ios create certificate request programmatically

Question

I am trying to create certificate request programmatically (that I would send to server) in iOS am OSX without using openSSL. I have managed to create RSA key pair but am failing at doing the rest. I have the code that does exactly what I need but it is written in Java and am wondering if there is someone to help me translate this to objective c.

Here is the Java code:

        test.generateKeys(); // generate RSA key pair

        PrivateKey privateKey = test.keys.getPrivate();
        PublicKey publicKey = test.keys.getPublic();

        SecureRandom sr = new SecureRandom();
        String token = "123456"; // dummy token
        String uuid = "4670ff33-d9f7-4026-957d-25c00e4dec54"; // dummy uuid

        // with Bouncy Castle
        ContentSigner signGen = new JcaContentSignerBuilder("SHA1withRSA").setSecureRandom(sr).build(privateKey);
        X500Principal subject = new X500Principal("O=" + token + ", CN=" + uuid);
        PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
        PKCS10CertificationRequest request = builder.build(signGen);

        String bc = Hex.encodeHexString(request.getEncoded());
        System.out.println(PEMtoString(request));

I am not very good in cryptography and the documentation for the crypto layer apple is developing is pretty poor documented so I am a bit lost here. I have came across a lot of similar samples but there is always something missing. Thx in advance.

Highly suggest you use openssl. If not, be prepared for several weeks of effort. See http://stackoverflow.com/questions/14741512/creating-pem-file-programmatically-in-objective-c — Peter Cetinski, Oct 10 '14 at 01:39
I would use openSSl but as I understand it Apple is discouraging it's developers to use openSSL on behave new crypto layer that they are developing, so I wouldn't want to programm something that would be rejected in future or smth. like that — AntonijoDev, Oct 14 '14 at 13:33

score 5 · Accepted Answer · answered Oct 19 '14 at 13:42

In case someone stumbles on the same problem here is the solution using Apples common crypto layer (no openSSL).

https://github.com/ateska/ios-csr

No need for several weeks of coding just a simple include.

   SCCSR *sccsr = [[SCCSR alloc] init];
    sccsr.commonName = @"some name";
    sccsr.organizationName = @"some organisation";
//    // aditional data you can set
//    sccsr.countryName = @"";
//    sccsr.organizationalUnitName = @"";
//    sccsr.subjectDER = nil;
//    //
//    
    NSData *certificateRequest = [sccsr build:pPublicKey privateKey:privateKey];

    NSString *str = [certificateRequest base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength];

    NSString *strCertificateRequest = @"-----BEGIN CERTIFICATE REQUEST-----\n";
    strCertificateRequest = [strCertificateRequest stringByAppendingString:str];
    strCertificateRequest = [strCertificateRequest stringByAppendingString:@"\n-----END CERTIFICATE REQUEST-----\n"];

SCCSR.h -> DOWNLOADED FROM PROVIDED LINK

And how to create a certificate for server validity? – ΩlostA Mar 30 '20 at 17:26 — ΩlostA, Mar 30 '20 at 17:26

ios create certificate request programmatically

1 Answers1