Create signature message for IOS below 14

Privacy & Security General
HieuLH9X OP
Created Jun ’23
Replies 8
Boosts 0
Views 857
Participants 2

I'm create message with derRepresentation and send to serve to verify message by P256.Signing.PrivateKey However It's only support IOS above 14. And I want to support with below 14. How can I do ?

func IOSAbove14() { let keyData = privateKeyHexaString.hexadecimal! print("keyData (keyData)") let privateKey = try! P256.Signing.PrivateKey(derRepresentation: keyData)

    print("privateKey \(privateKey.derRepresentation)")
    let signData = getStringHash("Hello").data(using: .utf8)
    print("signData \(signData)")
    let sig = try! privateKey.signature(for: "Hello".data(using: .utf8)!)
    
    print("sig \(sig)")
    print("sig \(sig.derRepresentation)")
    
}

I'm try but when verify false

func IOSBelow14() -> String?{

    //        let privateKeyData = privateKeyHexaString.hexaData
    let privateKeyData = self.privateKeyHexaString.hexadecimal!
    print("privateKeyData \(privateKeyData)")

    
    
    let secKeyByPrivateKey = SecKeyCreateWithData(privateKeyData as! CFData, [
        kSecAttrKeyTypeEC: kSecAttrKeyTypeECSECPrimeRandom,
        kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
        kSecAttrKeyClass: kSecAttrKeyClassPrivate,

// kSecPrivateKeyAttrs as String: [ // kSecAttrIsPermanent as String: false // ], // kSecAttrKeySizeInBits: 256, // SecKeyKeyExchangeParameter.requestedSize.rawValue as String: 32 ] as CFDictionary, nil) guard let secKeyByPrivateKey: SecKey = secKeyByPrivateKey else { return nil } print("secKeyByPrivateKey (secKeyByPrivateKey)")

    let message = "Hello".data(using: .utf8)!
    
    var error: Unmanaged<CFError>?
    
    let verify = SecKeyIsAlgorithmSupported(secKeyByPrivateKey, .sign, SecKeyAlgorithm.ecdsaSignatureMessageX962SHA256)
    print("verify \(verify)")

    guard let signedData = SecKeyCreateSignature(secKeyByPrivateKey,
                                                 SecKeyAlgorithm.ecdsaSignatureMessageX962SHA256,
                                                 message as CFData,
                                                 &error) as Data? else
    {
        return nil
    }
    
    return signedData.base64EncodedString()
}

Backend use X509 and PKCS8

Replies  8
Boosts  0
Views  857
Participants  2
DTS Engineer OP
Apple
Jun ’23

If you use the Apple CryptoKit API, are you able to sign messages that your server accepts?

I’m not saying that this is the final answer, I just want to make sure that the basics are working.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
HieuLH9X OP
Jun ’23

Yep. If I use P256 I can create and verify message from backend . But iOS below 14 I created but don't verify with Backend

0
HieuLH9X OP
Jul ’23

Please help me @eskimo I can't resolved it

0
DTS Engineer OP
Apple
Jul ’23

If I use P256 I can create and verify message from backend.

OK. In that case, please post an example of your working Apple CryptoKit code, along with a hex dump of the input and the correct output.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
HieuLH9X OP
Jul ’23

If I use P256 I generate key pair publicKey is: 3059301306072a8648ce3d020106082a8648ce3d03010703420004b4fa001de416d0cdbf29edd7bdc51cd489201ebe10b3e4759ca839a6d13b96ea749693f21b0408ad6703979be6c49e768e00e055be95ba2ff6f4cbd03f516cca privateKey is: 308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420590c5bbee327c795c1762f86293d73040ac1649a994ca2406f8d2791587a7be6a14403420004b4fa001de416d0cdbf29edd7bdc51cd489201ebe10b3e4759ca839a6d13b96ea749693f21b0408ad6703979be6c49e768e00e055be95ba2ff6f4cbd03f516cca Signature Message for "Hello" is: MEQCIDHOknyC8bE6UD/J0BAVtP3iakNtw29aI6qxsqgcaZRuAiBDXqgG9pBhZuOIaySjSQPwO0pukxCQNPPfiPzhE9L4gg==

0
DTS Engineer OP
Apple
Jul ’23

Please try again, this time formatting the post to make it easier to read. See Quinn’s Top Ten DevForums Tips for advice on how to do that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
HieuLH9X OP
Jul ’23

If I use P256 I generate key pair publicKey is:

3059301306072a8648ce3d020106082a8648ce3d03010703420004b4fa001de416d0cdbf29edd7bdc51cd489201ebe10b3e4759ca839a6d13b96ea749693f21b0408ad6703979be6c49e768e00e055be95ba2ff6f4cbd03f516cca

privateKey is: 308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420590c5bbee327c795c1762f86293d73040ac1649a994ca2406f8d2791587a7be6a14403420004b4fa001de416d0cdbf29edd7bdc51cd489201ebe10b3e4759ca839a6d13b96ea749693f21b0408ad6703979be6c49e768e00e055be95ba2ff6f4cbd03f516cca

Signature Message for "Hello" is:

MEQCIDHOknyC8bE6UD/J0BAVtP3iakNtw29aI6qxsqgcaZRuAiBDXqgG9pBhZuOIaySjSQPwO0pukxCQNPPfiPzhE9L4gg==

0
DTS Engineer OP
Apple
Jul ’23

Cool. Now the only thing I’m missing is the “working Apple CryptoKit code” that you used to generate this example.

IMPORTANT When you post your code snippet, format it as a code block.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Create signature message for IOS below 14
First post date Last post date
 
 
Q