RSA Signature - How to use Modulus and Exponent

Question

I am trying to verify a digitally signed piece of json. I have a base64 decoded exponent and a base64 decoded modulus.

I am using objective c and I seem to just be going around in circles, in java it takes roughly 5 minutes (using JOSE API's) to do this, I have spent 2 days trying to work out what to do in objective C.

Can anybody point me in the right direction please?

I should say originally I was trying to do what this tutorial demonstrates http://ios-blog.co.uk/tutorials/quick-tips/quick-tip-how-to-get-seckeyref-from-base64-coded-string/ so that I could verify the signature but I always get NULL back trying to create the SecCertificateRef.

I read this java tutorial http://www.trajano.net/2014/07/parsing-json-web-key-jwk-in-java/ which is what got me thinking that I need to use the modulus and exponent to somehow verify the digital signature.

The article "ios-blog.co.uk" is how to create a certificate from a "public key". The "public key" is a wrapper around the modulus and exponent, in this example a RSA PKCS#8, not what you have. — zaph, Nov 05 '14 at 12:16
For information on creating a Keychain entry from a modulus and exponent see: [Import Standard RSA key to iPhone key store](http://blog.wingsofhermes.org/?p=75), skip the part of extracting the modulus and exponent from the PKCS#8 public key. For a complete example of RSA encryption/decryption see GitHub project: [iOS-Certificate--Key--and-Trust-Sample-Project](https://github.com/kuapay/iOS-Certificate--Key--and-Trust-Sample-Project), again skip the part of extracting the modulus and exponent from the PKCS#8 public key. — zaph, Nov 05 '14 at 12:40
Hi @Zaph thanks I am going to go back to that post now, I had already tried what was in that forum post but hadn't managed to get it working. Do you know if I need to do this bit /* Now strip the uncessary ASN encoding guff at the start */ because when I tried that I ended up with zero bytes. — berimbolo, Nov 05 '14 at 13:47
I also have these as separate string values, do I need to combine the 2 to end up with an NSData? I don't see the bit in the first forum post where they work with a separate modulus and exponent, I must be missing something? — berimbolo, Nov 05 '14 at 13:50
One more point, which is probably relevant is that I don't want to store the key permanently, I make a call to get the keys from the server and they could change at any time so I was hoping to just create the public key dynamically, use it to decrypt the signature and then throw it away, so to speak. — berimbolo, Nov 05 '14 at 13:54
Currently Apple requires using the keychain for RSA keys, you can always delete the key. Another option is OpenSSL, you will have to get and compile the source, Apple no longer supplies OpenSSL libraries because to many OpenSSL updates are not backward compatible so there is a version issue. — zaph, Nov 05 '14 at 14:04
Ok so if I can get this key into the keychain would I still want to use a SecKeyRef object to decrypt the JSON? Sorry for so many questions but this is the first objective c app Ive worked on and in java this trivial but seems to be so complicated in objective c. — berimbolo, Nov 05 '14 at 14:09
Yes, this should be easy. The deal is that Apple is being difficult and does not want to recognize that interoperability with other systems should be easy and that other systems may not have the same certificate based focus. It is not dissimilar to the large number of years Apple took to add Base64 encoding/decoding to their APIs and there is still not hex encoding/decoding methods. — zaph, Nov 05 '14 at 15:10
Please look at the links I provided. I can't help very much beyond thios as I am working through a similar problem myself. — zaph, Nov 05 '14 at 15:15
You should use [SecKeyRawVerify](https://developer.apple.com/library/ios/documentation/security/reference/certifkeytrustservices/index.html#//apple_ref/c/func/SecKeyRawVerify) to verify the signature with a public key. — divanov, Nov 15 '14 at 06:22

RSA Signature - How to use Modulus and Exponent

0 Answers0