最近研究了下使用security.framework框架进行RSA加解密。从cer证书文件中读取公钥,从pfx证书文件中读取私钥。
1、从cer证书文件中读取公钥
/**
* 获取公钥
*
* @return
*/
- (SecKeyRef)getPublicKey {
if (!_publicKey) {
[self loadPublicKeyFromFile:self.cerFilePath];
}
return _publicKey;
}
/**
* 通过文件路径加载公钥
*
* @param cerFilePath 公钥文件路径
*/
- (void)loadPublicKeyFromFile:(NSString *)cerFilePath {
if (self.cerFilePath == nil) {
return;
}
NSData *cerData = [[NSData alloc] initWithContentsOfFile:cerFilePath];
[self loadPublicKeyFromData:cerData];
}
/**
* 通过NSData加载公钥
* (此方法可用于将公钥配置在服务端,以Base64字符串传到移动端来加载)
* @param derData 公钥data
*/
- (void)loadPublicKeyFromData:(NSData *)cerData {
_publicKey = [self getPublicKeyRefrenceFromeData:cerData];
}
#pragma mark - Private Methods
/**
* (私有方法)从data获取公钥
*
* @param derData data
*
* @return 公钥
*/
- (SecKeyRef)getPublicKeyRefrenceFromeData:(NSData *)certData {
SecKeyRef publicKeyRef = NULL;
CFDataRef myCertData = (__bridge CFDataRef)certData;
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)myCertData);
if (cert == nil) {
NSLog(@"Can not read certificate from %@", self.cerFilePath);
return nil;
}
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecCertificateRef certArray[1] = {cert};
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray,1, NULL);
SecTrustRef trust;
OSStatus