I am using digital certificates to sign data files in my App. The code fragment below fails when the call to SecKeyRawVerify
returns with -9809. This is running on an iPhone. I can't even identify exactly what this error code means
The prior Security Framework calls to load and create the SecTrustRef from which the public key is obtained seem fine - no errors. The only slight issue is that the call to SecTrustEvaluate
returns a kSecTrustResultUnspecified
, but I assume that is because the policy I am using is the boilerplate one returned by the SecPolicyCreateBasicX509
call.
Any assistance or insight would be very much appreciated.
Thanks
SecKeyRef keyRef = SecTrustCopyPublicKey (trustRef);
fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"txt"];
NSData *data = [NSData dataWithContentsOfURL:fileURL];
fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"sgn"];
NSData *signature = [NSData dataWithContentsOfURL:fileURL];
NSLog(@"Hash block size = %zu",SecKeyGetBlockSize(keyRef));
status = SecKeyRawVerify (keyRef,
kSecPaddingPKCS1SHA1,
(const uint8_t *)[data bytes],
(size_t)[data length],
(const uint8_t *)[signature bytes],
(size_t)[signature length]
);
I've discovered what's happening. The
SecKeyRawVerify
call takes the digest of your data as the input, not the data itself. The code below works - and incidentally, if the signature is not verified because the underlying data has changed, then the status return is -9809.Thanks