eskimo1@apple.com do you have any idea about this?

So, what we found was the following - The X and Y values of the EC public key are treated as signed base64 encoded values by our server. So, while extracting the x (or y) byte components from public key, if the most significant byte is greater than 0x7f, the x (or y) value will be treated as negative values. However, our server expects the the X and Y values to be positive for a valid EC key. So the fix was to check If the x or y component of the public key has a first byte value greater than 0x7f, then add an extra 0x00 byte, to make the value positive before encoding. The code is: (NSArray<NSString *> *)getBase64EncodedCoordinatesFromECPublicKey:(SecKeyRef)publicKey error:(out NSError **)error{		 CFErrorRef copyPublicKeyError = NULL;		 NSData* keyData = (NSData*)CFBridgingRelease(				 SecKeyCopyExternalRepresentation(publicKey, &copyPublicKeyError)		 );		 if (!keyData) { NSError *err = CFBridgingRelease(copyPublicKeyError);				 NSLog(@"%@", err);				 return nil;		 } NSString *xCoordinate;		NSString *yCoordinate;		 NSData *xDataRaw = [keyData subdataWithRange:NSMakeRange(1, keyData.length/2)];		 NSData *yDataRaw = [keyData subdataWithRange:NSMakeRange((keyData.length / 2)+1, keyData.length/2)];				 uint8_t zeroByte = 0x00; const unsigned char* xBytes = [xDataRaw bytes];		 const unsigned char* yBytes = [yDataRaw bytes];				 int mostSignificantByte_x = xBytes[0];		 int mostSignificantByte_y = yBytes[0];		 if (mostSignificantByte_x > 127) {				 NSMutableData *xData = [[NSMutableData alloc] initWithBytes:&zeroByte length:1];				 [xData appendData:xDataRaw];				 xCoordinate = [self encodeBase64urlWithPadding:xData];		 } else {				 xCoordinate = [self encodeBase64urlWithPadding:xDataRaw];		 } if (mostSignificantByte_y > 127) {				 NSMutableData *yData = [[NSMutableData alloc] initWithBytes:&zeroByte length:1];				 [yData appendData:yDataRaw];				 yCoordinate = [self encodeBase64urlWithPadding:yData];		 } else {				 yCoordinate = [self encodeBase64urlWithPadding:yDataRaw];		 } NSArray *coordinates = @[xCoordinate, yCoordinate];		 return coordinates; }

That's really weird because I have the same thing with underscores in the lldb output and in this box. Looks like it is stripped if it's not inside a code block. Pasting it again here within a code block. I'm using the base64 encoder on NSData and making it URL safe as you've shown. x: EUA2cFR9ZrGJozbkwYeyBrbrG3p4ChHBQu_sWem2sgM y: n6WQz7uMkIALgLM5xriANs5VXKy_2Q71jetoI6Pzojk ==== DON'T USE THIS (BELOW) SINCE UNDERSCORES ARE STRIPPED ===== (lldb) po xbytes EUA2cFR9ZrGJozbkwYeyBrbrG3p4ChHBQusWem2sgM (lldb) po ybytes n6WQz7uMkIALgLM5xriANs5VXKy2Q71jetoI6Pzojk

Yes here are the base64 URL encoded x and y coords that did work (this is the ONLY one that worked) x: LWUQoWBjj4yHpPcOiawHF3745LRk6s8p4pMGJ9ss y: KWY7lHhDCfzl3C70az9RNxHPty3TuLqA1FIptcQJ0g ==================================== Here is a key that does NOT work. (lldb) po publicKey <SecKeyRef curve type: kSecECCurveSecp256r1, algorithm id: 3, key type: ECPublicKey, version: 4, block size: 256 bits, y: 9FA590CFBB8C90800B80B339C6B88036CE555CACBFD90EF58DEB6823A3F3A239, x: 11403670547D66B189A336E4C187B206B6EB1B7A780A11C142EFEC59E9B6B203, addr: 0x7fa4a680fd60> (lldb) po keyData <04114036 70547d66 b189a336 e4c187b2 06b6eb1b 7a780a11 c142efec 59e9b6b2 039fa590 cfbb8c90 800b80b3 39c6b880 36ce555c acbfd90e f58deb68 23a3f3a2 39> (lldb) po xData <11403670 547d66b1 89a336e4 c187b206 b6eb1b7a 780a11c1 42efec59 e9b6b203> (lldb) po yData <9fa590cf bb8c9080 0b80b339 c6b88036 ce555cac bfd90ef5 8deb6823 a3f3a239> (lldb) po xbytes EUA2cFR9ZrGJozbkwYeyBrbrG3p4ChHBQusWem2sgM (lldb) po ybytes n6WQz7uMkIALgLM5xriANs5VXKy2Q71jetoI6Pzojk I get an error saying the points are not on the curve and when I debug further, the computation shows the LHS does not match the RHS in the equation below. y^2 = x^3 + ax + b Let me know if you need more info. Thanks Srini

Hi Can you post sample code on how you did this? I have a similar question at https://developer.apple.com/forums/thread/651071