Search code examples
swiftios8public-key-encryption

How do I export a public key <SecKey> that was generated using SecKeyGeneratePair to be used on a server?

I generated a keeper using SecKeyGeneratePair. 

        var publicKeyPtr, privateKeyPtr: Unmanaged<SecKey>?

        let publicKeyParameters: [String: AnyObject] = [
            kSecAttrIsPermanent: true,
            kSecAttrApplicationTag: "com.example.site.public"
        ]
        let privateKeyParameters: [String: AnyObject] = [
            kSecAttrIsPermanent: true,
            kSecAttrApplicationTag: "com.example.site.private"
        ]
        let parameters: [String: AnyObject] = [
            kSecAttrKeyType: kSecAttrKeyTypeRSA,
            kSecAttrKeySizeInBits: 2048,
            kSecPublicKeyAttrs.takeUnretainedValue() as String: publicKeyParameters,
            kSecPrivateKeyAttrs.takeUnretainedValue() as String: privateKeyParameters
        ]
        let result = SecKeyGeneratePair(parameters, &publicKeyPtr, &privateKeyPtr)
        let publicKey = publicKeyPtr!.takeRetainedValue()
        let privateKey = privateKeyPtr!.takeRetainedValue()
        let blockSize = SecKeyGetBlockSize(publicKey)

If I print out the publicKey I can see the modulus, which I'm pretty sure is what I need:

publicKey: <SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 3, block size: 2048 bits, exponent: {hex: 10001, decimal: 65537}, modulus: B2A7BD90C909F8084AD5B34040ABDAF7D1A6AFBADB35F3B6AB5CDDAB473449B0F175DEA32A7476F339D98F4AB3716AA2C1476D4009A80574B984DDFA1EF1A2550E48C46791CEFBFC39EF281049AA74E4C734C3B2A7B3F621B8A41F8B6689C4978696690D4EF9FFF0F90DB85C8ECBCF721FB7652AD7B337880A09D97EA736008C3ADBB72223F18C522C0C0889B05122561042D8637D1CBEF8F9F5AE88CDC43E411AA217E2A81C2D812B46D01C3BDC2799DFF3EAD46BB092A566E18EE94F63C4690ECE806B993FDDAC3159BE2098C2428F24969C109E221D8F066BEE3530848DE328D888B4C7E701435EACB116F97BB77B9379EF818B4D280890262EE678B92705, addr: 0x144841a00>

But I cannot figure out how to export the key so I can send it to my server for use there.

From my understanding. A SecKey is stored in Keychain and is a pointer to it, the block size is the length of the key in the memory. So in theory I can extract it as NSData and then convert it to something my server can read. In theory I think that will work, I've hit a wall trying to do that in practice. All help will be greatly appreciated.

Solution

  • SecItemCopyMatching is for you:

    var dataPtr:Unmanaged<AnyObject>?
let query: [String:AnyObject] = [
    kSecClass: kSecClassKey,
    kSecAttrApplicationTag: "com.example.site.public",
    kSecReturnData: kCFBooleanTrue
]
let qResult = SecItemCopyMatching(query, &dataPtr)

// error handling with `qResult` ...

let publicKeyData = dataPtr!.takeRetainedValue() as NSData

// convert to Base64 string
let base64PublicKey = publicKeyData.base64EncodedStringWithOptions(nil)

    Swift 4:

    var dataPtr:CFTypeRef?
let query: [String: Any] = [
    kSecClass as String: kSecClassKey,
    kSecAttrApplicationTag as String: "com.example.site.public",
    kSecReturnData as String: true
]

let qResult = SecItemCopyMatching(query as CFDictionary, &dataPtr)

// error handling with `qResult` ...

let data = dataPtr as! Data
let base64PublicKey = data.base64EncodedString()

    Note that the size of the data is 270, not the same as block size of the key. See this question on the crypto.stackexchange.com.