All geek questions in one place

Is it possible to generate a certificate signing request (.csr) using the security infrastructure in ios?

I would like to make an https request with a server requiring client certificate authentication. I reviewed this Create SecCertificateRef for the NSURLConnection authentication task . It worked as expected.

However, he needs to prepare the p12 file, which includes the private key. It would be saved since it needs a password to import the p12 file using SecPKCS12Import() .

However, there may be another option. This means that the ios client must fulfill the certificate signing request (.CSR) and allow a third party (this is the server) to sign it.

In my search, I see that I can use SecKeyGeneratePair() to generate a key pair. But I do not see the API that CSR generates.

Do you really need openssl to achieve this?

In addition, the theme is turned off a bit after the iOS client somehow returns the signed certificate. I can use SecCertificateCreateWithData() to retrieve SecCertificateRef() . However, to fill out a NSURLCredential . I also need a SecIdentityRef that comes from the p12 file using SecPKCS12Import() . How can I restore a SecIdentityRef without SecPKCS12Import() , but just a certificate file like crt or der ?

+4
source share
1 answer

There is no explicit support for CSR in the Security Framework on iOS. However, creating CSR manually is not so difficult - it is just an ASN.1 DER data block available in the iOS runtime.

Here is the pseudo code for this:

This will create the correct CSR (in the form of NSData), which can be sent to the CA for approval.

My implementation is available on GitHub: http://github.com/ateska/ios-csr .

+8
source

Source: https://habr.com/ru/post/1487897/

More articles:


All Articles