iPhone: How to create a SecKeyRef from a public key file (PEM)

TehJabbit picture TehJabbit · Oct 20, 2009 · Viewed 11.1k times · Source

In order to send and receive encrypted messages from/to the iPhone I need to read a public key (server's public key) PEM file and create a SecKeyRef (later I could even store it on the keychain in order not to create it again).

This is my current workflow:

  1. On the server: Create a P12 file with the user's certificate and private key. Store the user's public key on the server's keychain.
  2. On the iPhone: Retrieve the P12 file from the server, use the password to open it and store the private key on the keychain.
  3. On the iPhone: Retrieve a PEM file with the server's public key from the server. Create a SecKeyRef and store it on the keychain
  4. On the iPhone: use both keys to send/receive encrypted messages to/from the server.
  5. Live happily ever after.

I'm having problems with 3, as I cannot create a SecKeyRef from the PEM file data. I cannot find any documentation on how to do it, Did anybody had the same problem? Any hints? As I cannot find any code examples or documentation on this it feels that I'm doing something wrong...

thanks!

Answer

Louis Gerbarg picture Louis Gerbarg · Oct 27, 2009

You should be able to interpret a DER encoded pem and get a cert using SecCertificateCreateWithData() from which you can then extract a key;

NSData *myCertData = ....;

SecCertificateRef cert = SecCertificateCreateWithData (kCFAllocatorDefault, myCertData); 
CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &cert, 1, NULL); 

SecTrustRef trust;
SecTrustCreateWithCertificates(certs, policy, &trust);
SecTrustResultType trustResult;
SecTrustEvaluate(trust, &trustResult);
SecKeyRef pub_key_leaf = SecTrustCopyPublicKey(trust);