Allow access to raw DER formatted data for private keys in Security.framework
| Originator: | brianpartridge | ||
| Number: | rdar://12982223 | Date Originated: | |
| Status: | Resolved: | ||
| Product: | iPhone SDK | Product Version: | 6.0.1 |
| Classification: | Feature (New) | Reproducible: | Always |
Summary: The security framework has features for generating key pairs, extracting private keys from an identity, as well as methods for signing and encrypting data with the key. However, the SecKeyRef structure that holds these keys is opaque and is only usable in Security.framework methods. There should be a way to get the raw key data. There are cases where is would be valuable to save private key data in the key chain for secure storage, but be able to use it outside of the Security framework. For example: Signing an XML document or an SOAP message conforming to WS-Security, is a complex process that must be performed just so in order for the signature to be valid. The best way to do this on iOS is to use a library that implements the XMLDSig standard such as libxmlsec. However, libxmlsec expects the signing key data to be passed in by the caller in PEM or DER format, but this isn't possible for private keys coming from the Security framework. The framework makes access to X.509 certificate data in DER format easy using SecCertificateCopyData. Expected Results: Expose a public function such as: CFDataRef SecKeyCopyData (SecKeyRef key); Which returns a CFDataRef populated with the key data in DER format.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!