btnguyen2k/swift-rsautils

Private Key used

elbelga opened this issue · 6 comments

elbelga commented

How you generate the private key?

I generate my private key with this command

openssl genrsa -out privkey.pem 1024

But when I use this private key with the app, it's not imported in the keychain due to the magic number (It is other than 0x4)

btnguyen2k commented

Does your privkey.pem looks like this?


MIICWwIBAAKBgQDCznzQTepXDx8yZQidgsJ6yHk09eCYpoZARQbrRRRYmRdaXwuH
Dc0f2XtCSz1fjxIBUQc2nnU7OscZajimHKFJh2RspXocJR70cPFp0kABLnqYdkdQ
MbGJ3mpZ3aAXEf0W8c8Nvg7+UeSQePI3hA5uWcGKlC19ziX6tFTdMajqvQIDAQAB
AoGAGkI/LMzz45xUNjTMPn8bu/U98VebWLhJrGwhjKEZJwAr17CsGx5PIhXsuXju
4uykHq1PbZtabgt0PwbEcA+35ba+pxqWZx+zpDj93M+tvnjQsTTkwUZ5yJHC5YGT
wZrlbPHwlcrYriACLZk4ANwXdMnkkuX1QxGtdfuML0+kQwECQQD9J8rO8gXJlrmz
xAyL2LepZOShByxXdnQ1UyHYjLSDMcLennYWDGfzec1AarsDGfKF8zxxweelw3iB
pz/I7ACdAkEAxP7afCGvIasBodGQlL8Wyl5hi3ik45bcEEVut+WuDtnwO15FX2AL
mQDxX2425L/VGfQSIfOzKtyT52LTBnQooQJAHC/PDAW0kUKAAL0GbJe/s1OxhSBo
VoCw5bMQ5Kyd+LGUsfbQzRmqhVh9evunQOwlrbZsd3oQkctW4pC9sGBenQJAUkFs
L2rNOsyx2MStjz6fII76Qgd1KkbiyrSDP6xa2n6r7c42P1XWYePf5Y4aw7dKHxUn
wR+GD36dD3/XR5mXIQJAc52Zr8ZyZP4EmY4hmZ5YganYKsyAIyVfhLT49bxrWZK9
y1DG1QK52vcKEy0qlE/xllhtt45E4xrbb/Wr2XwY+Q==
-----END RSA PRIVATE KEY-----```
1. Try to remove the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- parts
2. Concatenate the other lines into a single line, it will become:
   `MIICWwIBAAKBgQDCznzQTepXDx8yZQidgsJ6yHk09eCYpoZARQbrRRRYmRdaXwuHDc0f2XtCSz1fjxIBUQc2nnU7OscZajimHKFJh2RspXocJR70cPFp0kABLnqYdkdQMbGJ3mpZ3aAXEf0W8c8Nvg7+UeSQePI3hA5uWcGKlC19ziX6tFTdMajqvQIDAQABAoGAGkI/LMzz45xUNjTMPn8bu/U98VebWLhJrGwhjKEZJwAr17CsGx5PIhXsuXju4uykHq1PbZtabgt0PwbEcA+35ba+pxqWZx+zpDj93M+tvnjQsTTkwUZ5yJHC5YGTwZrlbPHwlcrYriACLZk4ANwXdMnkkuX1QxGtdfuML0+kQwECQQD9J8rO8gXJlrmzxAyL2LepZOShByxXdnQ1UyHYjLSDMcLennYWDGfzec1AarsDGfKF8zxxweelw3iBpz/I7ACdAkEAxP7afCGvIasBodGQlL8Wyl5hi3ik45bcEEVut+WuDtnwO15FX2ALmQDxX2425L/VGfQSIfOzKtyT52LTBnQooQJAHC/PDAW0kUKAAL0GbJe/s1OxhSBoVoCw5bMQ5Kyd+LGUsfbQzRmqhVh9evunQOwlrbZsd3oQkctW4pC9sGBenQJAUkFsL2rNOsyx2MStjz6fII76Qgd1KkbiyrSDP6xa2n6r7c42P1XWYePf5Y4aw7dKHxUnwR+GD36dD3/XR5mXIQJAc52Zr8ZyZP4EmY4hmZ5YganYKsyAIyVfhLT49bxrWZK9y1DG1QK52vcKEy0qlE/xllhtt45E4xrbb/Wr2XwY+Q==`
elbelga commented

Yes, I made this and it doesnt work.
Also I tried to use the private key you send me and it doesn't work. The method stripPrivateKeyHeader returns nil because this validation

//magic byte at offset 22, check if it's actually ASN.1
var idx = 22
if ( keyAsArray[idx++] != 0x04 ) {
return nil
}

btnguyen2k commented

Hi @elbelga,

I'll more into this. For now, after you have the privkey.pem from the first step, you can run this command:
openssl pkcs8 -topk8 -nocrypt -in privkey.pem
It will output the private key string that is compatible with the code.

Example

-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAJ8xT62Sx0onkIci
epuokYKRxCxMZBcPtlbj5eRScq3C2owEYLUjLnXNYOehF1X0C5WiUlBDm6A3YPZl
uEEw7UpXaABsX9p1bvsZdr3y3TF6XfKJRP+UY2jDJveyx18ancDzF/6oWi6HDKC4
pF8/K5h2WCRXKvjbmAtP/9St+p/RAgMBAAECgYEAkVq1JgefcFYv4TPaP8brFg2C
0e/udCAknbH5d0DQ9Ve1taNJqhs1kNq2YMj2RcVPzpEoF6Gjt+bY4iJ+2weRoZ7Y
KfvskXdHBwrBQddYjOQSuDo8QKhzSsX9Qaoky8q5MMJ/Eqz3iVAdzM1UKHIfQ+pf
96h5dBq9Nvf+iSfoWwECQQDQNn0cfwJmuLZcusHdQyUnPBOWbaADjHImGjBj+gUU
86RUMwaXUZoz3wL2eKug+nHc6pQJdu/Y3uQc/1yvoSvLAkEAw7qluXemErbSwv8C
0vTLLPB3ZeKe7ftu1slkTHJ+gfJp2Y5b0F+wOC3ELefYAYwYC/7N3ycubzWnp/U8
9ninUwJAW/53MMv9J52dFUN+vGAaXkdw8BnnhSnclXEkyEeDT0qG5JzW4KyxURHL
oVKXojyFanJKjhP6zPtOFnHNZdv0GQJBAKNN32fXRGDo2QCI9Do+tCZSm8wOQLwe
xGPAtEZ0YMjbESXLeR9qNwUoaj5C6h6gXI/lkK9XaY6wHaotGygpkrECQBvNXhnE
BVqNmpiWS/iRrGXImZLjl+H0or9ho6+L9AzYTt/4mT5djb3DjbXkkiHBVs/245hg
PTlCTkauQ2SuiFc=
-----END PRIVATE KEY-----
elbelga commented

Thanks, so it's only compatible with PKC8 format for private key

btnguyen2k commented

Hi @elbelga and @Godlex,

Originally this project was to solve a specific problem:

  • The key pair was generated outside iOS. For example you have a key pair generated to use with an long-existed PHP or Java server-side application.
  • The iOS app was created after the server-side application and has to use the existing key-pair.

If you are about to generate the keypair within iOS right from the start then Swift and ObjC already have the APIs for you. This link is a good article about it: http://netsplit.com/swift-generating-keys-and-encrypting-and-decrypting-text

Smponias commented

Ah okay, thank you! I'll read the article later, thanks :)