Archive for January 19th, 2011


OpenSSL Keys

Have you found yourself linking in OpenSSL libraries to your apps to deal with your key manipulation needs? Why yes, yes we have. Is there an alternative? Why yes, if you’re very clever, it turns out there is:

Using an RSA public key generated by OpenSSL in iOS

Apple have gone to pains to make crypto in iOS (and MacOS in general) secure, building a layer between applications and the low-level stuff, like OpenSSL. The principle is to keep these functions in separate address space thus significantly reducing the surface area available for malicious code to find a weakness. In iOS this separation is enforced and, significantly, the documentation is sparse and terse. Public/private key use without also using certificates is mentioned but only in the context of using keys generated on the device. Posts on the Apple Developer forums indicate that using certificates is suggested because using public/private key pairs is “involved”. It turns out that the reason it’s involved is because of some odd implementation details and the aforementioned lack of documentation or useful examples…

If you really care, the odd implementation details are discussed therein, but what we really want are the useful examples. And why yes, there they are:

… Assuming you have your OpenSSL generated RSA public key in an NSData object, this method will verify that it is in fact a PKCS#1 key and strip the header:

Handy — nay, vital — if you need it!