I've went through all the posts with similar info about signature or keys used not working with openssll. But I haven't been able to patch it all together. I will use some sample keys for what I tried,
let privPem = """
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIUSrwhllMSminPZZ
Gx0YHUsL12IWIGI+4yhejpq90HihRANCAAT6pxKtIKm4VbfXeKpQ7rxITlC6b18Q
0X+Iz1UVDolyjx79bt5vUp0mPJ6hHBnK/Ap5gXpv89wmLPp7/O2NconE
-----END PRIVATE KEY-----
"""
let privKey = try! P256.Signing.PrivateKey(pemRepresentation: privPem)
let pubKey = privKey.publicKey
let challengeDev = "1122334455667788"
let dataToSignDev = challengeDev.hexadecimal
let digest = SHA256.hash(data: dataToSignDev!)
let signatureForDigest = try! privKey.signature(
for: digest)
let signature1 = try! P256.Signing.ECDSASignature(derRepresentation: signatureForDigest.derRepresentation)
let isValidSignature = pubKey.isValidSignature(signatureForDigest, for: digest)
I have tried the same using Security framework also to no avail. What I tried is a direct application of what the openssl part does, So I have a device that will verify the signature that the iOS app will be sending. The public key is taken from a certificate I would share with the device. All data sent to the device including signature is in DER format.
openssl dgst -sha256 -sign app_private.key -out %OUT_RESOURCES_DIR%\signature.der -binary device_challenge.hex
openssl x509 -inform der -in cert.der -out cert.pem
openssl x509 -pubkey -noout -in cert.pem > public_key.pem
openssl dgst -sha256 -verify public_key.pem -signature signature.der challenge.hex
Here on the iOS side If I were to sign and verify everything is fine. But if the same signature is verified on OpenSSL it fails.
I tried to create a DER file on the terminal but asn1parse
fails on it,
Test % echo 30450220198944e2a8352941036f227225940392cbd1bc720358ce29db29a2a85f2b2a30022100b4e75ceb0335e4b1955aab01edc8e7347f78dc627f8d02a78103cd9165571d57 > signature1.der
Test % openssl asn1parse -inform DER -in signature1.der
0:d=0 hl=2 l= 48 cons: PRINTABLESTRING
Error in encoding
140704639042368:error:0DFFF09B:asn1 encoding routines:CRYPTO_internal:too long:/AppleInternal/Library/BuildRoots/97f6331a-ba75-11ed-a4bc-863efbbaf80d/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/asn1/asn1_lib.c:143:
I'm assuming I need to manually do some changes to make them inter compatible? Like this post Can't export EC kSecAttrTokenIDSecureEnclave public key
Not sure how to get there though. All help appreciated.
@eskimo please check