Swift sign string with digital signature

Question

I have project where I need to sign string(raw or base64 encoded) with private digital signature (that has password). I searched on internet and found that private digital certificate is x.509 format(RSA). In xcode I set UIFileSharingEnabled to Enabled and uploaded that rsa.p12 certificate using Itunes. Next I get the certificate from document directory in (data or string) format. My question is how can I encrypt any text using digital signature? I tried to use this lib https://github.com/TakeScoop/SwiftyRSA/issues but this lib does not support x.509 certificate.

Does somebody know how to sign files instead of string? – Yestay Muratov Dec 12 '17 at 18:15 — Yestay Muratov, Dec 12 '17 at 18:15
did you get any solution? I too have the same requirement – Nikita Patil Apr 14 '23 at 04:25 — Nikita Patil, Apr 14 '23 at 04:25
@NikitaPatil, no, I did not get solution. – Yestay Muratov Aug 27 '23 at 13:53 — Yestay Muratov, Aug 27 '23 at 13:53

score 1 · Answer 1 · answered Dec 11 '17 at 16:16

I just found the code which encodes string text and it works

 func signRequestorId(requestorID: String) -> String? {

    let name = "RSA256_4f1826090c554a439c419043270d40f7d.p12"
    guard let certificateData = CustomFileManager.getFile(by: name) else {
        return nil
    }

    var status: OSStatus

    let certificateKey = "123456"
    let options = [kSecImportExportPassphrase as String : certificateKey]

    var optItems: CFArray?
    status = SecPKCS12Import(certificateData as CFData, options as CFDictionary, &optItems)
    if status != errSecSuccess {
        print("Cannot sign the device id info: failed importing keystore.")
        return nil
    }
    guard let items = optItems else {
        return nil
    }

    // Cast CFArrayRef to Swift Array
    let itemsArray = items as [AnyObject]
    // Cast CFDictionaryRef as Swift Dictionary
    guard let myIdentityAndTrust = itemsArray.first as? [String : AnyObject] else {
        return nil
    }

    // Get our SecIdentityRef from the PKCS #12 blob
    let outIdentity = myIdentityAndTrust[kSecImportItemIdentity as String] as! SecIdentity
    var myReturnedCertificate: SecCertificate?
    status = SecIdentityCopyCertificate(outIdentity, &myReturnedCertificate)
    if status != errSecSuccess {
        print("Failed to retrieve the certificate associated with the requested identity.")
        return nil
    }

    // Get the private key associated with our identity
    var optPrivateKey: SecKey?
    status = SecIdentityCopyPrivateKey(outIdentity, &optPrivateKey)
    if status != errSecSuccess {
        print("Failed to extract the private key from the keystore.")
        return nil
    }
    // Unwrap privateKey from optional SecKeyRef
    guard let privateKey = optPrivateKey else {
        return nil
    }

    // Retrieve the digital signature and sign the requestor

    // Get the maximum size of the digital signature
    var signedBytesSize: size_t = SecKeyGetBlockSize(privateKey)
    var signedBytes: UnsafeMutablePointer<UInt8>

    // alloc a buffer to hold the signature
    signedBytes = UnsafeMutablePointer<UInt8>.allocate(capacity: signedBytesSize)
    memset(signedBytes, 0x0, signedBytesSize)
    // We're calling alloc here, so we need to destroy and deinit
    defer {
        signedBytes.deinitialize()
        signedBytes.deallocate(capacity: signedBytesSize)
    }

    // Sign data
    let requestorData = requestorID.data(using: String.Encoding.utf8)!
    // Generate a digital signature for our requestor from our cert
    let buffer = UnsafeMutablePointer<UInt8>.allocate(capacity: requestorData.count)
    let stream = OutputStream(toBuffer: buffer, capacity: requestorData.count)

    stream.open()
    requestorData.withUnsafeBytes({ (p: UnsafePointer<UInt8>) -> Void in
        stream.write(p, maxLength: requestorData.count)
    })

    stream.close()

    let weidformat = UnsafePointer<UInt8>(buffer)

    status = SecKeyRawSign(privateKey, .PKCS1, weidformat,
                           requestorData.count, signedBytes, &signedBytesSize)

    if status != errSecSuccess {
        print("Cannot sign the device id info: failed obtaining the signed bytes.")
        return nil
    }

    let encryptedBytes = NSData(bytes: signedBytes, length: signedBytesSize)
    let signedRequestorId = encryptedBytes.base64EncodedString(options: [])

    print(signedRequestorId)
    return signedRequestorId
}

U also need function get document by name

static func getFile(by name: String)-> Data?{
    let documentsUrl =  FileManager.default.urls(for: .documentDirectory, in: .userDomainMask).first
    let destinationUrl = documentsUrl!.appendingPathComponent("\(name)")

    let isFileFound = FileManager.default.fileExists(atPath: destinationUrl.path)
    if isFileFound {
        let documentContent = FileManager.default.contents(atPath: destinationUrl.path)
        return documentContent
    }
    return nil
}
enter code here

Swift sign string with digital signature

1 Answers1