Contents

SecKeyRawSign(_:_:_:_:_:_:)

Generates a digital signature for a block of data.

Declaration

func SecKeyRawSign(_ key: SecKey, _ padding: SecPadding, _ dataToSign: UnsafePointer<UInt8>, _ dataToSignLen: Int, _ sig: UnsafeMutablePointer<UInt8>, _ sigLen: UnsafeMutablePointer<Int>) -> OSStatus

Parameters

  • key:

    Private key with which to sign the data.

  • padding:

    The type of padding to use. Possible values are listed in Secpadding. Use Pkcs1sha1 if the data to be signed is a SHA1 digest of the actual data. If you specify Ksecpaddingnone, the data is signed as-is.

  • dataToSign:

    The data to be signed. Typically, a digest of the actual data is signed.

  • dataToSignLen:

    Length in bytes of the data in the dataToSign buffer. When PKCS1 padding is performed, the maximum length of data that can be signed is 11 bytes less than the value returned by the Seckeygetblocksize(_:) function (secKeyGetBlockSize() - 11).

  • sig:

    On return, the digital signature.

  • sigLen:

    On entry, the size of the buffer provided in the sig parameter. On return, the amount of data actually placed in the buffer.

Return Value

A result code. See Security Framework Result Codes.

Discussion

The behavior this function with kSecPaddingNone is undefined if the first byte of the data to sign is 0; there is no way to verify leading zeroes, as they are discarded during the calculation.