How to generate RSA public and private keys using Swift 3?

Question

I create the key pairs of public and private using SecKeyGeneratePair.

ViewController

import UIKit
import Security

class ViewController: UIViewController {

    @IBOutlet weak var textFld: UITextField!
    @IBOutlet weak var encryptedTextFld: UITextView!
    @IBOutlet weak var decryptedTextFld: UITextView!

    var statusCode: OSStatus?
    var publicKey: SecKey?
    var privateKey: SecKey?

    override func viewDidLoad() {
        super.viewDidLoad()

        let publicKeyAttr: [NSObject: NSObject] = [kSecAttrIsPermanent:true as NSObject, kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.public".data(using: String.Encoding.utf8)! as NSObject]
        let privateKeyAttr: [NSObject: NSObject] = [kSecAttrIsPermanent:true as NSObject, kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.private".data(using: String.Encoding.utf8)! as NSObject]

        var keyPairAttr = [NSObject: NSObject]()
        keyPairAttr[kSecAttrKeyType] = kSecAttrKeyTypeRSA
        keyPairAttr[kSecAttrKeySizeInBits] = 2048 as NSObject
        keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttr as NSObject
        keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAttr as NSObject

        statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)

        if statusCode == noErr && publicKey != nil && privateKey != nil {
            print("Key pair generated OK")
            print("Public Key: \(publicKey!)")
            print("Private Key: \(privateKey!)")
        } else {
            print("Error generating key pair: \(String(describing: statusCode))")
        }

    }

    @IBAction func encryptPressed(_ sender: Any) {

    }

    @IBAction func decryptPressed(_ sender: Any) {

    }

Then I got the keys like below

Public Key

<SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 4, block size: 2048 bits, exponent: {hex: 10001, decimal: 65537}, modulus: B4854E2DA6BA5EBC96C38BD44078D314E4504D130A03018ACD17D0F6679C3B6C9937B5D932A635AEAC32B9245EC400208C1F79932174EF804468D0DCE40DAF5B544CF9E4BCD7C49BA5D0BF3F8246B89B57A3A910CBB5200DCA6145E3EE216CE9C4A3283F1027AA15F7543BD3BEFF35BE24EE709CF8EB12545970AFFDA38CA11410ECA20A8F428D228ED07BF5399A2F55D93D7C143BAFA59A08E4FF932C3A689FA7F3F166B79A43837028319CB383F716B594F317ED6E20D7A8003190A13BC132D5B13708EDAEA3E2012B16CF37437BB617070D9A6DDFE55884A79BD530E4E654B823A8BBBF0AA777C8E46E94BD83E1C59EC6E1D34E69405640C309515243AA8D, addr: 0x608000420e80>

Private Key

<SecKeyRef algorithm id: 1, key type: RSAPrivateKey, version: 4, block size: 2048 bits, addr: 0x60000003b960>

But I don't want to generate like above.

I except the keys like below

Public Key

Private Key

How to convert the keys generated by SecKeyGeneratePair to -----BEGIN RSA PUBLIC KEY----- ................ -----END RSA PUBLIC KEY----- format

can try with this link https://github.com/trailofbits/SecureEnclaveCrypto/tree/master/SecureEnclaveSwift — BHAVIK, Aug 28 '17 at 08:24

score 13 · Accepted Answer · edited Jun 02 '20 at 17:12

Please try this :

let publicKeyAttr: [NSObject: NSObject] = [
            kSecAttrIsPermanent:true as NSObject,
            kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.public".data(using: String.Encoding.utf8)! as NSObject,
            kSecClass: kSecClassKey, // added this value
            kSecReturnData: kCFBooleanTrue] // added this value
let privateKeyAttr: [NSObject: NSObject] = [
            kSecAttrIsPermanent:true as NSObject,
            kSecAttrApplicationTag:"com.xeoscript.app.RsaFromScrach.private".data(using: String.Encoding.utf8)! as NSObject,
            kSecClass: kSecClassKey, // added this value
            kSecReturnData: kCFBooleanTrue] // added this value

var keyPairAttr = [NSObject: NSObject]()
keyPairAttr[kSecAttrKeyType] = kSecAttrKeyTypeRSA
keyPairAttr[kSecAttrKeySizeInBits] = 2048 as NSObject
keyPairAttr[kSecPublicKeyAttrs] = publicKeyAttr as NSObject
keyPairAttr[kSecPrivateKeyAttrs] = privateKeyAttr as NSObject

var publicKey : SecKey?
var privateKey : SecKey?;

let statusCode = SecKeyGeneratePair(keyPairAttr as CFDictionary, &publicKey, &privateKey)

if statusCode == noErr && publicKey != nil && privateKey != nil {
    print("Key pair generated OK")
    var resultPublicKey: AnyObject?
    var resultPrivateKey: AnyObject?
    let statusPublicKey = SecItemCopyMatching(publicKeyAttr as CFDictionary, &resultPublicKey)
    let statusPrivateKey = SecItemCopyMatching(privateKeyAttr as CFDictionary, &resultPrivateKey)

    if statusPublicKey == noErr {
        if let publicKey = resultPublicKey as? Data {
            print("Public Key: \((publicKey.base64EncodedString()))")
        }
    }

    if statusPrivateKey == noErr {
        if let privateKey = resultPrivateKey as? Data {
            print("Private Key: \((privateKey.base64EncodedString()))")
        }
    }
} else {
    print("Error generating key pair: \(String(describing: statusCode))")
}

I generated the keys using this. Now I want to sign a piece of data using the same private key, I am getting the error `algid:encrypt:RSA:PKCS1: algorithm not supported by the key`. I want to use rsaEncryptionPKCS1 algorithm. function: `guard let signedData = SecKeyCreateSignature(myPrivateKey, SecKeyAlgorithm.rsaEncryptionPKCS1, data as CFData, &error) as Data? else { return nil } ` — Mahesh Haldar, Feb 23 '20 at 07:40
@Vini App what are publicKey and privateKey ? how do we get them ? — Max, Mar 05 '20 at 13:00
How I can generate new key pair on each call? since this is giving me the same keys every single time. — Chetan A, May 06 '20 at 22:31
the bytes for the keys are null. getting errors when tring to CreateSignature. Bad Access. — Mike, Jun 03 '20 at 13:39

score 2 · Answer 2 · edited Jan 23 '18 at 12:07

2

You need to convert public/private key pair for external representation using SecKeyCopyExternalRepresentation method and then convert your Data into base64 encoded string which is just PEM format, using base64EncodedString(options: ) method. Refer the code here

edited Jan 23 '18 at 12:07

Milad Faridnia

9,113
13
65
78

answered Aug 30 '17 at 08:12

Rahul Kumar

3,009
2
16
22

user3441734 · Answer 3 · 2017-06-02T03:35:21.780

-1

At first you need to obtain raw bitstreams (data) representing your key pair see how to do it here

What you need, is just base64 encoded string representing obtained data, with header and footer as is in your example which is generally known as PEM format

How? Check data.base64EncodedString()

Warning!!! Exporting private key is ... sorry for the words ... stupid idea

edited Jun 02 '17 at 03:35

answered Jun 02 '17 at 03:18

user3441734

16,722
2
40
59

except for testing purpose... :) – Medhi May 12 '20 at 10:15

How to generate RSA public and private keys using Swift 3?

ViewController

Public Key

Private Key

Public Key

Private Key

3 Answers3