I'm trying to pass around a public key from my iPhone to other parties, however I am unable to use the output from iOS.
let parameters: [String: Any] = [
kSecAttrKeySizeInBits as String: 384,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: false
]
]
var error: Unmanaged<CFError>?
let privateKey = SecKeyCreateRandomKey(parameters as CFDictionary, &error)
let publicKey = SecKeyCopyPublicKey(privateKey!)
let pub = SecKeyCopyExternalRepresentation(publicKey!, &error)
let pubData = pub as Data?
print(pubData!.base64EncodedString())
Example output:
BJSCZtBatd2BYEHtyLB0qTZNlphKf3ZTGI6Nke3dSxIDpyP9FWMZbG0zcdIXWENyndskfxV0No/yz369ngL2EHZYw6ggNysOnZ5IQSPOLFFl44m1aAk0o0NdaRXTVAz4jQ==
In python (where my second party is) I have the following:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
pub_key = serialisation.load_pem_public_key(
data=xcode_data.encode(),
backend=default_backend()
)
The error I get is ValueError: Could not deserialize key data.
So what exactly is the output of the SecKeyCopyExternalRepresentation
as described by the documentation:
The method returns data in the PCKS #1 format for an RSA key. For an elliptic curve public key, the format follows the ANSI X9.63 standard using a byte string of 04 || X || Y. For an elliptic curve private key, the output is formatted as the public key concatenated with the big endian encoding of the secret scalar, or 04 || X || Y || K. All of these representations use constant size integers, including leading zeros as needed.
How would one describe the X6.93
format? And how would I go about converting it to something I can use in the python code?
P.S. I have tried to add headers such as -----BEGIN PUBLIC KEY-----
to the xcode output.
I havent quite found the answer to the question as I still don't know what exactly the output is that Apple provides, however, I came up with a solution found in this key import export manager.
Example output:
Exporting EC raw key: 97 bytes -----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFpCnTrJFQq0mZBvy+vzl9noKLZ4/s1cf I6hygug6s8dvBreMhabAcAbbhSa1losjCxV450nq92W9ZymonYasaAuhshDWjmvx 2qTXHEpVEVb9GawqX6XqpWtIBf+meHKS -----END PUBLIC KEY-----
Implementation in python using cryptography
Outputs the following:
<cryptography.hazmat.backends.openssl.ec._EllipticCurvePublicKey object at 0x7fb4f6f50e10>
Note that you do have to add the new lines yourself in python in order for this all to work.
Update
The output of the
SecKeyCopyExternalRepresentation
for ECC keys is the X9.62 or X9.63 format of the key (in uncompressed form). This is very different from DER and therefor PEM encoding.The encoding is
04 || X || Y
for a public key and04 || X || Y || K
for a private key.04
is a fixed byte for this format. TheX
,Y
and optionallyK
value are points or coordinates that define the curve of this key. More info about that over here.