iOS10使用SecKeyCreateWithData读取公钥私钥

在使用openssl命令生成RSA公钥私钥以后，当后端人员把密钥的字符串发给你；

首先要问清公钥私钥的密钥格式(PKCS1,PKCS8），密钥位数(1024,2048)，然后在iOS10以后，使用苹果自带的api就可以加载密钥；

一定要问清楚密钥格式，如果需要互转格式，请看我发布的上一篇相互转换的文章；

API:要求>=iOS10

SecKeyCreateWithData

私钥格式：PKCS1

示例：

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlLm5+Kosybacfp8hzjn1fl2wT7Au2lm5SEtz6r+/wwSfq5KfY
H8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5sdtmAvD2ex3wCef8lWmgdh5q
Uo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6NUmQZITsYK6CsEl/ewIDAQAB
AoGBAJkMdvF+i9Kzc6YqMC0rfQJ3Zs+vFOtsbmQVAMnQ8JWBCJ1O8d/c60wRQgyb
lFCyO7VXOmoIJqX/Jr2aER8bFtG+Yxy6jsMu3ynwMwbhcVmCWCmZoWuE5pZdEJk6
lOdOay7TkE45X/Wc7K9iZs2uuB7sylIvK/HVxxit6FGePa4RAkEA9e+VoAbxBv78
HyxRcStW+Kc3lmE4zYBGAb2IYx48UEN34nP5rI8Tusqsy7CZ3rvSMi1CpVlj2eQK
FU8FzVFyjwJBAO6PU9q7il8NtecdvYBkDErlCawSeCdk9s79helT0Mrg9cWaVWFO
n0UxgT55MPXWGdMRXUUOCNnMilaw/p7dKlUCQDpjGeu3GivmB2dDN0ad2nUIBftu
s3SeWoB5RdL6T6liiyi5DfJ4uV9kVKe7Epy9jIabFjJ5SWpmaDps21zGVGMCQQCB
HvK0IW3zpOgf/+jh5UUCBJYHnLeMGwm7X11rvQH1zW05Vx9/W565ROI/fjkR1qCD
rZJeHgqMWDlIUuR9+BdBAkAI8+JWgWLdWceXX9Puu4KNmGukx4GZw2n53vMKp0Fu
puQxMonRWTN+kA76cq8QIj8xuEBkdxy1NFRMEkGu675m
-----END RSA PRIVATE KEY-----

 

公钥格式：PKCS8

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlLm5+Kosybacfp8hzjn1fl2wT
7Au2lm5SEtz6r+/wwSfq5KfYH8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5
sdtmAvD2ex3wCef8lWmgdh5qUo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6
NUmQZITsYK6CsEl/ewIDAQAB
-----END PUBLIC KEY-----

 

如下OC代码的封装

//加载PKCS8格式的公钥
- (SecKeyRef)publicKeyFromPKCS8Str:(NSString *)pub8
{
    SecKeyRef pubkeyref;
    CFErrorRef errref;
    NSString *pemStr = pub8;
    
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"-----BEGIN PUBLIC KEY-----" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"\r" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"\n" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"-----END PUBLIC KEY-----" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@" " withString:@""];
    NSData *dataPubKey = [[NSData alloc]initWithBase64EncodedString:pemStr options:0];
    
    NSMutableDictionary *dicPubkey = [[NSMutableDictionary alloc]initWithCapacity:1];
    [dicPubkey setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
    [dicPubkey setObject:(__bridge id) kSecAttrKeyClassPublic forKey:(__bridge id)kSecAttrKeyClass];
    [dicPubkey setObject:@(1024) forKey:(__bridge id)kSecAttrKeySizeInBits];
    
    pubkeyref = SecKeyCreateWithData((__bridge CFDataRef)dataPubKey, (__bridge CFDictionaryRef)dicPubkey, &errref);
    
    NSAssert(errref==noErr, @"公钥加载错误");
    
    return pubkeyref;
}


//加载PKCS1格式的私钥
- (SecKeyRef)privateKeyFromPKCS1Str:(NSString *)pri1
{
    SecKeyRef prikeyRef;
    CFErrorRef err;
    NSString *pemStr = pri1;
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"-----BEGIN RSA PRIVATE KEY-----" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"\r" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"\n" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@"-----END RSA PRIVATE KEY-----" withString:@""];
    pemStr = [pemStr stringByReplacingOccurrencesOfString:@" " withString:@""];
    NSData *pemData = [[NSData alloc]initWithBase64EncodedString:pemStr options:0];
    
    NSMutableDictionary *dicPrikey = [[NSMutableDictionary alloc]initWithCapacity:1];
    [dicPrikey setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
    [dicPrikey setObject:(__bridge id) kSecAttrKeyClassPrivate forKey:(__bridge id)kSecAttrKeyClass];
    [dicPrikey setObject:@(1024) forKey:(__bridge id)kSecAttrKeySizeInBits];
    
    prikeyRef = SecKeyCreateWithData((__bridge CFDataRef)pemData, (__bridge CFDictionaryRef)dicPrikey, &err);
    NSAssert(err==noErr, @"私钥加载错误");
    
    return prikeyRef;
}

 

调用示例：

    NSString *cpub8Str = @"-----BEGIN PUBLIC KEY-----\
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlLm5+Kosybacfp8hzjn1fl2wT\
    7Au2lm5SEtz6r+/wwSfq5KfYH8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5\
    sdtmAvD2ex3wCef8lWmgdh5qUo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6\
    NUmQZITsYK6CsEl/ewIDAQAB\
    -----END PUBLIC KEY-----";
    
    NSString *cpri1Str = @"-----BEGIN RSA PRIVATE KEY-----\
    MIICXQIBAAKBgQDlLm5+Kosybacfp8hzjn1fl2wT7Au2lm5SEtz6r+/wwSfq5KfY\
    H8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5sdtmAvD2ex3wCef8lWmgdh5q\
    Uo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6NUmQZITsYK6CsEl/ewIDAQAB\
    AoGBAJkMdvF+i9Kzc6YqMC0rfQJ3Zs+vFOtsbmQVAMnQ8JWBCJ1O8d/c60wRQgyb\
    lFCyO7VXOmoIJqX/Jr2aER8bFtG+Yxy6jsMu3ynwMwbhcVmCWCmZoWuE5pZdEJk6\
    lOdOay7TkE45X/Wc7K9iZs2uuB7sylIvK/HVxxit6FGePa4RAkEA9e+VoAbxBv78\
    HyxRcStW+Kc3lmE4zYBGAb2IYx48UEN34nP5rI8Tusqsy7CZ3rvSMi1CpVlj2eQK\
    FU8FzVFyjwJBAO6PU9q7il8NtecdvYBkDErlCawSeCdk9s79helT0Mrg9cWaVWFO\
    n0UxgT55MPXWGdMRXUUOCNnMilaw/p7dKlUCQDpjGeu3GivmB2dDN0ad2nUIBftu\
    s3SeWoB5RdL6T6liiyi5DfJ4uV9kVKe7Epy9jIabFjJ5SWpmaDps21zGVGMCQQCB\
    HvK0IW3zpOgf/+jh5UUCBJYHnLeMGwm7X11rvQH1zW05Vx9/W565ROI/fjkR1qCD\
    rZJeHgqMWDlIUuR9+BdBAkAI8+JWgWLdWceXX9Puu4KNmGukx4GZw2n53vMKp0Fu\
    puQxMonRWTN+kA76cq8QIj8xuEBkdxy1NFRMEkGu675m\
    -----END RSA PRIVATE KEY-----";
    
    SecKeyRef pubKK = [self publicKeyFromPKCS8Str:cpub8Str];
    SecKeyRef priKK = [self privateKeyFromPKCS1Str:cpri1Str];
    
    NSLog(@"%@",pubKK);
    NSLog(@"%@",priKK);

输出日志：

2019-03-11 16:00:00.665775+0800 TPS[5928:187621] <SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 4, block size: 1024 bits, exponent: {hex: 10001, decimal: 65537}, modulus: E52E6E7E2A8B326DA71FA7C8738E7D5F976C13EC0BB6966E5212DCFAAFEFF0C127EAE4A7D81FCAB500EFC2F76230129A6535BAEA62639742EE8FD3B9A0D2540E0AF139B1DB6602F0F67B1DF009E7FC9569A0761E6A528E0E31C9A84B3DC8029FFBFC59CC6A0D487A549F76BA273C10F16B3A7A3549906484EC60AE82B0497F7B, addr: 0x6000011ba980>
2019-03-11 16:00:00.665988+0800 TPS[5928:187621] <SecKeyRef algorithm id: 1, key type: RSAPrivateKey, version: 4, block size: 1024 bits, addr: 0x6000011baa00>

 

密钥加载完成，就可以使用加密，解密，签名，验证签名的接口了；

关于苹果api进行RSA的相关操作，可以搜索我之前的相关文章；