iPhone Public-Key Encryption SecKeyEncrypt returns error 9809 (errSSLCrypto)

笑着哭i 提交于 2019-12-05 02:52:54

问题


I am trying to use the iPhone's PKI libraries to encrypt a short string (12345678), but I keep getting the error -9809 (i.e. errSSLCrypto) whenever I try to use SecKeyEncrypt. The SecureTransport.h header file describes this error simply as "underlying cryptographic error", which wasn't very meaningful.

My code is as follows:

- (NSData *)encryptDataWithPublicKey:(NSString *)plainText {

    OSStatus result = -1;

    NSData *plainTextData = [plainText dataUsingEncoding:NSASCIIStringEncoding];
    size_t plainTextLength = [plainTextData length];

    SecTrustRef trustRef;
    SecTrustResultType trustResult;

    SecPolicyRef policy = SecPolicyCreateBasicX509();

    result = SecTrustCreateWithCertificates(m_oCert, policy, &trustRef);

    if (result != errSecSuccess) {
        NSLog(@"Trust create failed with code: %d",result);
        return nil;
    }

    result = SecTrustEvaluate(trustRef, &trustResult);

    if (result != errSecSuccess) {
        NSLog(@"Trust eval failed with code: %d",result);

        CFRelease(trustRef);
        return nil;
    }

    SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef);

    uint8_t *cipherTextBuf = NULL;
    size_t cipherTextLen = 0;

    size_t keyBlockSize = SecKeyGetBlockSize(publicKey);
    int maxInputSize = keyBlockSize - 11; //If using PKCS1 Padding, else keyBlockSize

    if (plainTextLength > maxInputSize) {
        //Fail
        NSLog(@"Data size is larger than max permitted!");

        CFRelease(trustRef);
        CFRelease(publicKey);
        CFRelease(policy);

        return nil;
    }

    cipherTextBuf = malloc(sizeof(uint8_t)*keyBlockSize);
    memset(cipherTextBuf,0,keyBlockSize);

    //result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainTextBuf, plainTextLength, cipherTextBuf, &cipherTextLen);
    result = SecKeyEncrypt(publicKey, kSecPaddingNone, (const uint8_t *)[plainTextData bytes], plainTextLength, cipherTextBuf, &cipherTextLen);

    NSData *cipherText = nil;
    if (result == errSecSuccess) {

        cipherText = [NSData dataWithBytes:cipherTextBuf length:cipherTextLen];

    } else {
        NSLog(@"Error detected: %d",result);
    }

    free(cipherTextBuf);
    cipherTextBuf = NULL;

    CFRelease(trustRef);
    CFRelease(publicKey);
    CFRelease(policy);

    return cipherText;
}

It does not matter what padding I use, they both give the same error. The public key is derived from a certificate supplied by my client, and I've checked to make sure that the key is valid. What am I doing wrong and how do I use the function properly?


回答1:


When using SecKeyEncrypt, the input cipherTextLength should be the the size of the output buffer. Setting

size_t cipherTextLen = keyBlockSize;

solved the problem.



来源:https://stackoverflow.com/questions/6951413/iphone-public-key-encryption-seckeyencrypt-returns-error-9809-errsslcrypto

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!