Comments (12)
Are you able to investigate this to see what's going on with the keys? I'm guessing it's something with the way the keys are created/maintained in Keychain in MacOS. If you get somewhere close to a fix, feel free to submit a PR and I will try to help with the fix
from certificatesigningrequest.
@cbaker6 I sent you an email about the same issue on MacOS today, now I see @kynansongwork reported issue here. Do you have a fix?
Pasted my code here:
import Foundation
import CommonCrypto
import CertificateSigningRequest
print("Step 1: generate publicKey and privateKey!!!")
//Provide tagPublic by whale
let tagPublic: String = "com.one.whale12.public"
let publicKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag:tagPublic.data(using: String.Encoding.utf8)! as NSObject,
kSecClass: kSecClassKey, // added this value
kSecReturnData: kCFBooleanTrue] // added this value
let privateKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag:"com.one.whale12.private".data(using: String.Encoding.utf8)! as NSObject,
kSecClass: kSecClassKey, // added this value
kSecReturnData: kCFBooleanTrue] // added this value
var keyPairAttr = NSObject: NSObject
keyPairAttr[kSecAttrKeyType] = kSecAttrKeyTypeRSA
keyPairAttr[kSecAttrKeySizeInBits] = 2048 as NSObject
keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttr as NSObject
keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAttr as NSObject
var publicKey : SecKey?
var privateKey : SecKey?;
let statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)
if statusCode == noErr && publicKey != nil && privateKey != nil {
print("Key pair generated OK")
var resultPublicKey: AnyObject?
var resultPrivateKey: AnyObject?
let statusPublicKey = SecItemCopyMatching(publicKeyAttr as CFDictionary, &resultPublicKey)
let statusPrivateKey = SecItemCopyMatching(privateKeyAttr as CFDictionary, &resultPrivateKey)
if statusPublicKey == noErr {
if let publicKey = resultPublicKey as? Data {
print("Public Key: \((publicKey.base64EncodedString()))")
print("PublicKey without base64Encoding is :")
print(publicKey)
}
}
if statusPrivateKey == noErr {
if let privateKey = resultPrivateKey as? Data {
print("Private Key: \((privateKey.base64EncodedString()))")
}
}
} else {
print("Error generating key pair: (String(describing: statusCode))")
throw NSError(domain: NSOSStatusErrorDomain, code: Int(statusCode), userInfo: nil)
}
//Step 2: Set algorithm and block size
let algorithm = KeyAlgorithm.rsa(signatureType: .sha256)
let keyBlockSize = SecKeyGetBlockSize(publicKey!)
print("keyBlockSize: (keyBlockSize)")
//Ask keychain to provide the publicKey in bits
let query: [String: Any] = [
String(kSecClass): kSecClassKey,
String(kSecAttrKeyType): algorithm.secKeyAttrType,
String(kSecAttrApplicationTag): tagPublic.data(using: .utf8)!,
String(kSecReturnData): true
]
var tempPublicKeyBits:CFTypeRef?
//var _ = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)
let copyResultCode = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)
if copyResultCode == noErr{
print("No error code after SecItemCopyMatching to get tempPublicKeyBits!")
}
guard let publicKeyBits = tempPublicKeyBits as? Data else {
//return (nil,nil)
print("Error when get publicKeyBits!!!")
throw WhaleError.invalidPublicKeyBits
}
print("publicKeyBits: ((publicKeyBits.base64EncodedString()))")
//Step 3: Initiallize csr using KeyAlgorithm.ec or KeyAlgorithm.rsa
let csr1 = CertificateSigningRequest() //CSR with no fields, will use defaults of an RSA key with sha512
let csr2 = CertificateSigningRequest(keyAlgorithm: algorithm) //CSR with a specific key
let csr3 = CertificateSigningRequest(commonName: "lhui", organizationName: "oneyubi", organizationUnitName: "yubi", countryName: "USA", stateOrProvinceName: "WA", localityName: "Redmond", emailAddress: "[email protected]", description: "lhui testing csr 1234", keyAlgorithm: algorithm) //Define any field you want in your CSR along with the key algorithm//
//Step 4: Then simply build your CSR using your publicKey(bits) and privateKey using:
let builtCSR1 = csr1.buildCSRAndReturnString(publicKeyBits, privateKey: privateKey!)
//print(String(builtCSR1!))
print("builtCSR1 using your publicKeyBits and privateKey: (builtCSR1!)")
//Or if you want CertificateSigningRequest
to verify the signature after building, pass in your publicKey to the same method:
let builtCSR2 = csr2.buildCSRAndReturnString(publicKeyBits, privateKey: privateKey!, publicKey: publicKey!)
//print(String(builtCSR2!))
print("builtCSR2 to verify the signature after building: (builtCSR2!)")
//To get CSR without header and footer info use:
let builtCSR3 = csr3.buildAndEncodeDataAsString(publicKeyBits, privateKey: privateKey!)
//print(String(builtCSR3!))
print("builtCSR3 without header and footer info: (builtCSR3!)")
//To get CSR as Data use:
let builtCSR4 = csr1.build(publicKeyBits, privateKey: privateKey!)
//print(String(builtCSR4!))
print("builtCSR4 as Data: (builtCSR4!)")
enum WhaleError: Error {
case invalidPublicKeyBits
case invalidPublicKey
case invalidPrivateKey
}
from certificatesigningrequest.
@lihuiniu no, but if you would like to look into the comment I posted earlier in the thread
Are you able to investigate this to see what's going on with the keys? I'm guessing it's something with the way the keys are created/maintained in Keychain in MacOS. If you get somewhere close to a fix, feel free to submit a PR and I will try to help with the fix
from certificatesigningrequest.
@cbaker6 Thanks for you response. I clean up the keychain, no miracle happen.
I noticed there are issues when generate the privatekey and publickey eventhough these are generated, but not perfect as you can see in the log:
Step 1: generate publicKey and privateKey!!!
2021-03-04 23:20:50.451195-0600 GenKeyHui[25447:1478275] [logging-persist] cannot open file at line 44580 of [02c344acea]
2021-03-04 23:20:50.456751-0600 GenKeyHui[25447:1478275] [logging-persist] os_unix.c:44580: (0) open(/var/db/DetachedSignatures) - Undefined error: 0
Key pair generated OK
Public Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAAAAAAAAAgAACEAAAAJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAALB1WwABAAAA
PublicKey without base64Encoding is :
96 bytes
Private Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAABAAAAAAgAACEAAACGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAACB2WwABAAAA
keyBlockSize: 256
No error code after SecItemCopyMatching to get tempPublicKeyBits!
publicKeyBits: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAAAAAAAAAgAACEAAAAJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhUVU0IAAAAAAAAAKDTsQUBAAAA
builtCSR1 using your publicKeyBits and privateKey: -----BEGIN CERTIFICATE REQUEST-----
MIIBUDA6AgEAMAAwMTANBgkqhkiG9w0BAQEFAAMgADAdAgACGRyjD8kR1ISaAAUC
tSEiAgAAAAAAAAAqAACgADANBgkqhkiG9w0BAQ0FAAOCAQEAmoAW3tt5tTJlcx0A
NI/uik4uYQpa62a4DUFKmp0TnQYgs7Uqmq63PrXuX14ovGfYhWeHF+/MTje7NYAG
EuxBYGzVGJaU8dD0RNJmLc+zscA3ewu7gQXPYZLJaGOdFZOQHnGLCCxgihJS8mWs
tdUkjlwOxubGzrAPWHhTFVjTNMtuKwjcigUXvJEOalwKiQgeOd8AMdMhE1SUYs+X
NzkBSdWDQ3IqHKpj4SIR1TC0HkYVP7JVBmAFdtB6Irn1H0OWNnecnx+KghKdOoHF
AC6IAjS5sQnGRglhCCB2s+WWURsIa0NIrz1kqM1kSmecF3xroLVOj9Ovirh2g9YC
YCo47g==
-----END CERTIFICATE REQUEST-----
builtCSR2 to verify the signature after building: -----BEGIN CERTIFICATE REQUEST-----
MIIBUDA6AgEAMAAwMTANBgkqhkiG9w0BAQEFAAMgADAdAgACGRyjD8kR1ISaAAUC
tSEiAgAAAAAAAAAqAACgADANBgkqhkiG9w0BAQsFAAOCAQEAeobzpMkLVAx18B6M
4dJv6DLADtrLKhpojx6iSdJomcoturrWyAtTX6NvLCCowJUd+V+yePNorl5K92S5
4gneRjvEnvnki6r8v78jPPqQcJV9o0oxBn2XD65+fQzjjR09SU7ZQraih6pHBTrT
jkdmrKdC/dNpgks9w0uBlNHZLcH59daDg5DyZLgRVsH9+FT85ma20YV212ErzkhP
FRI42nTv9AgqiMs6Dvr4sc54WpqYU3YEKFCVKkV6zuSCetIzMaEaInBzL6eml5qZ
eFzYkWi56/saPo5b82+5RAA3aKiJ57bdo12Rf+G7tmKImkgzjqd6ST2JFn+sZQUA
MZNp1w==
-----END CERTIFICATE REQUEST-----
builtCSR3 without header and footer info: MIIB8jCB2wIBADCBoDEMMAoGA1UEBgwDVVNBMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHUmVkbW9uZDEQMA4GA1UECgwHb25leXViaTENMAsGA1UECwwEeXViaTENMAsGA1UEAwwEbGh1aTEhMB8GCSqGSIb3DQEJAQwSbGh1aUBtaWNyb3NvZnQuY29tMR4wHAYDVQQNDBVsaHVpIHRlc3RpbmcgY3NyIDEyMzQwMTANBgkqhkiG9w0BAQEFAAMgADAdAgACGRyjD8kR1ISaAAUCtSEiAgAAAAAAAAAqAACgADANBgkqhkiG9w0BAQsFAAOCAQEAFuPmoU0owOGdeWVj95ZCD+NUaRUtQX/QC4JVM/6ebPb7I0EGZ52WzHEYdg93+9zhC+81vRTv4n7uJ2tn8h+xYcQR8du7uyuMmj8qOogh5Omjst9hVYzzzIeUWAt9dsj+UYnW65M9tX7B4snzTnrcWjLSCQGAb2IpxoTKy4FJBxHpdOORwGce9XWMluvSAtZhnuAyp7s7xxjyaCulULHFUYekIWDa4V8EFkGls/8yvtWKYrIdpyF9EgESVowHUWySFOT4iOAbha/4qb7vIQyEm9fJ5yq3wtNkIaM+Uk7vpp5//Va7h+Pr6TyuMu2l3nvrlW8bhVNjjWFcvPJZbARi8w==
builtCSR4 as Data: 340 bytes
(lldb)
from certificatesigningrequest.
I checked the csr generated when run "swift test" on your main branch, all the csr show the same issue when checked for valid online at https://redkestrel.co.uk/products/decoder/
from certificatesigningrequest.
@cbaker6 Could you run "swift test" on the main branch, since all the csr generated in the input show invalid for me:
% swift test
Test Suite 'All tests' started at 2021-03-07 20:03:28.144
Test Suite 'CertificateSigningRequestPackageTests.xctest' started at 2021-03-07 20:03:28.146
Test Suite 'CertificateSigningRequestTests' started at 2021-03-07 20:03:28.146
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha1]' started.
CSR string no header and footer
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQEFBQADgYEAhb4PVm7qqotVnLiPjHhOh/AWoU43jH1HczB4WOz9M4eiFr7OeQJtpIfAAgaKp2OPapYAap+OEC2n2O78cRoGAxaehpvBbIftmnAI9aAYB4X5PsWEMxeKySkt4GfQmCZuXNBdz0xXhNZ+OPL6EFd+UmTgkXy0WXpGideMmVXpohc=
CSR string with header and footer
-----BEGIN CERTIFICATE REQUEST-----
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQH
DARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5D
ZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25l
dHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEB
BQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcN
AQEFBQADgYEAhb4PVm7qqotVnLiPjHhOh/AWoU43jH1HczB4WOz9M4eiFr7OeQJt
pIfAAgaKp2OPapYAap+OEC2n2O78cRoGAxaehpvBbIftmnAI9aAYB4X5PsWEMxeK
ySkt4GfQmCZuXNBdz0xXhNZ+OPL6EFd+UmTgkXy0WXpGideMmVXpohc=
-----END CERTIFICATE REQUEST-----
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha1]' passed (0.552 seconds).
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha256]' started.
CSR string no header and footer
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQELBQADgYEAjjgDMZWgoikihR7A9WuOq+eS+hpmpkVnewWDycDrAUWJyE6SFUw4fjZ2v1A/04cIr0QxLTrjf68BeYnFoSYbR4HdQhHnRcnebW/0wi6XcLpax14hVbNVdyQiM2UxKIpjwY/Z3MTyJf1WQAfYn8uUdqE1QaOGt+6WI9/lYMuNgBo=
CSR string with header and footer
-----BEGIN CERTIFICATE REQUEST-----
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQH
DARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5D
ZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25l
dHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEB
BQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcN
AQELBQADgYEAjjgDMZWgoikihR7A9WuOq+eS+hpmpkVnewWDycDrAUWJyE6SFUw4
fjZ2v1A/04cIr0QxLTrjf68BeYnFoSYbR4HdQhHnRcnebW/0wi6XcLpax14hVbNV
dyQiM2UxKIpjwY/Z3MTyJf1WQAfYn8uUdqE1QaOGt+6WI9/lYMuNgBo=
-----END CERTIFICATE REQUEST-----
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha256]' passed (0.244 seconds).
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha512]' started.
CSR string no header and footer
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQENBQADgYEAs3J0mMPKgBsioBmvV0mfzH75sSdYULb6MvLBtaGUAwU9YNtFuCxySpOydCMdHU4kTPW/yYurtmpgXNGmRK9HyYxCUPXA9dQ1Axm8KhPK1wRnteRJdEJ9oLD3YO8W8/AoL7LSp/SMP3ODrSqhD8taqEMZVyXrlY8LABEAnsRR52w=
from certificatesigningrequest.
@kynansongwork Have you fixed the issue? The keyPair was generated with some issues as follows, I have not fix it even though tried many options :
2021-03-07 19:59:44.076404-0600 StoryBoardSingleViewControllerMacOSApp[13816:678717] [logging-persist] cannot open file at line 44580 of [02c344acea]
2021-03-07 19:59:44.076528-0600 StoryBoardSingleViewControllerMacOSApp[13816:678717] [logging-persist] os_unix.c:44580: (0) open(/var/db/DetachedSignatures) - Undefined error: 0
Key pair generated OK
Public Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAAAAAAAAAgAACEAAAAJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8IAAAAAAAAACB4xQIAYAAA
Private Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAABAAAAAAgAACEAAACGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8IAAAAAAAAAPB3xQIAYAAA
publicKeyBits are :96 bytes
CSR string no header and footer
MIIB9jCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQELBQADggEBADXovDJmq+2Ekk6kUVJ4LpVT5bq4RLclpMxO618bNqVI9cCdBLBmcZB1RJcE9WmSCsa8LUUAExtOFu3GBKxIhBj0FTH2KJgr25dBSeHjgl2QyB0tUnQFuvyu1nWv3LReWMp+6c/eRx+n8SiBPKD8zwYcbWalBCY2lNmlBEO2oltYl2ZbCOE1cvoaWpaGyU9ghYsZVi/7rnNJdBbV2PAbLLfT1+BG4hfnd8RLXNNhNezy/PIqIpSyHPDuBf3tZzHHe4qds/0fDnKSI6xrQ+cq9A8IWb7yBAg+oDaUZCe6JUZVEr0K/xmtvQBxFUN0tUurcZBM1fXkXx3NBH5TdsVu1lo=
My. example code as follows when create MacOS APP using storyboard:
import Cocoa
import CommonCrypto
import CertificateSigningRequest
class ViewController: NSViewController {
var statusCode: OSStatus?
var publicKey: SecKey?
var privateKey: SecKey?
override func viewDidLoad() {
super.viewDidLoad()
let publicKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.public".data(using: String.Encoding.utf8)! as NSObject,
kSecClass: kSecClassKey, // added this value
kSecAttrAccessible: kSecAttrAccessibleAlways,
kSecReturnData: kCFBooleanTrue] // added this value
let privateKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.private".data(using: String.Encoding.utf8)! as NSObject,
kSecClass: kSecClassKey, // added this value
kSecAttrAccessible: kSecAttrAccessibleAlways,
kSecReturnData: kCFBooleanTrue] // added this value
var keyPairAttr = [NSObject: NSObject]()
keyPairAttr[kSecAttrKeyType] = kSecAttrKeyTypeRSA
keyPairAttr[kSecAttrKeySizeInBits] = 2048 as NSObject
keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttr as NSObject
keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAttr as NSObject
keyPairAttr[kSecReturnRef] = kCFBooleanTrue
var publicKey : SecKey?
var privateKey : SecKey?;
let statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)
if statusCode == noErr && publicKey != nil && privateKey != nil {
print("Key pair generated OK")
var resultPublicKey: AnyObject?
var resultPrivateKey: AnyObject?
let statusPublicKey = SecItemCopyMatching(publicKeyAttr as CFDictionary, &resultPublicKey)
let statusPrivateKey = SecItemCopyMatching(privateKeyAttr as CFDictionary, &resultPrivateKey)
if statusPublicKey == noErr {
if let publicKey = resultPublicKey as? Data {
print("Public Key: \((publicKey.base64EncodedString()))")
}
}
if statusPrivateKey == noErr {
if let privateKey = resultPrivateKey as? Data {
print("Private Key: \((privateKey.base64EncodedString()))")
}
}
} else {
print("Error generating key pair: \(String(describing: statusCode))")
}
//let keyBlockSize = SecKeyGetBlockSize(publicKey!)
//Ask keychain to provide the publicKey in bits
let query: [String: AnyObject] = [
String(kSecClass): kSecClassKey,
String(kSecAttrKeyType): kSecAttrKeyTypeRSA,
String(kSecAttrApplicationTag): "com.xeoscript.app.RsaFromScrach.public".data(using: String.Encoding.utf8)! as NSObject,
String(kSecReturnData): kCFBooleanTrue
]
var tempPublicKeyBits:AnyObject?
var _ = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)
let publicKeyBits = tempPublicKeyBits as? Data
print("publicKeyBits are :\(publicKeyBits!)" )
let keyAlgorithm = KeyAlgorithm.rsa(signatureType: .sha256)
//Initiale CSR
let csr = CertificateSigningRequest(commonName: "CertificateSigningRequest Test",
organizationName: "Test", organizationUnitName: "Test",
countryName: "US", stateOrProvinceName: "KY",
localityName: "Test", emailAddress: "[email protected]",
description: "hello", keyAlgorithm: keyAlgorithm)
//Build the CSR
let csrBuild = csr.buildAndEncodeDataAsString(publicKeyBits!, privateKey: privateKey!)
//let csrBuild2 = csr.buildCSRAndReturnString(publicKeyBits, privateKey: privateKey)
if let csrRegular = csrBuild {
print("CSR string no header and footer")
print(csrRegular)
//XCTAssertGreaterThan(csrBuild!.count, 0, "CSR contains no data")
} else {
//XCTAssertNotNil(csrBuild, "CSR with header not generated")
}
}
override var representedObject: Any? {
didSet {
// Update the view, if already loaded.
}
}
}
from certificatesigningrequest.
swift test
is macOS in which there has already been issue identified in this thread. I mentioned:
Are you able to investigate this to see what's going on with the keys? I'm guessing it's something with the way the keys are created/maintained in Keychain in MacOS. If you get somewhere close to a fix, feel free to submit a PR and I will try to help with the fix
iOS
works fine, but those of you using macOS can try to debug and if you submit PR's with possible fixes, I can take a look.
from certificatesigningrequest.
Stale issue message
from certificatesigningrequest.
Stale issue message
from certificatesigningrequest.
Stale issue message
from certificatesigningrequest.
Stale issue message
from certificatesigningrequest.
Related Issues (20)
- Adding Certificate Extensions HOT 11
- Publishing cocoapods library HOT 4
- Invalid signature HOT 8
- Domain=NSOSStatusErrorDomain Code=-50 "Key generation failed HOT 2
- FAILED - CSR has an invalid signature HOT 3
- This is not working on macOS for the given public and private keys HOT 10
- Code=-67808 "RSA signature verification failed, no match" HOT 10
- CSR max linelength, parsing on macOS HOT 26
- CSR Enhancement HOT 4
- Country field MUST be PRINTABLESTRING HOT 3
- How can we set UID attribute in CSR? HOT 4
- Email should be IA5STRING instead of UTF8STRING HOT 4
- CSR Enhancement : CSR To Self Signed Certificate HOT 4
- Open SSL config HOT 2
- EC key SHA1 oid size mismatch HOT 1
- FAILED - CSR has an invalid signature. Key Size WARNING (0 bits) HOT 1
- Adding Attribute in Certificate HOT 4
- Not really an issue, it's an improvement suggestion HOT 1
- CSR Subject enhancement HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificatesigningrequest.