MacOS: EC public key creation from data failed

let pubString = "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAECDDYmcIpUxC2EVJu8o/qPHPoZMId11A/2nVAXJByFOYSigUnZ6njK4qZQMGxLr3xNND17yYoXZ21QKus4bUHfg=="
let pubData = NSData(base64Encoded: pubString)

let pubRaw = pubData?.bytes.assumingMemoryBound(to: UInt8.self)

let CFPubData = CFDataCreate(nil, pubRaw!, pubData!.length)

let options: [String: Any] = [kSecAttrKeyType as String: kSecAttrKeyTypeEC,
                              kSecAttrKeyClass as String: kSecAttrKeyClassPublic,
                              kSecAttrKeySizeInBits as String: 256]

var error: Unmanaged<CFError>?

guard let privKey = SecKeyCreateWithData(CFPubData!, options as CFDictionary, &error) else {
    throw error!.takeRetainedValue() as Error
}


I'm getting Code=-50 "EC public key creation from data failed" (paramErr: error in user parameter list)


The key is a public EC key generated (PEM Format, Headers stripped) with the following command:


openssl ecparam -genkey -name secp256k1 -noout -out ngthnd_priv.pem
Up vote post of nighthound Down vote post of nighthound
8.5k views
Posted by
nighthound
Reply
Add a Comment

Replies

Then I checked with dumpasn1

You have a secp256k1 key while SecKeyCreateWithData is expecting a secp256r1 key. The clue is in the identifier kSecAttrKeyTypeECSECPrimeRandom, where the Prime implies p and the Random implies r.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Thanks a lot for the reply Eskimo, but what I wanted to know was, why was the base64 string different in my case ?

Code Block 
base64 -b 76 hexdumped.dat           MDAwMDAwMTcgIDA0IDA4IDMwIGQ4IDk5IGMyIDI5IDUzICAxMCBiNiAxMSA1MiA2ZSBmMiA4ZiBlYSAgfC4uMC4uLilTLi4uUm4uLi58CjAwMDAwMDI3ICAzYyA3MyBlOCA2NCBjMiAxZCBkNyA1MCAgM2YgZGEgNzUgNDAgNWMgOTAgNzIgMTQgIHw8cy5kLi4uUD8udUBcLnIufAowMDAwMDAzNyAgZTYgMTIgOGEgMDUgMjcgNjcgYTkgZTMgIDJiIDhhIDk5IDQwIGMxIGIxIDJlIGJkICB8Li4uLidnLi4rLi5ALi4uLnwKMDAwMDAwNDcgIGYxIDM0IGQwIGY1IGVmIDI2IDI4IDVkICA5ZCBiNSA0MCBhYiBhYyBlMSBiNSAwNyAgfC40Li4uJihdLi5ALi4uLi58CjAwMDAwMDU3ICA3ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHx+fAowMDAwMDA1OAo=


This is not at all like the string that you got - 
Code Block 
BAgw2JnCKVMQthFSbvKP6jxz6GTCHddQP9p1QFyQchTmEooFJ2ep4yuKmUDBsS698TTQ9e8mKF2d
tUCrrOG1B34=


I used the same string for checking
Posted by
annathomas
Up vote reply of annathomas Down vote reply of annathomas
Add a Comment

what I wanted to know was, why was the base64 string different in my
case?

Because you’ve Base64 encoded a hex dump rather than they key bytes!

Contrast this:

Code Block  
% base64 -D > us.dat  
BAgw2JnCKVMQthFSbvKP6jxz6GTCHddQP9p1QFyQchTmEooFJ2ep4yuKmUDBsS698TTQ9e8mKF2d
tUCrrOG1B34=
% xxd us.dat 
00000000: 0408 30d8 99c2 2953 10b6 1152 6ef2 8fea  ..0...)S...Rn...
00000010: 3c73 e864 c21d d750 3fda 7540 5c90 7214  <s.d...P?.u@\.r.
00000020: e612 8a05 2767 a9e3 2b8a 9940 c1b1 2ebd  ....'g..+..@....
00000030: f134 d0f5 ef26 285d 9db5 40ab ace1 b507  .4...&(]..@.....
00000040: 7e                                       ~


with this:

Code Block  
% base64 -D > them.dat
MDAwMDAwMTcgIDA0IDA4IDMwIGQ4IDk5IGMyIDI5IDUzICAxMCBiNiAxMSA1MiA2ZSBmMiA4ZiBlYSAgfC4uMC4uLilTLi4uUm4uLi58CjAwMDAwMDI3ICAzYyA3MyBlOCA2NCBjMiAxZCBkNyA1MCAgM2YgZGEgNzUgNDAgNWMgOTAgNzIgMTQgIHw8cy5kLi4uUD8udUBcLnIufAowMDAwMDAzNyAgZTYgMTIgOGEgMDUgMjcgNjcgYTkgZTMgIDJiIDhhIDk5IDQwIGMxIGIxIDJlIGJkICB8Li4uLidnLi4rLi5ALi4uLnwKMDAwMDAwNDcgIGYxIDM0IGQwIGY1IGVmIDI2IDI4IDVkICA5ZCBiNSA0MCBhYiBhYyBlMSBiNSAwNyAgfC40Li4uJihdLi5ALi4uLi58CjAwMDAwMDU3ICA3ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHx+fAowMDAwMDA1OAo=
% xxd them.dat
00000000: 3030 3030 3030 3137 2020 3034 2030 3820  00000017  04 08 
00000010: 3330 2064 3820 3939 2063 3220 3239 2035  30 d8 99 c2 29 5
00000020: 3320 2031 3020 6236 2031 3120 3532 2036  3  10 b6 11 52 6
00000030: 6520 6632 2038 6620 6561 2020 7c2e 2e30  e f2 8f ea  |..0
00000040: 2e2e 2e29 532e 2e2e 526e 2e2e 2e7c 0a30  ...)S...Rn...|.0
00000050: 3030 3030 3032 3720 2033 6320 3733 2065  0000027  3c 73 e
00000060: 3820 3634 2063 3220 3164 2064 3720 3530  8 64 c2 1d d7 50
00000070: 2020 3366 2064 6120 3735 2034 3020 3563    3f da 75 40 5c
00000080: 2039 3020 3732 2031 3420 207c 3c73 2e64   90 72 14  |<s.d
00000090: 2e2e 2e50 3f2e 7540 5c2e 722e 7c0a 3030  ...P?.u@\.r.|.00
000000a0: 3030 3030 3337 2020 6536 2031 3220 3861  000037  e6 12 8a
000000b0: 2030 3520 3237 2036 3720 6139 2065 3320   05 27 67 a9 e3 
000000c0: 2032 6220 3861 2039 3920 3430 2063 3120   2b 8a 99 40 c1 
000000d0: 6231 2032 6520 6264 2020 7c2e 2e2e 2e27  b1 2e bd  |....'
000000e0: 672e 2e2b 2e2e 402e 2e2e 2e7c 0a30 3030  g..+..@....|.000
000000f0: 3030 3034 3720 2066 3120 3334 2064 3020  00047  f1 34 d0 
00000100: 6635 2065 6620 3236 2032 3820 3564 2020  f5 ef 26 28 5d  
00000110: 3964 2062 3520 3430 2061 6220 6163 2065  9d b5 40 ab ac e
00000120: 3120 6235 2030 3720 207c 2e34 2e2e 2e26  1 b5 07  |.4...&
00000130: 285d 2e2e 402e 2e2e 2e2e 7c0a 3030 3030  (]..@.....|.0000
00000140: 3030 3537 2020 3765 2020 2020 2020 2020  0057  7e        
00000150: 2020 2020 2020 2020 2020 2020 2020 2020                  
00000160: 2020 2020 2020 2020 2020 2020 2020 2020                  
00000170: 2020 2020 2020 2020 7c7e 7c0a 3030 3030          |~|.0000
00000180: 3030 3538 0a                             0058.


Clearly that’s not binary data but text, and hence this:

Code Block  
% cat them.dat
00000017  04 08 30 d8 99 c2 29 53  10 b6 11 52 6e f2 8f ea  |..0...)S...Rn...|
00000027  3c 73 e8 64 c2 1d d7 50  3f da 75 40 5c 90 72 14  |<s.d...P?.u@\.r.|
00000037  e6 12 8a 05 27 67 a9 e3  2b 8a 99 40 c1 b1 2e bd  |....'g..+..@....|
00000047  f1 34 d0 f5 ef 26 28 5d  9d b5 40 ab ac e1 b5 07  |.4...&(]..@.....|
00000057  7e                                                |~|
00000058


Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
I'm sorry but I didn't get you :(

what value should I base64 encode ?
Posted by
annathomas
Up vote reply of annathomas Down vote reply of annathomas
Add a Comment

what value should I base64 encode ?

It’s hard to answer that without knowing more about your intended workflow. However, the Base64 you posted is the Base64 of a hex dump, and that’s never going to be useful.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment