How to pin the Public key of a certificate on iOS

by

In case you are in need of knowing how to extract this information from the certificate in your iOS code, here you have one way to do it.

First of all add the security framework. 

#import <Security/Security.h>

The add the openssl libraries. You can download them from https://github.com/st3fan/ios-openssl

#import <openssl/x509.h>

The NSURLConnectionDelegate Protocol allows you to decide whether the connection should be able to respond to a protection space. In a nutshell, this is when you can have a look at the certificate that is coming from the server, and decide to allow the connection to proceed or to cancel. What you want to do here is compare the certificates public key with the one you’ve pinned. Now the question is, how do you get such public key? Have a look at the following code:

First get the certificate in X509 format (you will need the ssl libraries for this)

const unsigned char *certificateDataBytes = (const unsigned char *)[serverCertificateData bytes];
X509 *certificateX509 = d2i_X509(NULL, &certificateDataBytes, [serverCertificateData length]);

Now we will prepare to read the public key data

ASN1_BIT_STRING *pubKey2 = X509_get0_pubkey_bitstr(certificateX509);

NSString *publicKeyString = [[NSString alloc] init];

At this point you can iterate through the pubKey2 string and extract the bytes in HEX format into a string with the following loop

 for (int i = 0; i < pubKey2->length; i++)
{
    NSString *aString = [NSString stringWithFormat:@"%02x", pubKey2->data[i]];
    publicKeyString = [publicKeyString stringByAppendingString:aString];
}

Print the public key to see it

 NSLog(@"%@", publicKeyString);

The complete code

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
const unsigned char *certificateDataBytes = (const unsigned char *)[serverCertificateData bytes];
X509 *certificateX509 = d2i_X509(NULL, &certificateDataBytes, [serverCertificateData length]);
ASN1_BIT_STRING *pubKey2 = X509_get0_pubkey_bitstr(certificateX509);

NSString *publicKeyString = [[NSString alloc] init];    

for (int i = 0; i < pubKey2->length; i++)
 {
     NSString *aString = [NSString stringWithFormat:@"%02x", pubKey2->data[i]];
     publicKeyString = [publicKeyString stringByAppendingString:aString];
 }

if ([publicKeyString isEqual:myPinnedPublicKeyString]){
    NSLog(@"YES THEY ARE EQUAL, PROCEED");
    return YES;
}else{
   NSLog(@"Security Breach");
   [connection cancel];
   return NO;
}

}

More Related Contents:

  1. Best practices for iOS applications security
  2. How to get information about free memory and running processes in an App Store approved app? (Yes, there is one!)
  3. Lock-down iPhone/iPod/iPad so it can only run one app
  4. How to register a custom app opening URL scheme with Xcode 4?
  5. Basic Drag and Drop in iOS
  6. How to log all methods used in iOS app
  7. UITableView infinite scrolling
  8. iPhone: How to draw line between two points on MapKit?
  9. Universal iPhone/iPad application debug compilation error for iPhone testing
  10. UILocalNotification Repeat Interval for Custom Alarm (sun, mon, tue, wed, thu, fri, sat)
  11. Is it possible to use AutoLayout with UITableView’s tableHeaderView?
  12. Is there a UIView resize event?
  13. Styling input buttons for iPad and iPhone
  14. How to open preferences/settings with iOS 5.1?
  15. How to draw a custom UIView that is just a circle – iPhone app
  16. Background image not showing on iPad and iPhone
  17. Drawing Smooth Curves – Methods Needed
  18. iOS: Using device modifiers for loading xib files?
  19. How To Build and Compile PJSIP for Xcode, Using sample code IPJSUA to test?
  20. Prevent iOS from taking screen capture of app before going into background
  21. How to convert HEX to NSString in Objective-C?
  22. Access App Identifier Prefix programmatically
  23. Get location name from Latitude & Longitude in iOS
  24. How to center a subview of UIView
  25. Bluetooth LE RSSI for proximity detection iOS
  26. Get launch orientation of iPad app
  27. UITextField in UITableViewCell Help
  28. How to get user details using twitter api v1.1 (Twitter error 215)
  29. Interface orientation in iOS 6.0
  30. Can’t find momd file: Core Data problems

Leave a Comment