Develop Reference

Load RSA private key generated by openssl to MacOS SecKeyRef fails

I am working on a project that needs to read a RSA private key (DER format) into a MacOS's SecKeyRef object.
I generate the key by
openssl genrsa -out private.pem 1024
openssl rsa -in private.pem -outform DER -out private.der
I load the private.der to MacOS by using SecKeyCreateWithData:
unsigned char *keyBytes; // contains all the bytes from the file "private.der"
int keyBytesLen; // length of the data loaded
NSData keyData = [NSData dataWithBytes:keyBytes length:keyBytesLen];
NSDictionary* options = #{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA,
(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
(id)kSecAttrKeySizeInBits: #1024};
SecKeyRef privateKey = SecKeyCrecateWithData((__bridge CFDataRef) keyData, (__bridge CFDictionaryRef) options, &error);
OSstatus status = SecKeyDecrypt(privateKey, .... some encrypted message);
// status returns -50 (errSecParam)
So I notice the privateKey is loaded successfully, but it fails to decrypt the encrypted message. I am 100% sure other parameters I have put into SecKeyDecrypt() function is correct because it works if I generate the privateKey by macOS's built-in function rather than loading from a DER-format file generated by openssl.
I also notice that when I dump the key (binary format), the first few bytes (version header) is different from the key generated by MacOS's built-in function and openssl. If the key is generated by MacOS (ex: SecKeyGeneratePair) and outputed by SecKeyCopyExternalRepresentation, the first few bytes look like:
3082 025d 0201 0002 8181 ...
while the key generated by openssl looks like:
3082 025c 0201 0002 8181 ...
I know (based on PKCS#1) that these bytes represent the "version" of the private key but not sure how to interpret it.
Any help or similar working example to load key generated by openssl to MacOS's API will be appreciated

How to use erlang public_key:decrypt_private?

I try to encrypt text with public RSA key and decrypt this text using a private RSA key. When I encrypt user public key it works.
encode public_key
encrypt_public_key(PlainText, PublicKey) ->
[ RSAEntry2 ] = public_key:pem_decode(PublicKey),
PubKey = public_key:pem_entry_decode( RSAEntry2 ),
public_key:encrypt_public(PlainText, PubKey).
But when I try to decrypt this text using a private key, it does not work, and I don't know why.
decode private key
decrypt_private_key(CryptText,PrivateKey) ->
[ RSAEntry2 ] = public_key:pem_decode(PrivateKey),
PrivKey = public_key:pem_entry_decode( RSAEntry2 ),
Result = public_key:decrypt_private(CryptText, PrivKey, rsa_pkcs1_padding ),
Result.
How i encode and try to decode
PublicKey = ems_util:open_file(?SSL_PATH ++ "/" ++ binary_to_list(<<"public_key.pem">>)),
CryptoText = ems_util:encrypt_public_key(ResponseData2,PublicKey),
PrivateKey = ems_util:open_file(?SSL_PATH ++ "/" ++ binary_to_list(<<"private_key.pem">>)),
%erro in this line
TextPlain = ems_util:decrypt_private_key(TextCrypt,PrivateKey).
Error
=ERROR REPORT==== 17-Mar-2017::10:59:29 ===
Ranch listener ems_http_server1, connection process <0.2159.0>, stream 1 had its request process <0.2160.0> exit with reason function_clause and stacktrace [{public_key,decrypt_private,[<<55,66,78,123,456,2456>>,<<55,173,2367,140,71>>,asn1_NOVALUE}],[{file,"public_key.erl"},{line,313}]},{ems_util,decrypt_private_key,2,[{file,"src/util/ems_util.erl"},{line,614}]},{ems_auth_user,do_barer_authorization,1,[{file,"src/auth/ems_auth_user.erl"},{line,51}]},{ems_dispatcher,lookup_request,1,[{file,"src/distpatcher/ems_dispatcher.erl"},{line,70}]},{ems_http_handler,init,2,[{file,"src/http/ems_http_handler.erl"},{line,22}]},{cowboy_handler,execute,2,[{file,"src/cowboy_handler.erl"},{line,39}]},{cowboy_stream_h,execute,3,[{file,"src/cowboy_stream_h.erl"},{line,172}]},{cowboy_stream_h,proc_lib_hack,3,[{file,"src/cowboy_stream_h.erl"},{line,157}]}]
I don't know what's happening.

I describle the solution for my problem. The problem is the public and the private keys are generated wrongly. The right way to generate a pair key rsa using openssl is:
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
These commands generate a correct key pair and the code now ir working correctly.

How can I build the Apple APNS v2 specific OID into the CSR

Apple APNS V2 introduce the "topic" concept, and assign a customized OID for it and give out an example:
https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingwithAPNs.html#//apple_ref/doc/uid/TP40008194-CH11-SW1
Extension ( 1.2.840.113635.100.6.3.6 )
Critical NO
Data com.yourcompany.yourexampleapp
Data app
Data com.yourcompany.yourexampleapp.voip
Data voip
Data com.yourcompany.yourexampleapp.complication
Data complication
How can I build this extension into the CSR. I know I need to edit the openssl.conf to add it in the "req" section, but what's the specific codes to put all these attributes into CSR? The following command I try can add one line into the CSR, but how can I add the following part? Thanks in advance!!!
[ customized_extension ]
1.2.840.113635.100.6.3.62=Critical NO,ASN1:UTF8String:1.2.840.113635.100.6.3.62
1.2.840.113635.100.6.3.62=ASN1:UTF8String:com.yourcompany.yourexampleapp
???? --How to add the next part?
openssl req -new -sha256 -key ses_lab_20170120.key -out ses_lab_20170120.csr -config openssl.cnf
openssl req -in ses_lab_20170120.csr -text -noout
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=CN, ST=GD, L=GZ, O=Ericsson, OU=SES, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b0:9e:2f:3d:52:da:71:0a:e3:93:13:2b:c4:92:
4b:4b:3c:0c:70:98:d5:6d:3f:a0:af:f4:03:d0:26:
53:6a:d4:7e:82:d7:95:6a:8f:29:eb:88:6c:67:4a:
94:d4:b5:ed:9a:b5:d4:e4:44:8c:1d:21:ec:ba:03:
df:61:3f:6a:5e:c0:ea:13:00:62:e0:df:3c:39:2b:
1a:2b:b0:b5:39:1a:bf:ba:d5:85:0d:37:bd:2a:92:
d1:6e:9b:05:37:bf:bf:c2:83:ca:8f:27:5a:b3:d3:
b5:53:17:7e:b0:d8:ea:ec:51:09:7f:d5:e7:5e:a5:
03:ff:63:28:da:11:5a:ae:10:01:05:46:da:62:02:
b2:20:4d:08:a8:47:ed:95:2a:b9:f3:e9:f5:e6:fb:
b0:29:99:c5:cf:d3:80:98:8b:8a:10:4f:8a:fa:57:
f8:50:31:e7:02:6a:8c:16:13:99:1d:e3:6d:ce:d5:
43:d9:c9:1f:50:b8:55:07:00:88:d6:ab:b1:44:46:
32:62:03:25:91:9a:ae:72:09:b8:a4:07:9c:86:95:
bf:59:0e:0e:65:73:b7:0f:86:d3:d2:7e:ac:7e:82:
9f:61:c8:41:b0:d6:25:2a:4f:09:93:6d:6a:15:b8:
60:22:ba:34:d4:69:dc:b1:6c:98:8a:4a:01:31:71:
b8:0f
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
1.2.840.113635.100.6.3.62:
..com.yourcompany.yourexampleapp
Signature Algorithm: sha256WithRSAEncryption
62:53:2f:85:1f:7c:9f:4c:b8:48:c0:df:20:5d:3a:6d:f3:55:
7c:63:90:66:3c:14:d5:e0:c8:4e:f3:21:2d:d8:5b:ed:4c:2d:
38:5b:90:ad:a6:e4:0c:1d:e7:b6:c6:66:1f:41:c9:cf:f1:10:
13:a7:27:bf:f5:74:93:76:dd:e0:1a:64:7e:66:62:87:9b:e4:
88:c2:74:65:fc:90:04:d3:24:51:2b:c3:f0:ef:0d:b3:e9:cb:
d8:23:d6:63:31:0a:93:d6:f3:36:99:8d:1e:33:fd:fd:c3:6d:
a8:38:9d:63:ce:2b:2b:4e:43:93:77:87:05:e7:c5:6d:39:98:
f2:7d:39:3e:bc:a9:9a:59:c4:ce:c2:88:ef:95:67:55:cc:a9:
e4:3a:8a:1d:49:66:77:81:8d:0e:9b:ce:f1:cc:3d:83:62:cc:
86:fe:4a:2d:f0:b9:70:9f:d8:75:9e:52:99:53:4e:ea:32:8d:
af:11:9c:d3:cc:d4:8b:e5:24:c2:10:2b:11:61:52:2d:a3:67:
f0:f6:9c:8e:3e:12:66:0f:14:9e:1c:3d:77:81:3a:26:35:e0:
15:c5:ab:d2:4b:51:c4:2e:7d:7b:0a:92:ae:89:fb:f2:fa:32:
81:52:da:49:16:c3:84:a9:82:e1:2d:b6:9b:03:ae:88:fb:fd:
17:ee:3c:1b

iOS connect with self-signed TLS/SSL certificate not working

I would like to encrypt and secure a network connection agains MITM attacks for an iOS application. Since the application will only connect to one server, there is no need to have the certificate signed by a CA like VeriSign. I want to self-sign the certificate and distribute it with the application.
I tried this but end up with kSecTrustResultRecoverableTrustFailure and can not figure out where I went wrong. Can someone look over it and identify the problem or point me into a direction on how to debug this? Is it a problem because I use/test on localhost?
I think it is a problem in the creation of the certificate or setup of the server but I don't know what it is. I tested it with openssl s_client and it seems to work but iOS does not accept it (see below). I could accept kSecTrustResultRecoverableTrustFailure as success but would rather avoid it.
Creation of certificate
My openssl.cnf. The last line specifies subjectAltName and should be the only important one.
[ req ]
default_bits = 2048 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = sha256 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
# Variable name Prompt string
# #---------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------------ ------------------------------
0.organizationName_default = The Sample Company
localityName_default = Metropolis
stateOrProvinceName_default = New York
countryName_default = US
[ server ]
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
nsCertType = server
subjectAltName = IP:127.0.0.1,DNS:localhost
This is how I create the certificate. I use sha256 since md5 seems not supported. Afterwards I transform the certificate to DER format which iOS needs.
macbook:~/Documents/app/https-test/cert$ openssl req -x509 -sha256 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 356 -nodes -config openssl.cnf
Generating a 2048 bit RSA private key
..+++
............................................................+++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:com
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
macbook:~/Documents/app/https-test/cert$ ls
cert.der cert.pem key.pem openssl.cnf
macbook:~/Documents/app/https-test/cert$ openssl x509 -in cert.pem -outform der -out cert.der
Server
The server is a node.js server that accepts https requests.
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('../cert/key.pem'),
cert: fs.readFileSync('../cert/cert.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("test return\n");
}).listen(8443);
I tested this server with the following output:
macbook:~/Documents/app/https-test/server$ openssl s_client -showcerts -host localhost -port 8443 -CAfile ../cert/cert.pem
CONNECTED(00000003)
depth=0 /O=The Sample Company/L=Metropolis/ST=New York/C=US
verify return:1
---
Certificate chain
0 s:/O=The Sample Company/L=Metropolis/ST=New York/C=US
i:/O=The Sample Company/L=Metropolis/ST=New York/C=US
-----BEGIN CERTIFICATE-----
MIIDIDCCAggCCQClnXQ2tGOF1jANBgkqhkiG9w0BAQsFADBSMRswGQYDVQQKExJU
aGUgU2FtcGxlIENvbXBhbnkxEzARBgNVBAcTCk1ldHJvcG9saXMxETAPBgNVBAgT
CE5ldyBZb3JrMQswCQYDVQQGEwJVUzAeFw0xNDAyMjQwMDEwMTJaFw0xNTAyMTUw
MDEwMTJaMFIxGzAZBgNVBAoTElRoZSBTYW1wbGUgQ29tcGFueTETMBEGA1UEBxMK
TWV0cm9wb2xpczERMA8GA1UECBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzudBEZmW78S9EnxQzObf778qIBRf
/pUPVKSC31/8iVLM3w71GtHxI39Gt+WwAhMRRKmO+EhsFWDmQZfg3GNsws4Uj/uO
8I6Xp9rF7IWBIAZ37X2nUPD/qEU4+SFmiNi8POaXPt+5mQQLYFfun5YzpZPoiPpi
wuIkcgY8mOJlNv7Hr4AnyMtMMnscZis+ELVky5Q/mDsiamHzPPGjjKYKDMfwYj8S
yAz0GLKrcHBBm4Re++mefJU0sdapAYEliAJdTs0aBA5lxcRBzkKlFwxgsQrhtwL9
xBY+RC/PbnVWRF/YVrd7o6JvXmWOPFDlbL99v9tGGjoUyFDeLoIMaqaGmwIDAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAdnvu4W6GoWkAALpvpEgXBMKq2sApLHib+i8Be
+LrAS/zA1GxlMqswUBUvtGuQq88oGWC/eU3n3PvRE2tuIARg4ZSGo2/KdYfvOFYy
O7hnwdlAYirdj3XKUnomj0sVgeAjJV4xSha7aOzs9mNyLquJvewBEAvQdJnPRYfS
LwSUq5kbbiHyFWHmJnTUfLpfKj0w+LNO4Jrb0GdFs7ZWq3R0Mscig668Htue4xST
jWEh0f/ZcWLK+UVvTvpMb9DTM8oOV94EHt+slaIMEzD2hWjtLcwGfUzX5qYU450v
Kt1b40tBHRHi8ytstg4qdLlwf0NpXejcLQiW1CgNZoEIBtP+
-----END CERTIFICATE-----
---
Server certificate
subject=/O=The Sample Company/L=Metropolis/ST=New York/C=US
issuer=/O=The Sample Company/L=Metropolis/ST=New York/C=US
---
No client certificate CA names sent
---
SSL handshake has read 983 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: C8901BBE04CB24444E0DDEA60EB7A72A64822E652973AD1D16E27D1E1F29F828
Session-ID-ctx:
Master-Key: D143A0F58C848B0E1BCA7BDF22EEBC326F811961CC10FF3A653715A8D8F96F5825AFC6D200F334D2E1581BFECA940111
Key-Arg : None
Start Time: 1393256956
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
^C
iOS app
The app uses this NSURLConnectionDelegate https://gist.github.com/dhoerl/2051599

The iOS code you linked to expects the server's certificate to be in the device's trusted root certificate store, or at least signed by a trusted root certificate authority. The error you are getting suggests that this is not the case.
That error means the certificate is not trusted. By definition, a self-signed certificate is not trusted because it isn't signed by a trusted root certificate authority (so there's no way to verify that the signer of the certificate is who they say they are).
If you just want the benefits of SSL encryption without the protection from MITM attacks, you can bypass the server check by doing something like the following in the NSURLConnection delegate's didReceiveAuthenticationChallenge method:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
Note that this will not prevent MITM attacks, since you are now allowing a connection to any SSL host, but if you truly want that kind of protection you shouldn't use a self-signed certificate. If you just want the encryption offered by SSL, a self-signed certificate is fine.
That said, you can do server authentication if you are bundling the server certificate in with your application - this is known as certificate pinning. You would need to add code in the didReceiveAuthenticationChallenge method above to compare the server's certificate with the one that's embedded in your application and have it trust ONLY that specific certificate and no other. This of course means that if the certificate on your server ever expires or changes, your clients will no longer be able to connect (until you rebuild and redistribute your application with the new certificate). It also means that if your server's private key is ever stolen or compromised, you won't be able to revoke it and issue a new one, and the Bad Guys will be able to impersonate your server to any clients that try to connect using the compromised key. Using a certificate issued by a trusted root CA avoids both problems, and is still the recommended way to go if you truly need server authentication. That way you can revoke the certificate if you ever need to, issue a new one, and everything will still work.

#1703536 's solution almost did it, I only had to implement another URLConnection's delegate message :
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
Concerns about security doing that are well explained in the other answer ;-)

Reading Private Key in PEM format with LockBox

I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox.
The private key I have is in PEM format and was created using openssl:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj
"/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com"
-keyout myrsakey.pem -out c:\temp\myrsacert.pem
Here is what it looks like:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDFzvqdAEQn9MrSLTNua5SOxshV/8jQIf3qpfunBXa9SVdm4NJw
lY7iYpwivw7EdMlBe4FmezN9LGwyIokcUSt4KUdWmA8l4Lm5rcuDzzfmlVWP7y+j
0GKG2XCp2JwHpW4Q5WiMgcAnCMD/gbDustfz3utxQhLNBdWp2MlrEH2/rQIDAQAB
AoGAUMZmnHohWtehgxYmLG8N6QfPgx7CWAupbop9KwUWKdGrOT2RcZwBDv0JmT6/
vwWZsX3Hp5ujuPfM7uQfbUrQHrcruUg/fPY8YXcWgNfOytGpaN/XKxfy2g2Cp8mE
4yoDR2QW8jo25ZH1q1cJ3jMyX9xlXaSZm7qtaoiDydE6roECQQDxqtP2tMEZ2FmQ
2o4T5Zv7P4II2PrLq+9IP0ASCZ2VzLxm2Pk6kxjnPjZ2oHG8pUQHvMz0m8Br3BY8
X1BpXrj9AkEA0YpBH7qm/nbG6YjxKAL3PbxXUJ06T/ByLjfstfCrT3LxDeklfWJb
n/V8ahRcKPLajdbKAuWvJA5NvjeJPi34cQJAZ+vD1nUIDKsiaM3zBs9X8gTvUAqu
XmMDNJguXxNPdplh8wAevHeA3/+6v+xivHJ8/K7Nm+pWJouv7Co4k/ctqQJASV4y
TUzKmgC2xyCG5+6Z6Ujf/b7/ouva3un//PiG0yu40ZkX4l4lHM4UwQPd/QyDj/Rs
CTWo7GQBvp+tc1MfUQJBALnQnNOIIkvwIK+1J6iLZgh7GurbCPMrH8nSn8SxkfBe
qq5JWo31LQAUNDW5ntG0qHZQpx6zm2MzIlt2NgOLf4s=
-----END RSA PRIVATE KEY-----
If I am not mistaken, the component I want to use is TLbRSAKey. So I have tried to create key object and read it from file:
var
mPrivateKey: TLbRSAKey;
begin
mPrivateKey := TLbRSAKey.Create(aks1024);
mPrivateKey.LoadFromFile('C:\temp\myrsakey.pem');
On the LoadFromFile I get a "Invalid RSA Key" error. What am I doing wrong? Does Lockbox support keys in PEM format? None of the examples illustrate; everything seems to be in ASN format

I am not a delphi programmer, but I thought I'd try to provide some pointers.
First, make sure you generate a new private key for your real application. Now that you've shared your private key with us, we wouldn't want any open security holes out there.
Secondly, the ASN.1 format is generated using the DER output from OpenSSL. The PEM format is just the base-64 encoding of the binary ASN.1 structure (and the markers are added).
You can get back to DER in one of two ways:
1) You can parse and decode the base-64 data in the PEM envelope. To do this, just decode the data between the -----BEGIN/END RSA PRIVATE KEY----- markers.
Or, since you are creating a new key anyway... ;)
2) You could use the -outform DER argument when you generate your key using OpenSSL.
I'm not certain this will work for your application, but maybe it will help get you a little further.
TIP to convert a PEM provate key to DER format, use the rsa utility in OpenSSL:
openssl rsa -inform PEM -outform DER -in privkey.pem -out privkey.der