CSR key size = 0 when decoding, MacOS about certificatesigningrequest HOT 12 CLOSED

Are you able to investigate this to see what's going on with the keys? I'm guessing it's something with the way the keys are created/maintained in Keychain in MacOS. If you get somewhere close to a fix, feel free to submit a PR and I will try to help with the fix

from certificatesigningrequest.

@cbaker6 I sent you an email about the same issue on MacOS today, now I see @kynansongwork reported issue here. Do you have a fix?

Pasted my code here:

import Foundation
import CommonCrypto
import CertificateSigningRequest

print("Step 1: generate publicKey and privateKey!!!")
//Provide tagPublic by whale
let tagPublic: String = "com.one.whale12.public"
let publicKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag:tagPublic.data(using: String.Encoding.utf8)! as NSObject,
kSecClass: kSecClassKey, // added this value
kSecReturnData: kCFBooleanTrue] // added this value

let privateKeyAttr: [NSObject: NSObject] = [
kSecAttrIsPermanent:true as NSObject,
kSecAttrApplicationTag:"com.one.whale12.private".data(using: String.Encoding.utf8)! as NSObject,
kSecClass: kSecClassKey, // added this value
kSecReturnData: kCFBooleanTrue] // added this value

var keyPairAttr = NSObject: NSObject
keyPairAttr[kSecAttrKeyType] = kSecAttrKeyTypeRSA
keyPairAttr[kSecAttrKeySizeInBits] = 2048 as NSObject
keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttr as NSObject
keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAttr as NSObject

var publicKey : SecKey?
var privateKey : SecKey?;
let statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)

if statusCode == noErr && publicKey != nil && privateKey != nil {
print("Key pair generated OK")
var resultPublicKey: AnyObject?
var resultPrivateKey: AnyObject?
let statusPublicKey = SecItemCopyMatching(publicKeyAttr as CFDictionary, &resultPublicKey)
let statusPrivateKey = SecItemCopyMatching(privateKeyAttr as CFDictionary, &resultPrivateKey)

if statusPublicKey == noErr {
    if let publicKey = resultPublicKey as? Data {
        print("Public Key: \((publicKey.base64EncodedString()))")
        print("PublicKey without base64Encoding is :")
        print(publicKey)
    }
}

if statusPrivateKey == noErr {
    if let privateKey = resultPrivateKey as? Data {
        print("Private Key: \((privateKey.base64EncodedString()))")
    }
}

} else {
print("Error generating key pair: (String(describing: statusCode))")
throw NSError(domain: NSOSStatusErrorDomain, code: Int(statusCode), userInfo: nil)
}

//Step 2: Set algorithm and block size
let algorithm = KeyAlgorithm.rsa(signatureType: .sha256)
let keyBlockSize = SecKeyGetBlockSize(publicKey!)
print("keyBlockSize: (keyBlockSize)")
//Ask keychain to provide the publicKey in bits

let query: [String: Any] = [
String(kSecClass): kSecClassKey,
String(kSecAttrKeyType): algorithm.secKeyAttrType,
String(kSecAttrApplicationTag): tagPublic.data(using: .utf8)!,
String(kSecReturnData): true
]

var tempPublicKeyBits:CFTypeRef?
//var _ = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)

let copyResultCode = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)
if copyResultCode == noErr{
print("No error code after SecItemCopyMatching to get tempPublicKeyBits!")
}

guard let publicKeyBits = tempPublicKeyBits as? Data else {
//return (nil,nil)

print("Error when get publicKeyBits!!!")
throw WhaleError.invalidPublicKeyBits

}
print("publicKeyBits: ((publicKeyBits.base64EncodedString()))")
//Step 3: Initiallize csr using KeyAlgorithm.ec or KeyAlgorithm.rsa
let csr1 = CertificateSigningRequest() //CSR with no fields, will use defaults of an RSA key with sha512

let csr2 = CertificateSigningRequest(keyAlgorithm: algorithm) //CSR with a specific key
let csr3 = CertificateSigningRequest(commonName: "lhui", organizationName: "oneyubi", organizationUnitName: "yubi", countryName: "USA", stateOrProvinceName: "WA", localityName: "Redmond", emailAddress: "[email protected]", description: "lhui testing csr 1234", keyAlgorithm: algorithm) //Define any field you want in your CSR along with the key algorithm//
//Step 4: Then simply build your CSR using your publicKey(bits) and privateKey using:
let builtCSR1 = csr1.buildCSRAndReturnString(publicKeyBits, privateKey: privateKey!)
//print(String(builtCSR1!))
print("builtCSR1 using your publicKeyBits and privateKey: (builtCSR1!)")
//Or if you want CertificateSigningRequest to verify the signature after building, pass in your publicKey to the same method:
let builtCSR2 = csr2.buildCSRAndReturnString(publicKeyBits, privateKey: privateKey!, publicKey: publicKey!)
//print(String(builtCSR2!))
print("builtCSR2 to verify the signature after building: (builtCSR2!)")
//To get CSR without header and footer info use:
let builtCSR3 = csr3.buildAndEncodeDataAsString(publicKeyBits, privateKey: privateKey!)
//print(String(builtCSR3!))
print("builtCSR3 without header and footer info: (builtCSR3!)")
//To get CSR as Data use:
let builtCSR4 = csr1.build(publicKeyBits, privateKey: privateKey!)
//print(String(builtCSR4!))
print("builtCSR4 as Data: (builtCSR4!)")

enum WhaleError: Error {
case invalidPublicKeyBits
case invalidPublicKey
case invalidPrivateKey
}

from certificatesigningrequest.

@lihuiniu no, but if you would like to look into the comment I posted earlier in the thread

Are you able to investigate this to see what's going on with the keys? I'm guessing it's something with the way the keys are created/maintained in Keychain in MacOS. If you get somewhere close to a fix, feel free to submit a PR and I will try to help with the fix

from certificatesigningrequest.

@cbaker6 Thanks for you response. I clean up the keychain, no miracle happen.

I noticed there are issues when generate the privatekey and publickey eventhough these are generated, but not perfect as you can see in the log:

Step 1: generate publicKey and privateKey!!!
2021-03-04 23:20:50.451195-0600 GenKeyHui[25447:1478275] [logging-persist] cannot open file at line 44580 of [02c344acea]
2021-03-04 23:20:50.456751-0600 GenKeyHui[25447:1478275] [logging-persist] os_unix.c:44580: (0) open(/var/db/DetachedSignatures) - Undefined error: 0
Key pair generated OK
Public Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAAAAAAAAAgAACEAAAAJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAALB1WwABAAAA
PublicKey without base64Encoding is :
96 bytes
Private Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAABAAAAAAgAACEAAACGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAACB2WwABAAAA
keyBlockSize: 256
No error code after SecItemCopyMatching to get tempPublicKeyBits!
publicKeyBits: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAAAAAAAAAgAACEAAAAJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhUVU0IAAAAAAAAAKDTsQUBAAAA
builtCSR1 using your publicKeyBits and privateKey: -----BEGIN CERTIFICATE REQUEST-----
MIIBUDA6AgEAMAAwMTANBgkqhkiG9w0BAQEFAAMgADAdAgACGRyjD8kR1ISaAAUC
tSEiAgAAAAAAAAAqAACgADANBgkqhkiG9w0BAQ0FAAOCAQEAmoAW3tt5tTJlcx0A
NI/uik4uYQpa62a4DUFKmp0TnQYgs7Uqmq63PrXuX14ovGfYhWeHF+/MTje7NYAG
EuxBYGzVGJaU8dD0RNJmLc+zscA3ewu7gQXPYZLJaGOdFZOQHnGLCCxgihJS8mWs
tdUkjlwOxubGzrAPWHhTFVjTNMtuKwjcigUXvJEOalwKiQgeOd8AMdMhE1SUYs+X
NzkBSdWDQ3IqHKpj4SIR1TC0HkYVP7JVBmAFdtB6Irn1H0OWNnecnx+KghKdOoHF
AC6IAjS5sQnGRglhCCB2s+WWURsIa0NIrz1kqM1kSmecF3xroLVOj9Ovirh2g9YC
YCo47g==
-----END CERTIFICATE REQUEST-----

builtCSR2 to verify the signature after building: -----BEGIN CERTIFICATE REQUEST-----
MIIBUDA6AgEAMAAwMTANBgkqhkiG9w0BAQEFAAMgADAdAgACGRyjD8kR1ISaAAUC
tSEiAgAAAAAAAAAqAACgADANBgkqhkiG9w0BAQsFAAOCAQEAeobzpMkLVAx18B6M
4dJv6DLADtrLKhpojx6iSdJomcoturrWyAtTX6NvLCCowJUd+V+yePNorl5K92S5
4gneRjvEnvnki6r8v78jPPqQcJV9o0oxBn2XD65+fQzjjR09SU7ZQraih6pHBTrT
jkdmrKdC/dNpgks9w0uBlNHZLcH59daDg5DyZLgRVsH9+FT85ma20YV212ErzkhP
FRI42nTv9AgqiMs6Dvr4sc54WpqYU3YEKFCVKkV6zuSCetIzMaEaInBzL6eml5qZ
eFzYkWi56/saPo5b82+5RAA3aKiJ57bdo12Rf+G7tmKImkgzjqd6ST2JFn+sZQUA
MZNp1w==
-----END CERTIFICATE REQUEST-----

builtCSR3 without header and footer info: MIIB8jCB2wIBADCBoDEMMAoGA1UEBgwDVVNBMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHUmVkbW9uZDEQMA4GA1UECgwHb25leXViaTENMAsGA1UECwwEeXViaTENMAsGA1UEAwwEbGh1aTEhMB8GCSqGSIb3DQEJAQwSbGh1aUBtaWNyb3NvZnQuY29tMR4wHAYDVQQNDBVsaHVpIHRlc3RpbmcgY3NyIDEyMzQwMTANBgkqhkiG9w0BAQEFAAMgADAdAgACGRyjD8kR1ISaAAUCtSEiAgAAAAAAAAAqAACgADANBgkqhkiG9w0BAQsFAAOCAQEAFuPmoU0owOGdeWVj95ZCD+NUaRUtQX/QC4JVM/6ebPb7I0EGZ52WzHEYdg93+9zhC+81vRTv4n7uJ2tn8h+xYcQR8du7uyuMmj8qOogh5Omjst9hVYzzzIeUWAt9dsj+UYnW65M9tX7B4snzTnrcWjLSCQGAb2IpxoTKy4FJBxHpdOORwGce9XWMluvSAtZhnuAyp7s7xxjyaCulULHFUYekIWDa4V8EFkGls/8yvtWKYrIdpyF9EgESVowHUWySFOT4iOAbha/4qb7vIQyEm9fJ5yq3wtNkIaM+Uk7vpp5//Va7h+Pr6TyuMu2l3nvrlW8bhVNjjWFcvPJZbARi8w==
builtCSR4 as Data: 340 bytes
(lldb)

from certificatesigningrequest.

I checked the csr generated when run "swift test" on your main branch, all the csr show the same issue when checked for valid online at https://redkestrel.co.uk/products/decoder/

from certificatesigningrequest.

@cbaker6 Could you run "swift test" on the main branch, since all the csr generated in the input show invalid for me:
% swift test
Test Suite 'All tests' started at 2021-03-07 20:03:28.144
Test Suite 'CertificateSigningRequestPackageTests.xctest' started at 2021-03-07 20:03:28.146
Test Suite 'CertificateSigningRequestTests' started at 2021-03-07 20:03:28.146
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha1]' started.
CSR string no header and footer
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQEFBQADgYEAhb4PVm7qqotVnLiPjHhOh/AWoU43jH1HczB4WOz9M4eiFr7OeQJtpIfAAgaKp2OPapYAap+OEC2n2O78cRoGAxaehpvBbIftmnAI9aAYB4X5PsWEMxeKySkt4GfQmCZuXNBdz0xXhNZ+OPL6EFd+UmTgkXy0WXpGideMmVXpohc=
CSR string with header and footer
-----BEGIN CERTIFICATE REQUEST-----
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQH
DARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5D
ZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25l
dHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEB
BQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcN
AQEFBQADgYEAhb4PVm7qqotVnLiPjHhOh/AWoU43jH1HczB4WOz9M4eiFr7OeQJt
pIfAAgaKp2OPapYAap+OEC2n2O78cRoGAxaehpvBbIftmnAI9aAYB4X5PsWEMxeK
ySkt4GfQmCZuXNBdz0xXhNZ+OPL6EFd+UmTgkXy0WXpGideMmVXpohc=
-----END CERTIFICATE REQUEST-----

Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha1]' passed (0.552 seconds).
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha256]' started.
CSR string no header and footer
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQELBQADgYEAjjgDMZWgoikihR7A9WuOq+eS+hpmpkVnewWDycDrAUWJyE6SFUw4fjZ2v1A/04cIr0QxLTrjf68BeYnFoSYbR4HdQhHnRcnebW/0wi6XcLpax14hVbNVdyQiM2UxKIpjwY/Z3MTyJf1WQAfYn8uUdqE1QaOGt+6WI9/lYMuNgBo=
CSR string with header and footer
-----BEGIN CERTIFICATE REQUEST-----
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQH
DARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5D
ZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25l
dHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEB
BQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcN
AQELBQADgYEAjjgDMZWgoikihR7A9WuOq+eS+hpmpkVnewWDycDrAUWJyE6SFUw4
fjZ2v1A/04cIr0QxLTrjf68BeYnFoSYbR4HdQhHnRcnebW/0wi6XcLpax14hVbNV
dyQiM2UxKIpjwY/Z3MTyJf1WQAfYn8uUdqE1QaOGt+6WI9/lYMuNgBo=
-----END CERTIFICATE REQUEST-----

Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha256]' passed (0.244 seconds).
Test Case '-[CertificateSigningRequestTests.CertificateSigningRequestTests testCreateCSRwithRSA1024KeySha512]' started.
CSR string no header and footer
MIIBdTCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQENBQADgYEAs3J0mMPKgBsioBmvV0mfzH75sSdYULb6MvLBtaGUAwU9YNtFuCxySpOydCMdHU4kTPW/yYurtmpgXNGmRK9HyYxCUPXA9dQ1Axm8KhPK1wRnteRJdEJ9oLD3YO8W8/AoL7LSp/SMP3ODrSqhD8taqEMZVyXrlY8LABEAnsRR52w=

from certificatesigningrequest.

@kynansongwork Have you fixed the issue? The keyPair was generated with some issues as follows, I have not fix it even though tried many options :

2021-03-07 19:59:44.076404-0600 StoryBoardSingleViewControllerMacOSApp[13816:678717] [logging-persist] cannot open file at line 44580 of [02c344acea]
2021-03-07 19:59:44.076528-0600 StoryBoardSingleViewControllerMacOSApp[13816:678717] [logging-persist] os_unix.c:44580: (0) open(/var/db/DetachedSignatures) - Undefined error: 0
Key pair generated OK
Public Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAAAAAAAAAgAACEAAAAJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8IAAAAAAAAACB4xQIAYAAA
Private Key: AgAAAIcZHKMPyRHUhJoABQK1ISICAAAAAAAAACoAAAABAAAAAAgAACEAAACGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8IAAAAAAAAAPB3xQIAYAAA
publicKeyBits are :96 bytes
CSR string no header and footer
MIIB9jCB3wIBADCBpDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAktZMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MScwJQYDVQQDDB5DZXJ0aWZpY2F0ZVNpZ25pbmdSZXF1ZXN0IFRlc3QxIjAgBgkqhkiG9w0BCQEME25ldHJlY29uQGNzLnVreS5lZHUxDjAMBgNVBA0MBWhlbGxvMDEwDQYJKoZIhvcNAQEBBQADIAAwHQIAAhkcow/JEdSEmgAFArUhIgIAAAAAAAAAKgAAoAAwDQYJKoZIhvcNAQELBQADggEBADXovDJmq+2Ekk6kUVJ4LpVT5bq4RLclpMxO618bNqVI9cCdBLBmcZB1RJcE9WmSCsa8LUUAExtOFu3GBKxIhBj0FTH2KJgr25dBSeHjgl2QyB0tUnQFuvyu1nWv3LReWMp+6c/eRx+n8SiBPKD8zwYcbWalBCY2lNmlBEO2oltYl2ZbCOE1cvoaWpaGyU9ghYsZVi/7rnNJdBbV2PAbLLfT1+BG4hfnd8RLXNNhNezy/PIqIpSyHPDuBf3tZzHHe4qds/0fDnKSI6xrQ+cq9A8IWb7yBAg+oDaUZCe6JUZVEr0K/xmtvQBxFUN0tUurcZBM1fXkXx3NBH5TdsVu1lo=

My. example code as follows when create MacOS APP using storyboard:

import Cocoa
import CommonCrypto
import CertificateSigningRequest

class ViewController: NSViewController {

var statusCode: OSStatus?
var publicKey: SecKey?
var privateKey: SecKey?

override func viewDidLoad() {
        super.viewDidLoad()

    let publicKeyAttr: [NSObject: NSObject] = [
                kSecAttrIsPermanent:true as NSObject,
                kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.public".data(using: String.Encoding.utf8)! as NSObject,
                kSecClass: kSecClassKey, // added this value
                kSecAttrAccessible: kSecAttrAccessibleAlways,
                kSecReturnData: kCFBooleanTrue] // added this value
    let privateKeyAttr: [NSObject: NSObject] = [
                kSecAttrIsPermanent:true as NSObject,
                kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.private".data(using: String.Encoding.utf8)! as NSObject,
                kSecClass: kSecClassKey, // added this value
                kSecAttrAccessible: kSecAttrAccessibleAlways,
                kSecReturnData: kCFBooleanTrue] // added this value

    var keyPairAttr = [NSObject: NSObject]()
    keyPairAttr[kSecAttrKeyType] = kSecAttrKeyTypeRSA
    keyPairAttr[kSecAttrKeySizeInBits] = 2048 as NSObject
    keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttr as NSObject
    keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAttr as NSObject
    keyPairAttr[kSecReturnRef] = kCFBooleanTrue

    var publicKey : SecKey?
    var privateKey : SecKey?;

    let statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)

    if statusCode == noErr && publicKey != nil && privateKey != nil {
        print("Key pair generated OK")
        var resultPublicKey: AnyObject?
        var resultPrivateKey: AnyObject?
        let statusPublicKey = SecItemCopyMatching(publicKeyAttr as CFDictionary, &resultPublicKey)
        let statusPrivateKey = SecItemCopyMatching(privateKeyAttr as CFDictionary, &resultPrivateKey)

        if statusPublicKey == noErr {
            if let publicKey = resultPublicKey as? Data {
                print("Public Key: \((publicKey.base64EncodedString()))")
            }
        }

        if statusPrivateKey == noErr {
            if let privateKey = resultPrivateKey as? Data {
                print("Private Key: \((privateKey.base64EncodedString()))")
            }
        }
    } else {
        print("Error generating key pair: \(String(describing: statusCode))")
    }
    
    //let keyBlockSize = SecKeyGetBlockSize(publicKey!)
    //Ask keychain to provide the publicKey in bits
    let query: [String: AnyObject] = [
        String(kSecClass): kSecClassKey,
        String(kSecAttrKeyType): kSecAttrKeyTypeRSA,
        String(kSecAttrApplicationTag): "com.xeoscript.app.RsaFromScrach.public".data(using: String.Encoding.utf8)! as NSObject,
        String(kSecReturnData): kCFBooleanTrue
    ]
    var tempPublicKeyBits:AnyObject?
    var _ = SecItemCopyMatching(query as CFDictionary, &tempPublicKeyBits)
    let publicKeyBits = tempPublicKeyBits as? Data
    print("publicKeyBits are :\(publicKeyBits!)" )
    
    
    let keyAlgorithm = KeyAlgorithm.rsa(signatureType: .sha256)
    //Initiale CSR
    let csr = CertificateSigningRequest(commonName: "CertificateSigningRequest Test",
                                        organizationName: "Test", organizationUnitName: "Test",
                                        countryName: "US", stateOrProvinceName: "KY",
                                        localityName: "Test", emailAddress: "[email protected]",
                                        description: "hello", keyAlgorithm: keyAlgorithm)
    //Build the CSR
    let csrBuild = csr.buildAndEncodeDataAsString(publicKeyBits!, privateKey: privateKey!)
    //let csrBuild2 = csr.buildCSRAndReturnString(publicKeyBits, privateKey: privateKey)
    if let csrRegular = csrBuild {
        print("CSR string no header and footer")
        print(csrRegular)
        //XCTAssertGreaterThan(csrBuild!.count, 0, "CSR contains no data")
    } else {
        //XCTAssertNotNil(csrBuild, "CSR with header not generated")
    }
    
}

    override var representedObject: Any? {
        didSet {
    // Update the view, if already loaded.
    }
}

}

from certificatesigningrequest.

swift test is macOS in which there has already been issue identified in this thread. I mentioned:

Are you able to investigate this to see what's going on with the keys? I'm guessing it's something with the way the keys are created/maintained in Keychain in MacOS. If you get somewhere close to a fix, feel free to submit a PR and I will try to help with the fix

iOS works fine, but those of you using macOS can try to debug and if you submit PR's with possible fixes, I can take a look.

from certificatesigningrequest.

Stale issue message

from certificatesigningrequest.

Stale issue message

from certificatesigningrequest.

Stale issue message

from certificatesigningrequest.

Stale issue message

from certificatesigningrequest.