SecCertificateCopyKey does not work on some iOS 14 Version and SecKeyVerifySignature at all

SecCertificateCopyKey returns always nil on iOS 14.4.0, 14.4.1 and 14.4.2 but on iOS 13 and 14.1 works fine.

Is there a workaround for this ?

SecKeyVerifySignature with algorithm ecdsaSignatureMessageX962SHA384 does not work properly (has been tested on devices with iOS 13 and 14).
It returns "Error Domain=NSOSStatusErrorDomain Code=-67808 "EC signature verification failed (ccerr -7)" UserInfo={NSDescription=EC signature verification failed (ccerr -7)}"

is this already known?
Any workaround?
Up vote post of filipovic Down vote post of filipovic
901 views
Posted by
filipovic
Reply
Add a Comment

Replies

SecCertificateCopyKey returns always nil on iOS 14.4.0, 14.4.1 and

  1. .2 but on iOS 13 and 14.1 works fine.

That’s not my experience (pasted in below is my test code, tested on 14.4.2). Can you post an example certificate that’s causing you problems.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Code Block  
let certBytes: [UInt8] = [
    0x30, 0x82, 0x02, 0xEA, 0x30, 0x82, 0x01, 0xD2, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0C,
    0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
    0x1F, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x07, 0x4D, 0x6F, 0x75, 0x73,
    0x65, 0x43, 0x41, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42,
    0x30, 0x1E, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x31, 0x34, 0x32, 0x36, 0x32, 0x37,
    0x5A, 0x17, 0x0D, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x31, 0x34, 0x32, 0x36, 0x32, 0x37, 0x5A,
    0x30, 0x26, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0E, 0x53, 0x6C, 0x61,
    0x72, 0x74, 0x69, 0x62, 0x61, 0x72, 0x74, 0x66, 0x61, 0x73, 0x74, 0x31, 0x0B, 0x30, 0x09, 0x06,
    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09,
    0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
    0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xAE, 0x28, 0x7D, 0x63, 0xCA, 0x52, 0x02,
    0xEE, 0xF5, 0xB7, 0x4D, 0x13, 0xA6, 0x5E, 0x2A, 0xC4, 0x63, 0x68, 0x28, 0xD3, 0xE8, 0xEB, 0x4A,
    0xB5, 0x74, 0x65, 0x8F, 0xDC, 0xBB, 0x9A, 0x4E, 0x57, 0xD1, 0xC9, 0x5B, 0xBD, 0x59, 0xC2, 0x97,
    0x2B, 0xC3, 0x25, 0x55, 0xE5, 0x35, 0xED, 0x86, 0xF8, 0xFA, 0x24, 0x0A, 0xC8, 0x7C, 0xA5, 0x2D,
    0x11, 0x41, 0x66, 0x24, 0xD5, 0xE0, 0x5F, 0x50, 0x96, 0xF0, 0xEE, 0x7B, 0x05, 0xFF, 0x4B, 0xC4,
    0xB9, 0xD5, 0x16, 0xF8, 0x00, 0x81, 0xA5, 0xDA, 0xE1, 0xDD, 0x26, 0xEF, 0xDB, 0x29, 0x06, 0xCD,
    0x01, 0xDF, 0x20, 0x27, 0x80, 0xDD, 0xBA, 0x94, 0xC9, 0x0F, 0x7A, 0x68, 0x62, 0x6D, 0x3A, 0x40,
    0x12, 0x73, 0x73, 0x7D, 0xEE, 0x5F, 0x93, 0xDD, 0x02, 0x4D, 0x94, 0x94, 0x34, 0xE1, 0xA4, 0x67,
    0x3B, 0x11, 0xEE, 0x5F, 0xB2, 0x1F, 0x9D, 0xBF, 0xFD, 0x61, 0x4F, 0x03, 0x1F, 0x1F, 0x30, 0x74,
    0xBA, 0xED, 0x2D, 0xD4, 0x8A, 0xC2, 0x0E, 0xBA, 0x0D, 0x5F, 0x78, 0x08, 0x7A, 0xA8, 0x25, 0x0A,
    0xCB, 0xD0, 0x22, 0x85, 0x60, 0x5F, 0x00, 0xC3, 0xA0, 0x5D, 0xDF, 0xB8, 0x2F, 0x1D, 0xCB, 0xB1,
    0x9A, 0x4D, 0x89, 0x84, 0xDC, 0x98, 0xA2, 0x02, 0x19, 0xB1, 0xEC, 0xF1, 0x4F, 0x2E, 0xB4, 0x02,
    0xA1, 0x18, 0x63, 0x72, 0x0B, 0x37, 0x26, 0x28, 0x87, 0x7C, 0x7D, 0xA6, 0x0E, 0x58, 0x60, 0xCD,
    0x38, 0xD2, 0x11, 0xAE, 0x7E, 0x4D, 0x1B, 0x3E, 0x47, 0x9E, 0xA3, 0xED, 0x62, 0x4A, 0xF3, 0x40,
    0x30, 0xB2, 0x82, 0x2B, 0x9D, 0x28, 0x6E, 0x07, 0xE2, 0x42, 0x63, 0xF9, 0x05, 0xA7, 0xE2, 0xC6,
    0x92, 0x99, 0x3B, 0x4E, 0x97, 0x74, 0xE8, 0x7D, 0x9B, 0x3B, 0x3C, 0x73, 0xAC, 0x20, 0x71, 0x22,
    0xD1, 0x4E, 0x2B, 0x31, 0xAF, 0x11, 0xD5, 0xA9, 0xB9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x2A,
    0x30, 0x28, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02,
    0x05, 0xA0, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x01, 0x01, 0xFF, 0x04, 0x0C, 0x30, 0x0A,
    0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
    0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x26, 0x06,
    0x49, 0x17, 0xA0, 0x9F, 0x77, 0x85, 0x1C, 0x85, 0x07, 0xCA, 0x99, 0x87, 0xF4, 0x81, 0xBA, 0xAE,
    0x23, 0x4C, 0x55, 0x3A, 0x08, 0x81, 0x8E, 0xD3, 0xC1, 0x46, 0x14, 0x1F, 0x43, 0x30, 0xAC, 0x0A,
    0x50, 0xC7, 0x30, 0x85, 0xB5, 0x78, 0x17, 0x78, 0xFD, 0x7C, 0x98, 0x8F, 0xF9, 0xE9, 0xE0, 0xD6,
    0x23, 0x85, 0xDB, 0xAC, 0x68, 0xCC, 0x7A, 0x9C, 0xBB, 0xBD, 0x0D, 0xFF, 0x04, 0x21, 0x66, 0xEB,
    0xFD, 0x25, 0x1D, 0x26, 0x44, 0x38, 0xF9, 0xEC, 0x96, 0x3E, 0x02, 0xF1, 0x9F, 0x59, 0x30, 0x00,
    0x35, 0x0C, 0x07, 0xEC, 0x40, 0x22, 0x35, 0x22, 0x51, 0x2B, 0x05, 0x0D, 0x9A, 0xBB, 0xD6, 0x5A,
    0x66, 0xB2, 0x78, 0x85, 0xB5, 0x86, 0x7E, 0x62, 0x98, 0xA9, 0xDB, 0xAA, 0x2A, 0x8E, 0x12, 0x6E,
    0xA2, 0xDA, 0x25, 0x3A, 0xDD, 0x0D, 0xC7, 0x45, 0xF7, 0x42, 0x16, 0xE6, 0x2F, 0x45, 0x61, 0x2B,
    0x5E, 0x7C, 0xAF, 0x27, 0x72, 0x96, 0x5B, 0xB0, 0x54, 0x84, 0xF4, 0x98, 0xAD, 0x80, 0xBF, 0xDB,
    0xE2, 0xAB, 0xAB, 0xB9, 0x8E, 0x5A, 0x94, 0x12, 0x54, 0xE5, 0x20, 0xB2, 0xDB, 0xCB, 0x7D, 0x17,
    0x2E, 0x18, 0x6B, 0xD6, 0x65, 0x17, 0x4E, 0x7C, 0x26, 0xE3, 0x08, 0x84, 0x36, 0x46, 0x12, 0xC6,
    0x64, 0xF8, 0xD6, 0xCE, 0xDB, 0x15, 0x26, 0x7A, 0xCE, 0x77, 0x83, 0x7C, 0xBC, 0x4F, 0x0E, 0x88,
    0xD2, 0xD0, 0x0C, 0xE4, 0x7F, 0xD4, 0x00, 0xFC, 0x6B, 0xA7, 0x63, 0xB4, 0x5E, 0xC8, 0x27, 0xD1,
    0x49, 0x7B, 0xE8, 0x9A, 0x0F, 0x29, 0x74, 0x12, 0xF0, 0xD7, 0x5E, 0x3A, 0xBB, 0x62, 0xCF, 0xC6,
    0xF3, 0x61, 0x22, 0x1F, 0xB6, 0x39, 0xB3, 0x31, 0xEA, 0xEB, 0x68, 0x6F, 0xEE, 0xAF, 0x9E, 0x8A,
    0xE7, 0x81, 0xD8, 0x52, 0x69, 0xC2, 0x92, 0x3B, 0x7C, 0x35, 0xDB, 0x44, 0xFA, 0xBB,
]
let certData = Data(certBytes)
let cert = SecCertificateCreateWithData(nil, certData as NSData)!
let publicKey = SecCertificateCopyKey(cert)!
print(publicKey)
// prints: <SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 4, block size: 2048 bits, exponent: {hex: 10001, decimal: 65537}, modulus: AE287D63CA5202EEF5B74D13A65E2AC4636828D3E8EB4AB574658FDCBB9A4E57D1C95BBD59C2972BC32555E535ED86F8FA240AC87CA52D11416624D5E05F5096F0EE7B05FF4BC4B9D516F80081A5DAE1DD26EFDB2906CD01DF202780DDBA94C90F7A68626D3A401273737DEE5F93DD024D949434E1A4673B11EE5FB21F9DBFFD614F031F1F3074BAED2DD48AC20EBA0D5F78087AA8250ACBD02285605F00C3A05DDFB82F1DCBB19A4D8984DC98A20219B1ECF14F2EB402A11863720B372628877C7DA60E5860CD38D211AE7E4D1B3E479EA3ED624AF34030B2822B9D286E07E24263F905A7E2C692993B4E9774E87D9B3B3C73AC207122D14E2B31AF11D5A9B9, addr: 0x281ed2500>

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Most probably iOS does not support brainpoolP256r1 Curve, could you test it please?

Thanks for the reply!
Posted by
filipovic
Up vote reply of filipovic Down vote reply of filipovic
Add a Comment

Most probably iOS does not support brainpoolP256r1 Curve

I expect that’s true.

could you test it please?

I’m happy to test it if you supply me a certificate to test with, per my previous email.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Where could I submit a feature request for the brainpoolP256r1 Curve ?
I will do my best to get a test certificate and provide it to you.

Thanks a lot!
Posted by
filipovic
Up vote reply of filipovic Down vote reply of filipovic
Add a Comment

Where could I submit a feature request for the brainpoolP256r1
Curve?

Use Feedback Assistant. And please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment