 ce 2c 51 |vX.. 7+...HA#.,Q|
00000050 65 e3 89 b5 68 09 34 a3 43 5d 69 15 d3 54 0c f8 |e...h.4.C]i..T..|
00000060 8d |.|
00000061
我还没有完全找到问题的答案,因为我仍然不知道 Apple 提供的输出到底是什么,但是,我想出了一个在 this key import export manager.[=24= 中找到的解决方案]
let parameters: [String: Any] = [
kSecAttrKeySizeInBits as String: 384,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: false
]
]
var pubKey: SecKey?
var priKey: SecKey?
var error: Unmanaged<CFError>?
let keyPair = SecKeyGeneratePair(parameters as CFDictionary, &pubKey, &priKey)
let publicKeyData = SecKeyCopyExternalRepresentation(pubKey!, &error)
// Code from the library
let ieManager = CryptoExportImportManager()
if let exportPEM = ieManager.exportPublicKeyToPEM(publicKeyData as Data!, keyType: kSecAttrKeyTypeEC as String, keySize: 384) {
print(exportPEM)
} else {
print("Error exporting to PEM")
}
示例输出:
Exporting EC raw key: 97 bytes -----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFpCnTrJFQq0mZBvy+vzl9noKLZ4/s1cf I6hygug6s8dvBreMhabAcAbbhSa1losjCxV450nq92W9ZymonYasaAuhshDWjmvx 2qTXHEpVEVb9GawqX6XqpWtIBf+meHKS -----END PUBLIC KEY-----
在pythonusing cryptography
中实施from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
xcode = '-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFpCnTrJFQq0mZBvy+vzl9noKLZ4/s1cf\nI6hygug6s8dvBreMhabAcAbbhSa1losjCxV450nq92W9ZymonYasaAuhshDWjmvx2\nqTXHEpVEVb9GawqX6XqpWtIBf+meHKS\n-----END PUBLIC KEY-----'
pub_key = serialization.load_pem_public_key(xcode.encode(), default_backend())
xcode
输出如下:
<cryptography.hazmat.backends.openssl.ec._EllipticCurvePublicKey object at 0x7fb4f6f50e10>
请注意,您必须自己在 python 中添加新行才能使这一切正常工作。
更新
ECC 密钥的 SecKeyCopyExternalRepresentation 输出是密钥的 X9.62 或 X9.63 格式(未压缩形式)。这与 DER 和 PEM 编码有很大不同。
public 密钥的编码为 04 || X || Y,私钥的编码为 04 || X || Y || K。 04 是此格式的固定字节。 X、Y 和可选的 K 值是定义此键曲线的点或坐标。关于 here.
不会用第三方的我会提供答案
输出格式为04 || X||是 [|| K] 没有许多外部系统期望的 EC header 标识符。将它导出到其他平台时,您需要添加 header。这是一个例子:
let fullKeyData = CFDataCreateMutable(kCFAllocatorDefault, CFIndex(0))
if fullKeyData != nil
{
//Fixed schema header per key size in bits
//var headerBytes256r1: [UInt8] = [0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00] //uncomment if you use 256 bit EC keys
var header384r1: [UInt8] = [0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00] //384 bit EC keys
//var header521r1: [UInt8] = [0x30, 0x81, 0x9B, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, 0x00] // For 521 bit EC keys
let headerSize = CFIndex(header384r1.count)
CFDataAppendBytes(fullKeyData, &header384r1, headerSize)
CFDataAppendBytes(fullKeyData, CFDataGetBytePtr(pub), CFDataGetLength(pub)) //pub = data you got from SecKeyCopyExternalRepresentation
var pem = ""
//pem.append("-----BEGIN PUBLIC KEY-----\n") //uncomment if needed
pem.append((fullKeyData as Data?)?.base64EncodedString() ?? "")
//pem.append("\n-----END PUBLIC KEY-----\n") //uncomment if needed
//do something with pem
}