10

iOS 13's CryptoKit framework provides a .rawRepresentation value for ECDSA public and private keys. I've been trying to reverse-engineer the rawRepresentation data type to convert between it and JWK. Judging by the 64-byte length of the public key representation, it seems to be a simple x || y concatenation. I would guess that the private key would then be x || y || d, but this doesn't seem to be the case, as doing so should yield a 96-byte string, while the actual rawRepresentation is 144 bytes. It also doesn't seem to be a valid DER/ASN.1 string either. I haven't managed to find a spec that lines up with the actual values I'm getting.

As you could guess, Apple's docs are very descriptive.

rawRepresentation: A representation of the private key as a collection of bytes.

An example key pair in hex is provided.

Private: 988f8187ff7f00007466815b0d6b02ae1a063198fd1e4923fb1e413195126cc00d30483284186b435726c0c69cc774274ea32eb6a17cbaf2ea88dd7f3a5a2a3ce637bc4b96523c2795035bd2fbeb093b010000000000000000000000000000000000000000000000000000000000000012b2b61abe8beae5aeb6d0bda739235364de96c7f498813cfb0336198dcf9063
Public:  2774c79cc6c02657436b18843248300dc06c129531411efb23491efd9831061a3b09ebfbd25b0395273c52964bbc37e63c2a5a3a7fdd88eaf2ba7ca1b62ea34e

What format could this be?

Potassium Ion
  • 1,687
  • 16
  • 37
  • My SWAG would be that it's the binary form of the actual key itself, not any of the surrounding metadata that is usually included. – Mgetz Jul 31 '19 at 19:05
  • I thought so too and that's what I originally coded for, but that would be 96 bytes though (32 for `x`, 32 for `y`, and 32 for `d`). iOS seems to expect 144 bytes and throws an error when I try to use 96 bytes. – Potassium Ion Jul 31 '19 at 19:08
  • Hard to really explain everything. They key is roughly beetween the "02" (the beginning of a SHA256 EDCSA private key according to RFC, and the end of long line of 0's. Rest is headers / Hash function. Count that out it should be 96. Sorry I can't give you better answer right now, but I guarantee all the code you need is in here from this [WWDC playground](https://developer.apple.com/documentation/cryptokit/performing_common_cryptographic_operations). You shouldn't have to parse through the raw representation yourself. Use the full API's. I can hopefully write full demo later. – NSGangster Aug 02 '19 at 00:01
  • What RFC defines this format? – Potassium Ion Aug 06 '19 at 16:35
  • I too am interested in this. They have really made the API's for CryptoKit crappy. They don't expose any ECC methods and are barely supporting any key format standards at all. I would love CryptoKit to have the same functionality and API's like my EllipticCurveKit but secure and fast! https://github.com/Sajjon/EllipticCurveKit – Sajjon Aug 06 '19 at 17:50

1 Answers1

0

I was unable to figure out rawRepresentation, so I ended up using x963Representation, which is 0x04 + x + y + d for the private key (97 bytes), and 04 + x + y for the public key (65 bytes).

Potassium Ion
  • 1,687
  • 16
  • 37