RSA public/private key generates with swift does not compatible with any other platforms

I'm createing RSA public and private key pairs like below.

var statusCode: OSStatus
        var publicKey: SecKey?
        var privateKey: SecKey?

        let publicKeyAttribute: [NSObject : NSObject] = [kSecAttrIsPermanent: true as NSObject, kSecAttrApplicationTag: "com.anu.keys.apppublic".data(using: String.Encoding.utf8)! as NSObject]

        let privateKeyAtrribute: [NSObject: NSObject] = [kSecAttrIsPermanent: true as NSObject, kSecAttrApplicationTag: "com.anu.keys.appprivate".data(using: String.Encoding.utf8)! as NSObject]

        var keyPairAttr = [NSObject: Any]()
        keyPairAttr[kSecAttrType] = kSecAttrKeyTypeRSA
        keyPairAttr[kSecAttrKeySizeInBits] = 2048
        keyPairAttr[kSecReturnData] = true
        keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttribute
        keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAtrribute


        statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)

This generates two keys properly and keys are like below,

public key

<SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 4, block size: 2048 bits, exponent: {hex: 10001, decimal: 65537}, modulus: B4854E2DA6BA5EBC96C38BD44078D314E4504D130A03018ACD17D0F6679C3B6C9937B5D932A635AEAC32B9245EC400208C1F79932174EF804468D0DCE40DAF5B544CF9E4BCD7C49BA5D0BF3F8246B89B57A3A910CBB5200DCA6145E3EE216CE9C4A3283F1027AA15F7543BD3BEFF35BE24EE709CF8EB12545970AFFDA38CA11410ECA20A8F428D228ED07BF5399A2F55D93D7C143BAFA59A08E4FF932C3A689FA7F3F166B79A43837028319CB383F716B594F317ED6E20D7A8003190A13BC132D5B13708EDAEA3E2012B16CF37437BB617070D9A6DDFE55884A79BD530E4E654B823A8BBBF0AA777C8E46E94BD83E1C59EC6E1D34E69405640C309515243AA8D, addr: 0x608000420e80>

private key

<SecKeyRef algorithm id: 1, key type: RSAPrivateKey, version: 4, block size: 2048 bits, addr: 0x60000003b960>

But I cannot use those keys with any other platforms such as .net or android. it says invalid key format. in android the key can see like below,

***** key

-----BEGIN RSA PUBLIC KEY----- 
MIIBCgKCAQEA0bipoOhkkvPxcsyOzcqsIUeVe0+iwe8W7N4EbHZMgujRERu1TPpy UcCO0uuKmm1TU09Kl40rRvDbtgB1YcGV3FPnNp3sOyFVsdyZ5bzxZtyyLrSWtj/n bLnGwaG9xJSwd2R/pTQLzOLV5KldwD2eUb3Z4Z4e9Z8II7eWgGaCLLqbrtEAa05N EqARckxrzJ1S3j+59h4AQovF72KI90/kRPryT2OGDiVlJ6CTjn2ZnTYcx65X6Rwf AeJKHZAGhw96j9tXyS+dJcXy4IBUTi3PXw0aEfhHQr/JsSHuMp/8mrhVJEokXb1C gKDZgJXujpGhCBdztHBAJxLBQMlODg7srwIDAQAB 
-----END RSA PUBLIC KEY-----

Private key

-----BEGIN RSA PRIVATE KEY----- 
MIIEowIBAAKCAQEAsfxMagVKY5++61Kot0esyhEOesqyQlZNvWbqMBcOoaOAb3pk LvwaGJ2YtD12u4yDEKcY5rpX7B/2t8GBHf+74NG47zAutf4Gf6qgQRUmIx2b7i4k WBt3KIifb/Zfs9KVJLhD4007bg1OtXA4kIhhXiuvhajDjDLOEthogF45CkJe+N67 JnH5hVW5CqBxPyRCrWCFbEHcXs5H515JV/Kz1+JVrB2/M03fW751wptO2GdGwsde ofqQzY+WUzqUihXigIjAVLFRemky3HpwuhzXUJn6A0ZD4tkk1JLstpSSJdBpH+L2 b9QlOitehxFgRsYmto+idpD1XrS9UyUtmpbTuwIDAQABAoIBAQCYvrAJcJ7lnmtn Ytm96LoF89tcT+Xpfk1bFR43xSHeYAXSJdQiamIu69joHbNuwuib+vsoz5Sy5L+D 9YHMb/MZvoIaa1w6/VUwbQr4r6C6FCgEoP65ymBZnd5OZL6/ASLTj3tbb6VoDe2V UkiI6TG+cnlAmJOxFsy5aZVNTQ9gmCMS0+AdpTbDsxTPg3y0EKFXeVRyKjq0lO9m p3G5yHkFjzWWY6s5XHx27gDTt8eXg/un72Qsz1rh5iUnAoxrga0Oco3Yk9DMvMwz a1I1Lo5fpB6FbTGX3k24heSnLDFEnlBvsBBg0g/n/qgwoZJ81MgG8Q4kAfeScuCI sYVnHEBpAoGBAOpnrKEkyhk1rXG4Md+z1/odhqx89mV7mF1ttW4IhFcwpJSMohsG r27Ic87whkpRxz2Mwj3B5WPGne4UkbvniH46n3jEW7ZIUF+ASVWkjMaGJWtOqSLC I19Snie9WvpREwaCVuvT2l4IeM1WL5gKotBwa3csZgGYH6gcyW5Ipbo/AoGBAMJh /+WXbohF4+A989q0jYjRRhKwUJAYeK8/AePrx8MnAXnRd09TiqeGn0Xig/RNZ0RE 96/TC1dTIBIHk5aDMy3vQhhYF0KbwcQWmCOnGo1qNTTaWTa3UitFMWf0hO0HuZtp RyD1YwhHP0W2tiK2GVjCreqIYASCpYKLq5Qq1K+FAoGARk2h8RLfqn/27UyZaMa/ 2DxS0BkKrZVMNXlaGQ5k4uGr+wHS/NgcddWZJk/tdwzf/Q3ilDM7YZmIdIemzfy7 a2CZw9bgyuMVeA85733S2xgQ0QZepBYmFcjptnGMf9chJaqh90krDVjtImjfDXLj MjEFilC+p2vA0uMPZwxS6HECgYAc5dLUQBoHmlRRTwSEvBjagToopxujAHBYpUZT qwbMpWzbvl89ZM8VLrdY/V7en+89P/+OnRJvjgUTiRrQ4npmVs59rgLvPRamXzGJ A1u4MFTuoZNnxgMqOaQprzlfv6lBSHpxlOl/HpByfcJAENBd2LtgRZv4r6+JY9hD M8bgvQKBgCDTSCLj5c1CYyuJMdrz9L5+xLFmrmL48djhK460ZcmcZ/gP808CyXx/ sDneow+JWt7Jb3p5zyUvvq1aDGNSsn4plB2rg7AqtoHcZYyFFZGI/K/b6JZna1yu FUYOfcanunabxY1wPQxuvR+AEuufBjB0aKg+qkLCCN1HYQtLs+N8 
-----END RSA PRIVATE KEY-----

why is this. why ios(Apple) cannot provide standard public/private keys that can use with rest APIs and with other platforms. I don't want to use any third party libraries. hope your help with this.

Post not yet marked as solved Up vote post of Anuradh Down vote post of Anuradh
14k views

Replies

There’s lot of layers here, so hold on to your hat…

If you want to do crypto operations in a way that’s compatible with other platforms, you should take a look at the CryptoCompatibility sample code. It’s a great resource for this sort of thing.

If you want to export a key you have three choices:

  • You can use

    SecKeyCopyExternalRepresentation
    on modern versions of all our platforms
  • On macOS you can also use the older APIs in

    <Security/SecImportExport.h>
  • On older versions of iOS there’s a hack to export public keys via

    SecItemCopyMatching
    ; I recommend you avoid this unless you’re deploying to a platform that doesn’t have
    SecKeyCopyExternalRepresentation

If you export an RSA public key with

SecKeyCopyExternalRepresentation
, you get back a
Data
object containing a DER-encoded
RSAPublicKey
data structure. To convert that to a the text format you referenced (PEM):
  • Base64 encode the data

  • Add the

    RSA PUBLIC KEY
    prefix and suffix

IMPORTANT Many systems that work with PEM want you to give them a Base64-encoded DER-encoded

SubjectPublicKeyInfo
data structure. This is like the
RSAPublicKey
data structure except it has a prefix that identifies the key type. You can recognise this by the PEM prefix and suffix: the
RSAPublicKey
form will use
RSA PUBLIC KEY
while the
SubjectPublicKeyInfo
form will use just
PUBLIC KEY
.

Finally, on macOS you can export directly to PEM using the above-mentioned

<Security/SecImportExport.h>
APIs.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I followed through the above code and was able to succesfully generate RSA key pair. The Generated key pair is in PKCS1 format, but i require PKCS8 formatted key pair. please help.

i require PKCS8 formatted key pair

What flavour of PKCS#8? That is, with reference to RFC 5208, are you trying to build a

PrivateKeyInfo
structure? Or an
EncryptedPrivateKeyInfo
structure?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I think we are using a

PrivateKeyInfo
structure. Below is a sample public key we are using for the java server.


-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWlPin0rRUlcxcp9TUeWx1zqCj8x9yFk81wkq2iH5W+1Yli2FRn56ukXdirAX+NmwhcgmRRl8V/avdDY6vWdY0vpWvIyGPhFNsDmKX3ZmpAZEXjhZb3TpHRnQsf3zLOIfrb3f/5oLHlwi+oW8lRtXuAqddQgJJgUdXEIUevkVGBcCPlqN0MWgn3BpMjMqfb/6E3dieb/uhwHQ82vWIYwbkG+Io1MzV5lhX+qMyAuHYbqJoz98BztHVCQEUIn34ed3uDyb6r2eU8IbbYI26rMe97ze7JKUno55l6sYy8xnwUxII0S/Flh3NHXZMYD8ZXhM9Z11l1QJ6emjBI6VHEDJQIDAQAB-----END PUBLIC KEY-----

I think we are using a

PrivateKeyInfo
structure. …
-----BEGIN PUBLIC KEY-----

Huh? The two lines I’ve quoted above are self-contradictory. The example you posted is of a public key, so I don’t see how

PrivateKeyInfo
is involved.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

This is the sample private key we are using



-----BEGIN PRIVATE KEY-----

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNaU+KfStFSVzFyn1NR5bHXOoKPzH3IWTzXCSraIflb7ViWLYVGfnq6Rd2KsBf42bCFyCZFGXxX9q90Njq9Z1jS+la8jIY+EU2wOYpfdmakBkReOFlvdOkdGdCx/fMs4h+tvd//mgseXCL6hbyVG1e4Cp11CAkmBR1cQhR6+RUYFwI+Wo3QxaCfcGkyMyp9v/oTd2J5v+6HAdDza9YhjBuQb4ijUzNXmWFf6ozIC4dhuomjP3wHO0dUJARQiffh53e4PJvqvZ5Twhttgjbqsx73vN7skpSejnmXqxjLzGfBTEgjRL8WWHc0ddkxgPxleEz1nXWXVAnp6aMEjpUcQMlAgMBAAECggEAFqH03qh9/QthSnXOKpapuVu2edyOr9EhI2NSswQ4fQI69RQbM+YB0G1QZXe+bJJMvzP3JobF2LucCXAahoD7j3ZMxvWKqY+paKgGdCnmsQ4RhQhRpXkt+Z/NxODtn8NkVbnpOVQZvFTBHtlzH85Hor2GUCdIR1/uWSZUKVqZdOZakuy/usPxjEtM9r86HkPjHyZfntQzM9Bmvl8SKGcTK8AXOfOt3p8PJ0VapdV5NPVtJXrKxrthhta5OpotmSdIhpCj9U0xhxXbfT6Cap/Ae3BhlAu4WkwZ6Tc8DzNbT3QciFEdp68P/afI51hjkVXU8YobiDJzEwAXO38JBzg74QKBgQDpjqNo4ey+j0Q7fb0UfSNXfb7B5F7/unY/NAp1UIuQjF9U/S0z5gSLGPrsApEZPvDb3FluUXWF+ue49dHdpJ9X+5OIOccWUiKIQGAhNGAfk2mhY4KeobNvcFoyYZYhn13wibyaWJUg+IUNDTRvkCnRWTjAtPsZJpVFhbEQzh0inQKBgQDhJk2LXaUJRfmzdWx5H6yBRpfNSkilWNLkbm0qYUZUe1j2q2NLV2ry+wSoPPZ+d1O4mvauO1jL2J/uNd8bNXOup4Yw0MZ01FgND3MPACoOQL0ufEHO28OOrWyN6jhdyZLnPAip9fRotu3de0tH9Jr0iur0iyNZPCoovdW+6TrYKQKBgQDVyRfxCGRhZdiKMCVkXMt96X80EeuXX8GfRu6PxgOKc8NLk1fOGq1r+ZitcggJOODWD5PY9D2EP0/esTzCCk9FBOZdmq2O0+4CFBMqMbwPCyt0bBcDR3Zs+kXFuifnbO5bIGkASzdub62ybbTire5pT6cwVjlGI1gdxCt4+4IVzQKBgQC2GLGM7z9EocjUATurNxfhMsQh8FuTB6UBxeIa7bPhLiYE0xcq31gLj0P0AeJm5IHdA9BRmIQ30kt/cSiyK+gVMT7SCnkIEpnobj9juYFKJ8gaabsb4BhpNBBhMzdFe3uJ878aH2f+rTzy7f40Azy0XgqroEEFsihy7R6MGrxSCQKBgAzia7tSoalhH2j6mkZrmMOdeRiZWiHRcHYSUUDuyVG+MUp2ZwimN3b5ea3eHOb+oa8cwW0D4Uysje0DgGhCfVmZdMSWfmLkmDUFMrtGVD8yz22zPO/w503Vj3quywdVaIgb0xmmkZM6Q+I3fknpue/I3/gvDY1EO+IAMEy2yz/k-----END PRIVATE KEY-----

Right. That is, indeed, a

PrivateKeyInfo
structure. You have a couple of choices here:
  • You can change your server to accept an

    RSAPrivateKey
    structure. The nice thing about this approach is that your server is likely to have a full-feature crypto toolkit, and thus this will be relatively easy.
  • You can wrap the

    RSAPrivateKey
    structure in
    PrivateKeyInfo
    , as per RFC 5208. The problem is that iOS does not have any APIs for this, so you’ll need to do the work yourself. Depending on the nature of your keys you may be able to just use a simple prefix (more on this below), but in the worst case you’ll need an actual ASN.1 encoder. Unfortunately iOS does not have an API for this, so you’d have to write or acquire that encoder.

With regards the second point, if you decode the Base64 in your example key and then dump it with dumpasn1, you’ll see this:

$ dumpasn1 -a private.asn1 
   0 1214: SEQUENCE {
   4    1:   INTEGER 0
   7   13:   SEQUENCE {
   9    9:     OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
  20    0:     NULL
         :     }
  22 1192:   OCTET STRING, encapsulates {
  26 1188:     SEQUENCE {
  30    1:       INTEGER 0
  33  257:       INTEGER
         :         00 CD 69 4F 8A 7D 2B 45 49 5C C5 CA 7D 4D 47 96
         :         C7 5C EA 0A 3F 31 F7 21 64 F3 5C 24 AB 68 87 E5
         :         6F B5 62 58 B6 15 19 F9 EA E9 17 76 2A C0 5F E3
         :         66 C2 17 20 99 14 65 F1 5F DA BD D0 D8 EA F5 9D
         :         63 4B E9 5A F2 32 18 F8 45 36 C0 E6 29 7D D9 9A
         :         90 19 11 78 E1 65 BD D3 A4 74 67 42 C7 F7 CC B3
         :         88 7E B6 F7 7F FE 68 2C 79 70 8B EA 16 F2 54 6D
         :         5E E0 2A 75 D4 20 24 98 14 75 71 08 51 EB E4 54
         :         60 5C 08 F9 6A 37 43 16 82 7D C1 A4 C8 CC A9 F6
         :         FF E8 4D DD 89 E6 FF BA 1C 07 43 CD AF 58 86 30
         :         6E 41 BE 22 8D 4C CD 5E 65 85 7F AA 33 20 2E 1D
         :         86 EA 26 8C FD F0 1C ED 1D 50 90 11 42 27 DF 87
         :         9D DE E0 F2 6F AA F6 79 4F 08 6D B6 08 DB AA CC
         :         7B DE F3 7B B2 4A 52 7A 39 E6 5E AC 63 2F 31 9F
         :         05 31 20 8D 12 FC 59 61 DC D1 D7 64 C6 03 F1 95
         :         E1 33 D6 75 D6 5D 50 27 A7 A6 8C 12 3A 54 71 03
         :         25
 294    3:       INTEGER 65537
 299  256:       INTEGER
         :         16 A1 F4 DE A8 7D FD 0B 61 4A 75 CE 2A 96 A9 B9
         :         5B B6 79 DC 8E AF D1 21 23 63 52 B3 04 38 7D 02
         :         3A F5 14 1B 33 E6 01 D0 6D 50 65 77 BE 6C 92 4C
         :         BF 33 F7 26 86 C5 D8 BB 9C 09 70 1A 86 80 FB 8F
         :         76 4C C6 F5 8A A9 8F A9 68 A8 06 74 29 E6 B1 0E
         :         11 85 08 51 A5 79 2D F9 9F CD C4 E0 ED 9F C3 64
         :         55 B9 E9 39 54 19 BC 54 C1 1E D9 73 1F CE 47 A2
         :         BD 86 50 27 48 47 5F EE 59 26 54 29 5A 99 74 E6
         :         5A 92 EC BF BA C3 F1 8C 4B 4C F6 BF 3A 1E 43 E3
         :         1F 26 5F 9E D4 33 33 D0 66 BE 5F 12 28 67 13 2B
         :         C0 17 39 F3 AD DE 9F 0F 27 45 5A A5 D5 79 34 F5
         :         6D 25 7A CA C6 BB 61 86 D6 B9 3A 9A 2D 99 27 48
         :         86 90 A3 F5 4D 31 87 15 DB 7D 3E 82 6A 9F C0 7B
         :         70 61 94 0B B8 5A 4C 19 E9 37 3C 0F 33 5B 4F 74
         :         1C 88 51 1D A7 AF 0F FD A7 C8 E7 58 63 91 55 D4
         :         F1 8A 1B 88 32 73 13 00 17 3B 7F 09 07 38 3B E1
 559  129:       INTEGER
         :         00 E9 8E A3 68 E1 EC BE 8F 44 3B 7D BD 14 7D 23
         :         57 7D BE C1 E4 5E FF BA 76 3F 34 0A 75 50 8B 90
         :         8C 5F 54 FD 2D 33 E6 04 8B 18 FA EC 02 91 19 3E
         :         F0 DB DC 59 6E 51 75 85 FA E7 B8 F5 D1 DD A4 9F
         :         57 FB 93 88 39 C7 16 52 22 88 40 60 21 34 60 1F
         :         93 69 A1 63 82 9E A1 B3 6F 70 5A 32 61 96 21 9F
         :         5D F0 89 BC 9A 58 95 20 F8 85 0D 0D 34 6F 90 29
         :         D1 59 38 C0 B4 FB 19 26 95 45 85 B1 10 CE 1D 22
         :         9D
 691  129:       INTEGER
         :         00 E1 26 4D 8B 5D A5 09 45 F9 B3 75 6C 79 1F AC
         :         81 46 97 CD 4A 48 A5 58 D2 E4 6E 6D 2A 61 46 54
         :         7B 58 F6 AB 63 4B 57 6A F2 FB 04 A8 3C F6 7E 77
         :         53 B8 9A F6 AE 3B 58 CB D8 9F EE 35 DF 1B 35 73
         :         AE A7 86 30 D0 C6 74 D4 58 0D 0F 73 0F 00 2A 0E
         :         40 BD 2E 7C 41 CE DB C3 8E AD 6C 8D EA 38 5D C9
         :         92 E7 3C 08 A9 F5 F4 68 B6 ED DD 7B 4B 47 F4 9A
         :         F4 8A EA F4 8B 23 59 3C 2A 28 BD D5 BE E9 3A D8
         :         29
 823  129:       INTEGER
         :         00 D5 C9 17 F1 08 64 61 65 D8 8A 30 25 64 5C CB
         :         7D E9 7F 34 11 EB 97 5F C1 9F 46 EE 8F C6 03 8A
         :         73 C3 4B 93 57 CE 1A AD 6B F9 98 AD 72 08 09 38
         :         E0 D6 0F 93 D8 F4 3D 84 3F 4F DE B1 3C C2 0A 4F
         :         45 04 E6 5D 9A AD 8E D3 EE 02 14 13 2A 31 BC 0F
         :         0B 2B 74 6C 17 03 47 76 6C FA 45 C5 BA 27 E7 6C
         :         EE 5B 20 69 00 4B 37 6E 6F AD B2 6D B4 E2 AD EE
         :         69 4F A7 30 56 39 46 23 58 1D C4 2B 78 FB 82 15
         :         CD
 955  129:       INTEGER
         :         00 B6 18 B1 8C EF 3F 44 A1 C8 D4 01 3B AB 37 17
         :         E1 32 C4 21 F0 5B 93 07 A5 01 C5 E2 1A ED B3 E1
         :         2E 26 04 D3 17 2A DF 58 0B 8F 43 F4 01 E2 66 E4
         :         81 DD 03 D0 51 98 84 37 D2 4B 7F 71 28 B2 2B E8
         :         15 31 3E D2 0A 79 08 12 99 E8 6E 3F 63 B9 81 4A
         :         27 C8 1A 69 BB 1B E0 18 69 34 10 61 33 37 45 7B
         :         7B 89 F3 BF 1A 1F 67 FE AD 3C F2 ED FE 34 03 3C
         :         B4 5E 0A AB A0 41 05 B2 28 72 ED 1E 8C 1A BC 52
         :         09
1087  128:       INTEGER
         :         0C E2 6B BB 52 A1 A9 61 1F 68 FA 9A 46 6B 98 C3
         :         9D 79 18 99 5A 21 D1 70 76 12 51 40 EE C9 51 BE
         :         31 4A 76 67 08 A6 37 76 F9 79 AD DE 1C E6 FE A1
         :         AF 1C C1 6D 03 E1 4C AC 8D ED 03 80 68 42 7D 59
         :         99 74 C4 96 7E 62 E4 98 35 05 32 BB 46 54 3F 32
         :         CF 6D B3 3C EF F0 E7 4D D5 8F 7A AE CB 07 55 68
         :         88 1B D3 19 A6 91 93 3A 43 E2 37 7E 49 E9 B9 EF
         :         C8 DF F8 2F 0D 8D 44 3B E2 00 30 4C B6 CB 3F E4
         :       }
         :     }
         :   }

Everything from offset 26 (0x1a) onwards is the

RSAPrivateKey
structure. If you hex dump the file:
$ hexdump private.asn1 
0000000 30 82 04 be 02 01 00 30 0d 06 09 2a 86 48 86 f7
0000010 0d 01 01 01 05 00 04 82 04 a8 …

you can see that this header is relatively constant. The only difference from key to key is the lengths encoded at offsets 0x02 and 0x18. As long as the wrapped

RSAPrivateKey
is of a reasonable size, the encoding for these lengths is relatively straightforward and you can just add the fixed header and then patch the lengths.

Still, this isn’t much fun, which is why I recommend that you do this conversion on the server side.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for the info @eskimo, it is very useful.


I think it would be useful to include ASN.1 encoder/decoder APIs into iOS (or stripped down versions to support SubjectPrivateKeyInfo/

SubjectPublicKeyInfo structures) as often developers do not control the backend -- ie. developing against a third party API/server that uses keys.

I think it would be useful to include ASN.1 encoder/decoder APIs into iOS …

I totally agree, but it’s not me you need to convince (-: To get your suggestions in front of the folks who have the power to enact change, you should file an enhancement request describing your requirements.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for the suggestion eskimo, raised a radar as 45115021. Feel free to add any comments.

@eskimo I have to created a public/private RSA key pair in Swift and converted it to SecKeyCopyExternalRepresentation. I now want to create a self signed X.509 certificate with the public key to send to my server. Is there a way to achieve this in iOS ?

I now want to create a self signed X.509 certificate with the public key to send to my server. Is there a way to achieve this in iOS ?

iOS has no APIs for generating certificates.

The easiest way to solve this problem is to update your server to accept a public key rather than requiring a certificate. After all, a self-signed certificate doesn’t actually by you anything security-wise.

If that’s not an option, you’ll need to write or acquire library code to generate the certificate yourself. That’s not a lot of fun IME [1].


Oh, while I’m here, I’m going to put a plug in for the following posts:

They cover much the same ground as this thread, but in a lot more detail.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Actually, it’s huge amounts of fun, in that I love messing around with ASN.1 abstractions (-: What I really should say is that “it’s a lot of code to write and maintain in the long term”.