From df78ced6b1c230a9366dbd46acccaa889dda4a6f Mon Sep 17 00:00:00 2001 From: andy Date: Thu, 4 Jul 2019 11:51:07 +0100 Subject: [PATCH] feat: Add support for pkcs#8 private keys Use correct PEM header in getPemString --- Sources/CryptorRSA/CryptorRSAKey.swift | 16 ++-------------- Sources/CryptorRSA/CryptorRSAUtilities.swift | 5 +++++ Tests/CryptorRSATests/CryptorRSATests.swift | 11 +++++++++++ Tests/CryptorRSATests/keys/pkcs8.pem | 16 ++++++++++++++++ 4 files changed, 34 insertions(+), 14 deletions(-) create mode 100644 Tests/CryptorRSATests/keys/pkcs8.pem diff --git a/Sources/CryptorRSA/CryptorRSAKey.swift b/Sources/CryptorRSA/CryptorRSAKey.swift index d9469a5..e50ad83 100644 --- a/Sources/CryptorRSA/CryptorRSAKey.swift +++ b/Sources/CryptorRSA/CryptorRSAKey.swift @@ -739,20 +739,8 @@ extension CryptorRSA { guard let derData = Data(base64Encoded: derString) else { throw Error(code: ERR_INIT_PK, reason: "Couldn't read PEM String") } - let pkcs1PEM: String - if keyType == .publicType { - let strippedDer = try CryptorRSA.stripX509CertificateHeader(for: derData) - pkcs1PEM = CryptorRSA.convertDerToPem(from: strippedDer, type: .publicType) - } else { - // If data is PKCS8 format strip the header - let strippedDer: Data - if derData[26] == 0x30 { - strippedDer = derData.advanced(by: 26) - } else { - strippedDer = derData - } - pkcs1PEM = CryptorRSA.convertDerToPem(from: strippedDer, type: .privateType) - } + let strippedDer = try CryptorRSA.stripX509CertificateHeader(for: derData) + let pkcs1PEM = CryptorRSA.convertDerToPem(from: strippedDer, type: keyType) return pkcs1PEM } } diff --git a/Sources/CryptorRSA/CryptorRSAUtilities.swift b/Sources/CryptorRSA/CryptorRSAUtilities.swift index d2e8a82..246ff7d 100644 --- a/Sources/CryptorRSA/CryptorRSAUtilities.swift +++ b/Sources/CryptorRSA/CryptorRSAUtilities.swift @@ -224,6 +224,11 @@ public extension CryptorRSA { /// static func stripX509CertificateHeader(for keyData: Data) throws -> Data { + // If private key in pkcs8 format, strip the header + if keyData[26] == 0x30 { + return(keyData.advanced(by: 26)) + } + let count = keyData.count / MemoryLayout.size guard count > 0 else { diff --git a/Tests/CryptorRSATests/CryptorRSATests.swift b/Tests/CryptorRSATests/CryptorRSATests.swift index f302df5..ca0f0bc 100644 --- a/Tests/CryptorRSATests/CryptorRSATests.swift +++ b/Tests/CryptorRSATests/CryptorRSATests.swift @@ -296,6 +296,17 @@ class CryptorRSATests: XCTestCase { } } + func test_private_initWithPKCS8() throws { + + let path = URL(fileURLWithPath: #file).appendingPathComponent("../keys/pkcs8.pem").standardized + XCTAssertNotNil(path) + + let str = try String(contentsOf: path, encoding: .utf8) + let privateKey = try? CryptorRSA.createPrivateKey(withPEM: str) + XCTAssertNotNil(privateKey) + XCTAssertTrue(privateKey?.type == .privateType) + } + func test_private_initWithPEMName() throws { if CryptorRSATests.useBundles, let bundle = CryptorRSATests.bundle { diff --git a/Tests/CryptorRSATests/keys/pkcs8.pem b/Tests/CryptorRSATests/keys/pkcs8.pem new file mode 100644 index 0000000..da8ad50 --- /dev/null +++ b/Tests/CryptorRSATests/keys/pkcs8.pem @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANBnRhWiUu09ddKj +BzoKikRfMYj9O+uLqFhPcpnjkb3sNCfyhzJ0FBdJl9FH3YymJkdCfXPJ2lUE4KPu +1SdKHVChI31ohIb624uCBhZ1q/peVbYkCV24eQxtvK6D1qhYjJpmNdfPJX7R7eGP +BCF9N5CP0Mu4ayxY1fdi5iB/97ktAgMBAAECgYEApAiloWGi5Bj8JE8t4QFq02Ya +Fzk7cKr8VoYyLe5xSIwigU7kG1JCfhHu7UsjlxEwD+bF192JfGHaby4NmF89sk1l +i0DoYsRPApNOR2Jx2SiwFaeRLeOlj0dl3eq6bGHddgkDaqPeMyuqTFP6uZfaQidv +unPr5HntcoV28j/FUAECQQDtOACJl6dk6LA3salNCIoUKbu0tv+PPCtpul+y91Zh +PSHxccoMq/M4XFFflOS766I0NQFEkMr/i/Lo6otWQ9AZAkEA4Oc8hWsbthlBE0xa +fr8X3DrqHnQ/Fwl9YM6rKQyf9axp+O1nxKd8TiWc5gegZRbChKa9QNgJLlJfYVIE +Dr9ENQJBAL9M4UoUjb7X03wmfuSLlWarPR+AUFm/aTcrQI+/3N4wAZaHcCyF4m+6 +KzlMhqVxYe5+LFaR+dLZlnv04YcgyskCQQC6DnJiCabmMeRFG9BttJb/qXmPcinT +XBVuJesxTXFzo4wT1AsZhFlwqOsw3bRSjM6lQO+mGlMWEC057MjQjmjVAkBCvTXV +p6v/pd8oN/Sxbh8gbXE3asSB5x1U/O0p/KH53n0D8X+lPhvhoRTKBeeiSEzWScud +jeKMklgIkfia9ZGF +-----END PRIVATE KEY-----