获取iOS开发者证书的公钥和私钥

宝贝娜 發表於 2023-4-13 21:28:00

获取公钥
openssl x509 -in public.cer -inform DER -noout -pubkey
获取私钥
openssl pkcs12 -in privite.p12 -out private_key.pem -nodes -nocerts
<div class="cnblogs_code">
<pre>//
//Shared.m
//SignAndVerify
//
//Created by Ricci Adams on 2014-07-20.
//
//

#import "SignAndVerifyShared.h"
#import <CommonCrypto/CommonCrypto.h>
#import <Security/Security.h>

@interface Signer : NSObject

- (id)initWithContentsOfFile:(NSString *)path password:(NSString *)password tag:(NSString *)tag;

- (NSData *)signSHA1Hash:(NSData *)hash;
- (NSData *)signSHA256Hash:(NSData *)hash;

@end

@interface Verifier : NSObject

- (id)initWithContentsOfFile:(NSString *)path tag:(NSString *)tag;

- (BOOL)verifySHA1Hash:(NSData *)hash withSignature:(NSData *)signature;
- (BOOL)verifySHA256Hash:(NSData *)hash withSignature:(NSData *)signature;

@end

NSData *GetSHA1Hash(NSData *inData)
{
unsigned char digest;

CC_SHA1_CTX ctx;

CC_SHA1_Init(&ctx);
CC_SHA1_Update(&ctx, , (CC_LONG));
CC_SHA1_Final(digest, &ctx);

return [ initWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];
}

NSData *GetSHA256Hash(NSData *inData)
{
unsigned char digest;

CC_SHA256_CTX ctx;

CC_SHA256_Init(&ctx);
CC_SHA256_Update(&ctx, , (CC_LONG));
CC_SHA256_Final(digest, &ctx);

return [ initWithBytes:digest length:CC_SHA256_DIGEST_LENGTH];
}

NSString *GetHexStringWithData(NSData *data)
{
NSUInteger inLength= ;
unichar *outCharacters = malloc(sizeof(unichar) * (inLength * 2));

UInt8 *inBytes = (UInt8 *);
static const char lookup[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

NSUInteger i, o = 0;
for (i = 0; i < inLength; i++) {
 UInt8 inByte = inBytes;
 outCharacters = lookup[(inByte & 0xF0) >> 4];
 outCharacters = lookup[(inByte & 0x0F)];
}

return [ initWithCharactersNoCopy:outCharacters length:o freeWhenDone:YES];
}

NSData *GetDataWithHexString(NSString *inputString)
{
NSUInteger inLength = ;

unichar *inCharacters = alloca(sizeof(unichar) * inLength);
;

UInt8 *outBytes = malloc(sizeof(UInt8) * ((inLength / 2) + 1));

NSInteger i, o = 0;
UInt8 outByte = 0;
for (i = 0; i < inLength; i++) {
 UInt8 c = inCharacters;
 SInt8 value = -1;

 if (c >= '0' && c <= '9') value = (c - '0');
 else if (c >= 'A' && c <= 'F') value = 10 + (c - 'A');
 else if (c >= 'a' && c <= 'f') value = 10 + (c - 'a');

 if (value >= 0) {
 if (i % 2 == 1) {
 outBytes = (outByte << 4) | value;
 outByte = 0;
 } else {
 outByte = value;
 }

 } else {
 if (o != 0) break;
 }
}

return ;
}

NSString *DoTest(NSString *privateKeyPath, NSString *privateKeyPassword, NSString *publicKeyPath, NSString *textPath, NSString *resultsPath)
{
NSError*error;
NSString *contents = ;

NSCharacterSet *ws = ;

NSMutableArray *sha1Hashes = ;
NSMutableArray *sha256Hashes = ;

NSMutableArray *sha1Signatures = ;
NSMutableArray *sha256Signatures = ;

// For each line in input.txt, calculate the SHA1 and SHA256 of that line
for (NSString *line in ) {
 NSData *lineAsData = [ dataUsingEncoding:NSUTF8StringEncoding];
 if (!) continue;

 ;
 ;
}

// Now sign each hash
Signer *signer = [ initWithContentsOfFile:privateKeyPath password:privateKeyPassword tag:@"com.iccir.SignAndVerify.private-key"];

for (NSData *hash in sha1Hashes) {
 ];
}

for (NSData *hash in sha256Hashes) {
 ];
}

// If we have an existing results.txt, verify the hashes/signatures against it
if ([ fileExistsAtPath:resultsPath]) {
 NSString *existingResults = ;

 NSInteger i = 0;
 for (NSString *line in ) {
 NSArray *components = ;
 if ( != 4) continue;

 NSData *existingSHA1Hash = GetDataWithHexString(components[0]);
 NSData *existingSHA1Signature = GetDataWithHexString(components[1]);
 NSData *existingSHA256Hash = GetDataWithHexString(components[2]);
 NSData *existingSHA256Signature = GetDataWithHexString(components[3]);

 if (!]) {
 NSLog(@"SHA-1 Hash mismatch on line %ld", (long)i);
 }

 if (!]) {
 NSLog(@"SHA-256 Hash mismatch on line %ld", (long)i);
 }

 if (!]) {
 NSLog(@"SHA-1 Signature mismatch on line %ld", (long)i);
 }

 if (!]) {
 NSLog(@"SHA-256 Signature mismatch on line %ld", (long)i);
 }

 i++;
 }
}

// Verify the signatures with the Verifier and public key
 {
 Verifier *verifier = [ initWithContentsOfFile:publicKeyPath tag:@"com.iccir.SignAndVerify.public-key"];

 for (NSInteger i = 0; i < ; i++) {
 if (! withSignature:sha1Signatures]) {
 NSLog(@"OS X Verifier failed to verify line %ld", (long)i);
 }

 if (! withSignature:sha256Signatures]) {
 NSLog(@"OS X Verifier failed to verify line %ld", (long)i);
 }
 }
}

NSMutableString *results = ;

for (NSInteger i = 0; i < ; i++) {
 [results appendFormat:@"%@\t%@\t%@\t%@\n",
 GetHexStringWithData(sha1Hashes),
 GetHexStringWithData(sha1Signatures),
 GetHexStringWithData(sha256Hashes),
 GetHexStringWithData(sha256Signatures)];
}

return results;
}

#if TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR

#pragma mark - iOS Implementations

// From http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/
static NSData *sGetDataByStrippingHeader(NSData *data)
{
NSUInteger length = ;
if (!length) return nil;

const void *bytes = ;
NSUInteger index = 0;

UInt8 (^getByte)(NSUInteger) = ^(NSUInteger i) {
 UInt8 result = 0;

 if (i < length) {
 result = ((UInt8 *)bytes);
 }

 return result;
};

if (getByte(index++) != 0x30) {
 return nil;
}

if (getByte(index) > 0x80) {
 index += getByte(index) - 0x80 + 1;
} else {
 index++;
}

// PKCS #1 rsaEncryption szOID_RSA_RSA
static unsigned char seqiod[] = { 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00 };
if ((index + 15) >= length) {
 return nil;
}

if (memcmp(&bytes, seqiod, 15)) return nil;

index += 15;

if (getByte(index++) != 0x03) return nil;

if (getByte(index) > 0x80) {
 index += getByte(index) - 0x80 + 1;
} else {
 index++;
}

if (getByte(index++) != '\0') return nil;

// Now make a new NSData from this buffer
return (index < length) ? length:(length - index)] : nil;
}

static NSData *sExtractKey(NSString *inString)
{
NSArray *inLines = ;
NSMutableArray *outLines= ;
BOOL insideKey = NO;

for (NSString *line in inLines) {
 if (.location != NSNotFound) {
 if () {
 insideKey = YES;
 } else if () {
 insideKey = NO;
 }

 } else if (insideKey) {
 ;
 }
}

NSString *outString = ;

return [ initWithBase64EncodedString:outString options:NSDataBase64DecodingIgnoreUnknownCharacters];
}

@implementation Signer {
SecKeyRef _privateKey;
}

- (id)initWithContentsOfFile:(NSString *)path password:(NSString *)password tag:(NSString *)tag
{
if ((self = )) {
 _privateKey = ;

 if (!_privateKey) {
 self = nil;
 return self;
 }
}

return self;
}

- (SecKeyRef) _importPrivateKeyAtPath:(NSString *)keyPath password:(NSString *)password tag:(NSString *)tag CF_RETURNS_RETAINED
{
NSString *privateKeyPath = keyPath;
NSData *p12Data = ;
NSMutableDictionary *serverOption = ;
SecKeyRef privateKeyRef =NULL;
//change to the actual password you usedd here
;
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import((CFDataRef)p12Data, (CFDictionaryRef)serverOption, &items);
if (securityError == noErr && CFArrayGetCount(items) > 0) {
 CFDictionaryRef identityDict =CFArrayGetValueAtIndex(items, 0);
 SecIdentityRef identityApp=(SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
 securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);
 if (securityError != noErr) {
 privateKeyRef=NULL;
 }
}
CFRelease(items);
return privateKeyRef;
}

- (NSData *) _signHash:(NSData *)hash withPadding:(SecPadding)padding
{
size_t signatureLength = SecKeyGetBlockSize(_privateKey);
uint8_t *signatureBytes= malloc(signatureLength);

OSStatus err = SecKeyRawSign(_privateKey, padding, , , signatureBytes, &signatureLength);
NSData *result = nil;

if (err == errSecSuccess) {
 result = ;
}

free(signatureBytes);

return result;

}

- (NSData *) signSHA1Hash:(NSData *)hash
{
return ;
}

- (NSData *) signSHA256Hash:(NSData *)hash
{
return ;
}

@end

@implementation Verifier {
SecKeyRef _publicKey;
}

- (id) initWithContentsOfFile:(NSString *)path tag:(NSString *)tag
{
if ((self = )) {
 _publicKey = ;

 if (!_publicKey) {
 self = nil;
 return self;
 }
}

return self;
}

- (SecKeyRef) _importPublicKeyAtPath:(NSString *)keyPath tag:(NSString *)tag CF_RETURNS_RETAINED
{
NSError*error = nil;
NSString *contents= ;

NSData *keyData = sGetDataByStrippingHeader(sExtractKey(contents));

NSData *tagAsData = ;
OSStatuserr = 0;

NSMutableDictionary *publicKey = [ init];
;
;
;
SecItemDelete((__bridge CFDictionaryRef)publicKey);

;
;

err = SecItemAdd((__bridge CFDictionaryRef)publicKey, NULL);

if ((err != noErr) && (err != errSecDuplicateItem)) {
 return NULL;
}

// Now fetch the SecKeyRef version of the key
SecKeyRef keyRef = nil;

;
;

SecItemCopyMatching((__bridge CFDictionaryRef)publicKey, (CFTypeRef *)&keyRef);

return keyRef;
}

- (BOOL) verifySHA1Hash:(NSData *)hash withSignature:(NSData *)signature
{
OSStatus err = SecKeyRawVerify(_publicKey, kSecPaddingPKCS1SHA1, , , , );
return err == errSecSuccess;
}

- (BOOL) verifySHA256Hash:(NSData *)hash withSignature:(NSData *)signature
{
OSStatus err = SecKeyRawVerify(_publicKey, kSecPaddingPKCS1SHA256, , , , );
return err == errSecSuccess;
}

@end

#else

#pragma mark - OS X Implementations

@implementation Signer {
SecKeyRef _privateKey;
}

- (id) initWithContentsOfFile:(NSString *)path tag:(NSString *)tag
{
if ((self = )) {
 _privateKey = ;

 if (!_privateKey) {
 self = nil;
 return self;
 }
}

return self;
}

- (SecKeyRef) _importPrivateKeyAtPath:(NSString *)path tag:(NSString *)tag CF_RETURNS_RETAINED
{
NSData *data = ;

SecExternalFormat format = kSecFormatOpenSSL;
SecExternalItemType type = kSecItemTypePrivateKey;

CFArrayRef cfItems = NULL;
SecItemImport((__bridge CFDataRef)data, NULL, &format, &type, 0, NULL, NULL, &cfItems);

NSArray *result = cfItems ? CFBridgingRelease(cfItems) : NULL;
return (SecKeyRef) (result ? CFBridgingRetain() : nil);
}

- (NSData *) _signHash:(NSData *)hash digestType:(CFStringRef)digestType digestLength:(NSUInteger)digestLength
{
CFErrorRef error;
SecTransformRef signer = SecSignTransformCreate(_privateKey, &error);
CFTypeRef cfResult = NULL;

SecTransformSetAttribute(signer, kSecPaddingKey, kSecPaddingPKCS1Key, &error);
if (error) goto bail;

SecTransformSetAttribute(signer, kSecInputIsAttributeName, kSecInputIsDigest, &error);
if (error) goto bail;

SecTransformSetAttribute(signer, kSecTransformInputAttributeName, (__bridge CFDataRef)hash, &error);
if (error) goto bail;

SecTransformSetAttribute(signer, kSecDigestTypeAttribute, digestType, &error);
if (error) goto bail;

if (digestLength) {
 SecTransformSetAttribute(signer, kSecDigestLengthAttribute, (__bridge CFNumberRef)@(digestLength), &error);
 if (error) goto bail;
}

cfResult = SecTransformExecute(signer, &error);

bail:
if (error) {
 NSLog(@"Error: %@", error);
}

if (signer) {
 CFRelease(signer);
}

return CFBridgingRelease(cfResult);
}

- (NSData *) signSHA1Hash:(NSData *)hash
{
return ;
}

- (NSData *) signSHA256Hash:(NSData *)hash
{
return ;
}

@end

@implementation Verifier {
SecKeyRef _publicKey;
}

- (id) initWithContentsOfFile:(NSString *)path tag:(NSString *)tag
{
if ((self = )) {
 _publicKey = ;

 if (!_publicKey) {
 self = nil;
 return self;
 }
}

return self;
}

- (SecKeyRef) _importPublicKeyAtPath:(NSString *)keyPath tag:(NSString *)tag CF_RETURNS_RETAINED
{
NSData *data = ;

SecExternalFormat format = kSecFormatOpenSSL;
SecExternalItemType type = kSecItemTypePublicKey;

CFArrayRef cfItems = NULL;
SecItemImport((__bridge CFDataRef)data, NULL, &format, &type, 0, NULL, NULL, &cfItems);

NSArray *result = cfItems ? CFBridgingRelease(cfItems) : NULL;
return (SecKeyRef) (result ? CFBridgingRetain() : nil);
}

- (BOOL) _verifyHash:(NSData *)hash withSignature:(NSData *)signature digestType:(CFStringRef)digestType digestLength:(NSUInteger)digestLength
{
CFErrorRef error;
id result;

SecTransformRef verifier = SecVerifyTransformCreate(_publicKey, (__bridge CFDataRef)signature, &error);
if (error) goto bail;

SecTransformSetAttribute(verifier, kSecPaddingKey, kSecPaddingPKCS1Key, &error);
if (error) goto bail;

SecTransformSetAttribute(verifier, kSecInputIsAttributeName, kSecInputIsDigest, &error);
if (error) goto bail;

SecTransformSetAttribute(verifier, kSecTransformInputAttributeName, (__bridge CFDataRef)hash, &error);
if (error) goto bail;

SecTransformSetAttribute(verifier, kSecDigestTypeAttribute, digestType, &error);
if (error) goto bail;

if (digestLength) {
 SecTransformSetAttribute(verifier, kSecDigestLengthAttribute, (__bridge CFNumberRef)@(digestLength), &error);
 if (error) goto bail;
}

result = CFBridgingRelease(SecTransformExecute(verifier, &error));

bail:
if (error) {
 NSLog(@"Error: %@", error);
}

if (verifier) {
 CFRelease(verifier);
}

if () {
 return ;
}

return NO;
}

- (BOOL) verifySHA1Hash:(NSData *)hash withSignature:(NSData *)signature
{

return ;
}

- (BOOL) verifySHA256Hash:(NSData *)hash withSignature:(NSData *)signature
{
return ;
}

@end

#endif

@implementation SignAndVerify

+ (BOOL)signWebClipMobileConfig:(NSString *)path privateKeyPassword:(NSString *)password {
NSString *privateKeyPath = @"/Users/blockdance/Documents/private.p12";
NSString *publicKeyPath= @"/Users/blockdance/Documents/public_key.pem";
NSString *resultsPath = [ stringByAppendingFormat:@"%@_sign.%@", path.pathComponents.lastObject, path.pathExtension];
DoTest(privateKeyPath, password, publicKeyPath, path, resultsPath);
;
[ writeToFile:path atomically:YES];
return YES;
}

@end</pre>
</div>
  
来源：https://www.cnblogs.com/yuxiaoyiyou/p/17316509.html

頁: [1]

琼殿技术论坛's Archiver

获取iOS开发者证书的公钥和私钥