Home/ Questions/Q 8378417
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T15:55:25+00:00

The Problem: Retrieving a public key For an iPhone App, I need to create

  • 0

The Problem: Retrieving a public key

For an iPhone App, I need to create a rsa key pair, store it in the key chain and retrieve the public key.

Fortunately, Apple released a Crypto Exercise Sample where everything i need can be found (class SecKeyWrapper, functions generateKeyPair and getPublicKeyBits).

But after trying to use these functions, I always get the same output for my public key for different key pairs (instead of different public key bits for different key pairs).

Implementation of my generateKeyPair and getPublicKeyBits Function:

I first create a key pair by calling generateKeyPairWithKeySizeInBits (which seems to work fine), afterwards I extract the public key bits with getPublicKeyBits and NSLog them…

- (void) generateKeyPairWithKeySizeInBits:(int)bits withPublicIdentifier:(NSString     *)publicIdentifier andPrivateIdentifier:(NSString *)privateIdentifier
{

    NSLog(@"begin generating key...");
    OSStatus status = noErr;

    NSMutableDictionary* privateKeyAttr = [[NSMutableDictionary alloc] init];
    NSMutableDictionary* publicKeyAttr = [[NSMutableDictionary alloc] init];
    NSMutableDictionary* keyPairAttr = [[NSMutableDictionary alloc] init];

    NSData* publicTag = [publicIdentifier dataUsingEncoding:NSUTF8StringEncoding];
    NSData* privateTag = [privateIdentifier dataUsingEncoding:NSUTF8StringEncoding];

    SecKeyRef publicKey = NULL;
    SecKeyRef privateKey = NULL;

    [keyPairAttr setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id) kSecAttrKeyType];
    [keyPairAttr setObject:[NSNumber numberWithInt:bits] forKey:(__bridge id) kSecAttrKeySizeInBits];

    [privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id) kSecAttrIsPermanent];
    [privateKeyAttr setObject:privateTag forKey:(__bridge id) kSecAttrApplicationTag];

    [publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
    [publicKeyAttr setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];

    [keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
    [keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];

    SecItemDelete((__bridge CFDictionaryRef)keyPairAttr);

    status = SecKeyGeneratePair((__bridge CFDictionaryRef) keyPairAttr, &publicKey, &privateKey);

    if(status != noErr){
        NSLog(@"status = %@",status);
    }
    if(publicKey){
        NSLog(@"public key %@",publicKey);
    }

    if(privateKey){
        NSLog(@"private key %@",privateKey);
    }

    [self getPublicKeyBits:publicIdentifier];
}


- (NSData *)getPublicKeyBits: (NSString*) publicKeyIdentifier {

    OSStatus sanityCheck = noErr;
    NSData * publicKeyBits = nil;
    CFTypeRef pk;
    NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];

    NSData* publicTag = [publicKeyIdentifier dataUsingEncoding:NSUTF8StringEncoding];

    // Set the public key query dictionary.
    [queryPublicKey setObject:(__bridge_transfer id)kSecClassKey forKey:(__bridge_transfer id)kSecClass];

    [queryPublicKey setObject:publicTag forKey:(__bridge_transfer id)kSecAttrApplicationTag];
    [queryPublicKey setObject:(__bridge_transfer id)kSecAttrKeyTypeRSA forKey:(__bridge_transfer id)kSecAttrKeyType];
    [queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge_transfer id)kSecReturnData];

    // Get the key bits.
    sanityCheck = SecItemCopyMatching((__bridge_retained CFDictionaryRef)queryPublicKey, &pk);
    if (sanityCheck != noErr)
    {
        publicKeyBits = nil;
    }
    publicKeyBits = (__bridge_transfer NSData*)pk;
    NSLog(@"public bits %@",publicKeyBits);

    return publicKeyBits;
}

Output (the “public bits”-part (last line) is always the same):

2012-07-13 10:39:28.391 [12279:707] begin generating key...
2012-07-13 10:39:39.376 [12279:707] public key <SecKeyRef: 0xeb56e00>
2012-07-13 10:39:39.381 [12279:707] private key <SecKeyRef: 0xeb57800>
2012-07-13 10:39:39.397 [12279:707] public bits <3082010a 02820101 00ea41ec 12780dff 20a55d67 62ec9890 028ed031 eccd1163 5b4bd039 01adffb5 766f37b8 31be8d03 4a41240b 4e127b75 bc4dd8fb 5b404d4d ad18d711 5cf64a04 61c49970 1fef5434 215f80e4 efee8894 1f282f77 8ea5f7e3 35673260 80ee5f80 818d19d3 b7b15e5c f013ad7d 5ff5dd33 b3e57544 de50dc02 f28aa2ae d4b9590a 1e71bd05 79e81fb7 2a9cd592 cf412fe1 db7a89d4 05bd1731 f95f7aae 56ec4171 e9f352ec c26c3c15 05a0e84b 16c5e89d cec8b1a3 24365d4e dcea88a2 92d8c2e6 8f0e9aee e83703bc e66418af aa9dceea 1129f669 cf069b87 edde4cf7 5e313212 80f44e04 d5b5e2db 9e7f26ae 9b8ef8ee 2e177702 18673b1a f125d3c8 d9ddf978 fb020301 0001>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So Your SecItemDelete code does not work as you expect it to. If you want to delete all the items in your keychain (for testing purposes, obviously), you should look at the code in -[Credentials resetCredentials] method in the AdvancedURLConnections sample code.

    https://developer.apple.com/library/ios/#samplecode/AdvancedURLConnections/

    You might also find the -dumpCredentials method handy during debugging.

    So The problem with SecItemDelete means that SecKeyGeneratePair is generating a new set of keys each time you run the app. Each of these keys has the same application tag, making it indeterminate as to which key is returned by your SecItemCopyMatching call in –getPublicKeyBits:. In turns out that on current system software you’re always getting back the first key, so you always get the same public key bits.

    • 0