Comments (10)
I think it has something to do with how you are creating the keys in keychain. The examples given are for iOS, I believe the process is slightly different macOS. If you create the keys properly then the framework should work.
Issues with generating keys are not issues with this framework
from certificatesigningrequest.
Thanks.
Able to generate a valid csr if i use SecKeyCopyExternalRepresentation
while sending public key bytes to buildcsr
function
from certificatesigningrequest.
@murali238 thanks for sharing, I will see if I can add your updates into the testcases and readme, unless you see where to add them directly?
from certificatesigningrequest.
@cbaker6 ,
I have done below two changes on MacOS to generate a valid csr.
kSecAttrApplicationTag
key value asData
instead ofString
- Replaced
getPublicKeyBits
with below function
func getPublicKeyBits(_ algorithm: KeyAlgorithm, publicKey: SecKey, tagPublic: String)->(Data?,Int?) {
//Set block size
let keyBlockSize = SecKeyGetBlockSize(publicKey)
//Ask keychain to provide the publicKey in bits
let query: [String: AnyObject] = [
String(kSecClass): kSecClassKey,
String(kSecAttrKeyType): algorithm.secKeyAttrType,
String(kSecAttrApplicationTag): tagPublic.data(using: .utf8) as AnyObject,
String(kSecReturnRef): kCFBooleanTrue
]
var tempPublicKeyBits:AnyObject?
var _ = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)
if tempPublicKeyBits != nil {
var error:Unmanaged<CFError>? = nil
guard let keyBits = SecKeyCopyExternalRepresentation(tempPublicKeyBits as! SecKey, &error) else {
return (nil,nil)
}
return (keyBits as Data,keyBlockSize)
}
return (nil,nil)
}
Hope it helps some one.
from certificatesigningrequest.
@murali238 I've added your recommendations, but for some reason the keys don't generate when I run the tests, swift test
from command line.
Was there anything else you added?
The changes I made are here
from certificatesigningrequest.
@cbaker6
inside getPublicKeyBits
function, instead of String(kSecReturnData): kCFBooleanTrue
, Please use String(kSecReturnRef): kCFBooleanTrue
in the query on macOS (kSecReturnData is fine on iOS)
from certificatesigningrequest.
I tried out your getPublicKeyBits function, but I still got the same errors.
Did you do anything different when creating the keys besides using query[String(kSecAttrApplicationTag)] = tagPublic.data(using: .utf8) as AnyObject
?
The updated function I have is below:
The code to create the keys is below:
from certificatesigningrequest.
@murali238 you can see the errors in GitHub Actions here under "Build": https://github.com/cbaker6/CertificateSigningRequest/runs/1043401059?check_suite_focus=true
The error code is -25300
, Error Domain=NSOSStatusErrorDomain Code=-50 "failed to generate asymmetric keypair" (paramErr: error in user parameter list) UserInfo={NSDescription=failed to generate asymmetric keypair}, keys weren't created
from certificatesigningrequest.
It turns out if the keychain parameters are switched to [String: Any]
, the only thing that needs to be fixed is String(kSecAttrApplicationTag): tagPublic.data(using: .utf8)!
This allows interoperability between iOS and macOS.
See the updates here:
from certificatesigningrequest.
@murali238, thank you so much. I ran into the same problem on macOS and looked for a solution for weeks.
The SecKeyCopyExternalRepresentation
way solved it.
@cbaker6 By the way you can get rid of all the String conversions by bridge casting the type rather than annotating it.
For example
let query = [
kSecClass: kSecClassKey,
kSecAttrKeyType: algorithm.secKeyAttrType,
kSecAttrApplicationTag: tagPublic.data(using: .utf8)!,
kSecReturnData: true
] as [String:Any]
from certificatesigningrequest.
Related Issues (20)
- Adding Certificate Extensions HOT 11
- Publishing cocoapods library HOT 4
- Invalid signature HOT 8
- Domain=NSOSStatusErrorDomain Code=-50 "Key generation failed HOT 2
- FAILED - CSR has an invalid signature HOT 3
- Code=-67808 "RSA signature verification failed, no match" HOT 10
- CSR max linelength, parsing on macOS HOT 26
- CSR key size = 0 when decoding, MacOS HOT 12
- CSR Enhancement HOT 4
- Country field MUST be PRINTABLESTRING HOT 3
- How can we set UID attribute in CSR? HOT 4
- Email should be IA5STRING instead of UTF8STRING HOT 4
- CSR Enhancement : CSR To Self Signed Certificate HOT 4
- Open SSL config HOT 2
- EC key SHA1 oid size mismatch HOT 1
- FAILED - CSR has an invalid signature. Key Size WARNING (0 bits) HOT 1
- Adding Attribute in Certificate HOT 4
- Not really an issue, it's an improvement suggestion HOT 1
- CSR Subject enhancement HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificatesigningrequest.