sefischer / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

Key not matching cert (iOS 7) #159

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hi Jean, thanks for all your hard work :)

I am using your pre-compiled patch posted on 9/4 
(https://code.google.com/p/iphone-dataprotection/issues/detail?id=122#c21)

What steps will reproduce the problem?
1. Using iOS 7.1.2: ./keychain_dump
2. Examine cert.plist - certificate in question IS proper and matches the 
expected serial number/thumbprint
3. Examine keys.plist - using the corresponding key does NOT correspond 
properly to the cert.plist entry. It is the wrong private key, simply does not 
work. The length and structure look good (normal RSA/x509 structure in PEM 
format, starts with "MIIEowI..." and is 1500+ characters in length) to the 
naked eye but attempting to actually use the certificate results in errors.

What is the expected output? What do you see instead?

Running `openssl x509 -noout -text -inform pem -in cert.pem` on the certificate 
outputs information on the certificate as expected including public key, 
modulus, etc. 

However, running `openssl rsa -noout -text -inform der -in key.pem` on the 
private key from keys.plist results in a string of errors:

unable to load Private Key
2108:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as
n1\tasn_dec.c:1319:
2108:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e
rror:.\crypto\asn1\tasn_dec.c:659:
2108:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as
n1\tasn_dec.c:1319:
2108:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\
crypto\asn1\tasn_dec.c:381:Type=RSA
2108:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:.\crypto\rsa\rsa_am
eth.c:115:
2108:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as
n1\tasn_dec.c:1319:
2108:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\
crypto\asn1\tasn_dec.c:381:Type=PKCS8_PRIV_KEY_INFO

Original issue reported on code.google.com by jordan.r...@gmail.com on 12 Mar 2015 at 3:26