SecKeyRawVerify在mac上validation,但在iOS上失败-9809

我需要在Mac上对数据进行数字签名,然后在iOS上进行validation。 所以我生成RSA密钥对和DER格式的公开密钥的证书与开放ssl(尝试与SecKeyGeneratePair生成,但它很难导入公钥到iOS和SecKeyRawVerify仍然不能使用相同的结果),并签署我的数据Mac应用程序。 那么如果我在iOSvalidation这个数据validation失败,-9809错误代码,但如果在macvalidation执行相同的代码成功。

这是我的validation码: 

NSString* certPath = [[NSBundle mainBundle] pathForResource: @"Public" ofType:@"der"]; NSData* certificateData = [NSData dataWithContentsOfFile: certPath]; SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); // load the certificate SecPolicyRef secPolicy = SecPolicyCreateBasicX509(); SecTrustRef trust; OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust); SecTrustResultType resultType; OSStatus statusTrustEval = SecTrustEvaluate(trust, &resultType); SecKeyRef publicKey = SecTrustCopyPublicKey(trust); NSString* licensingPolicyString = @"ZKL3YXtqtFcIeWRqSekNuCmtu/nvy3ApsbJ+8xad6cO/E8smLHGfDrTQ3h/38d0IMJcUThsVMyX8qtqILmPeTnBpZgJetBjb8kAfuPznzxOrIcYd27/50ThWv6guLqZL7j1apnfRZHAdMiozvEYH62sma1Q9qTl+W7qxEAxWs2AXDTQcF7nGciEM6MEohs8u879VNIE1VcPW8ahMoe25wf8pvBvrzE0z0MR4UFE3ZSWIeeQsiaUPYFwHbfQAOifaw/qIisjL5Su6WURoaSupWTMdQh3ZNyqZuYJaT70u8S7NgF3BzG8uBiYOUYsf6UayvkABmF0UuMdcvhPQefyhuXsiYWxsb3dFeGNoYW5nZSI6dHJ1ZSwiYWxsb3dTaGFmZXIiOnRydWUsInBvbGljeSBuYW1lIjp0cnVlfQ=="; size_t signedHashBytesSize = SecKeyGetBlockSize(publicKey); NSData* messageData = [[NSData alloc] initWithBase64EncodedData:[licensingPolicyString dataUsingEncoding: NSUTF8StringEncoding] options:0]; NSData* signatureData = [messageData subdataWithRange:NSMakeRange(0, signedHashBytesSize)]; NSData* rawMessageData = [messageData subdataWithRange: NSMakeRange(signedHashBytesSize, messageData.length - signedHashBytesSize)]; uint8_t sha1HashDigest[CC_SHA1_DIGEST_LENGTH]; CC_SHA1([rawMessageData bytes], (CC_LONG)[rawMessageData length], sha1HashDigest); OSStatus verficationResult = SecKeyRawVerify(publicKey, kSecPaddingPKCS1SHA1, sha1HashDigest, CC_SHA1_DIGEST_LENGTH, [signatureData bytes], [signatureData length]); CFRelease(publicKey); CFRelease(trust); CFRelease(secPolicy); CFRelease(certificateFromFile); if (verficationResult == errSecSuccess) NSLog(@"Verified");

Mac和iOS的数字签名validation有什么不同吗? 我没有在苹果的文档中find任何有关它的信息。

那么经过一些实验sign / verify,我发现改变填充协议SecKeyRawVerify / SecKeyRawSign从kSecPaddingPKCS1SHA1 kSecPaddingPKCS1,解决了我的问题。 不知道为什么它不能与kSecPaddingPKCS1SHA1一起工作,苹果的文档中没有提到过。 另外我没有尝试在iOS上的这个代码不同于8.3,所以也许这是iOs8.3问题。

Interesting Posts