ios - 如何从存储在 iOS 钥匙串(keychain)中的 key 获取 DER 格式的公钥？

Question

我正在使用以下代码创建 key

let tag = "com.example.keys.mykey".data(using: .utf8)!
let attributes: [String: Any] =
[kSecAttrKeyType as String:            kSecAttrKeyTypeECSECPrimeRandom,
 kSecAttrKeySizeInBits as String:      256,
 kSecPrivateKeyAttrs as String:
    [kSecAttrIsPermanent as String:    true,
     kSecAttrApplicationTag as String: tag]]
guard let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error}

获取公钥使用

let publicKey = SecKeyCopyPublicKey(privateKey)

Answer 1

 func addDerKeyInfo(rawPublicKey:[UInt8]) -> [UInt8] {
    let DerHdrSubjPubKeyInfo:[UInt8]=[
        /* Ref: RFC 5480 - SubjectPublicKeyInfo's ASN encoded header */
        0x30, 0x59, /* SEQUENCE */
        0x30, 0x13, /* SEQUENCE */
        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, /* oid: 1.2.840.10045.2.1   */
        0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, /* oid: 1.2.840.10045.3.1.7 */
        0x03, 0x42, /* BITSTRING */
        0x00 /* unused number of bits in bitstring, followed by raw public-key bits */]
    let derKeyInfo = DerHdrSubjPubKeyInfo + rawPublicKey
    return derKeyInfo
}

func convertbase64StringToByteArray(base64String: String) -> [UInt8] {
    if let nsdata = NSData(base64Encoded: base64String, options: NSData.Base64DecodingOptions.ignoreUnknownCharacters)  {
        var bytes = [UInt8](repeating: 0, count: nsdata.length)
        nsdata.getBytes(&bytes,length: nsdata.length)
        return bytes
    }
    else
    {
        print("Invalid base64 String")
    }
}
func convertSecKeyToDerKeyFormat(publicKey:SecKey) throws -> String
{
    do
    {
        if let externalRepresentationOfPublicKey = SecKeyCopyExternalRepresentation(publicKey,&error)
        {
            let derKeyFormat = externalRepresentationOfPublicKey as Data
            var publicKeyByteArray = try convertbase64StringToByteArray(base64String: derKeyFormat.base64EncodedString())
            publicKeyByteArray =  addDerKeyInfo(rawPublicKey: publicKeyByteArray)
            let base64EncodedPublicKey:String=Data(publicKeyByteArray).base64EncodedString()
            return base64EncodedPublicKey
        }
        else
        {
            throw error as! Error
        }
    }
    catch
    {
        throw error
    }
}

通过将公钥传递给它来调用 convertSecKeyToDerKeyFormat 函数。