I'm attempting to implement what is described in this developer forum post:
https://forums.developer.apple.com/message/84684#84684 <https://forums.developer.apple.com/message/84684#84684> That is, export an elliptic curve public key from the secure enclave. Unfortunately, this doesn't work for me. Also, the Security developer forum has held up my forum post for moderation for almost 4 days. So I thought I'd ask here. ---------------------------------- I'm trying to send secure messages between our server and iOS app. I see the following forum post about how to do send a public key to a server: https://forums.developer.apple.com/message/84684#84684 <https://forums.developer.apple.com/message/84684#84684> except it doesn't work. I even use the sample code in the referenced git repo https://github.com/hfossli/EskimoKeys/tree/master <https://github.com/hfossli/EskimoKeys/tree/master> but this sample code fails key verification. FWIW, here is my output of running the sample code: >>>>>>>>>>>>>>>>>> #! /bin/sh echo This string was signed after 2017-05-15 20:57:20 +0000. | xxd -r -p > dataToSign.dat echo 3044022036fb9f4f0bb18cffae4da20be7130a9e2d2a22529ce97cf63302c099ac150f64022038c7f7cfb94510a1eb1397650eb2f8952c5a996dc5f5680ae91c0bfe40162b24 | xxd -r -p > signature.dat cat > key.pem <<EOF -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQu+2TulrqxL0QwSQ9DR0mH4dRCNI OMoi4TNh+MGDIGpLG2KVyPDHx8Dlf7pfOwv2xGyRm3Wo8HRvVs/4TdxYbQ== -----END PUBLIC KEY----- EOF openssl dgst -ecdsa-with-SHA1 -verify key.pem -signature signature.dat dataToSign.dat >>>>>>>>>>>>>>>>>> Runing the script I get the following error message: "Verification Failure" Unfortunately, I don't know enough about openssl to figure what the problem is. FWIW I can analyze the public key with the following script: $ openssl asn1parse -in pubkey.b64 -inform PEM Output: 0:d=0 hl=2 l= 89 cons: SEQUENCE 2:d=1 hl=2 l= 19 cons: SEQUENCE 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 23:d=1 hl=2 l= 66 prim: BIT STRING So the public key looks valid, but I can't do the signature verification as the above-mentioned forum post describes. Any ideas? Thanks. Doug Hill _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
