I'm developing an iOS Framework based on Objective-C that needs to generate Elliptic Curve KeyPair by Software, in order to retrieve the PrivateKey, encrypt and store it. This PrivateKey is used later to sign (with the SecKeyRawSign method) and the signature will be sent back to the server, where will be checked with the PublicKey.
1) First take note of the date in the actual distribution certificate that is missing it's private key. Then go to the keychain application on the other computer and type IOS in the search bar. It will show all of your IOS Developer and Distribution keys so you have to find the right one. In my Keychain, I have my iOS developer certificate, along with its nested private key. In the Apple developer center, I created a provisioning profile under Distribution for my app, and downloaded it. Re: Certificate private key for signing Level 1 (0 points) jcaka Jun 9, 2017 12:56 AM (in response to Mihies) You can use the iOS app upload utility Appuploader, you can help you in the Windows environment to quickly apply for iOS certificate upload IPA to the App Store, very few mistakes, I have been using.
To achieve the generation I'm using the Keychain (not the Secure Enclave), in this way I'm able to retrieve both Key also as CFDataRef.
Now I need to encrypt the PrivateKey, and I can't just encrypt the entire byte array, otherwise when I will try to decrypt it with a wrong password, I will not be able to reconstruct anywhere the Key, and the sign method will fail, exposing me to offline attacks. Generate ssh key windows openssh. What I'm saying is that, when I will decrypt the Key, I would like to receive a well format key, but obviously not the correct one, so I can generate a signature and delegate to the server the verification and how to handle the error.
So, how can I encrypt this byte array of the PrivateKey?
Everything is already implemented, also the encryption and decryption methods, I need just to extract 'a part' of the PrivateKey and encrypt just that, but how can I do this?