The "documentation" is poorly worded.
Consider this program:
// See <https://developer.apple.com/forums/thread/710961> for `secCall(…)`.
let privateKey = try secCall { SecKeyCreateRandomKey([
kSecAttrKeyType: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits: 2048
] as NSDictionary, $0) }
let digest = Data(1...20)
let signature = try secCall { SecKeyCreateSignature(privateKey, .rsaSignatureDigestPKCS1v15SHA1, digest as NSData, $0) }
print((signature as NSData).debugDescription)
// SEQUENCE {
// SEQUENCE {
// OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
// NULL
// }
// OCTET STRING 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14
// }
let digestDER = Data([
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x01,
0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
0x12, 0x13, 0x14,
])
let signatureDER = try secCall { SecKeyCreateSignature(privateKey, .rsaSignatureDigestPKCS1v15Raw, digestDER as NSData, $0) }
print((signatureDER as NSData).debugDescription)
It prints the same value for signature and signatureDER [1].
As you can see, the .rsaSignatureDigestPKCS1v15Raw is expecting the digest to be embedded within a DER structure with an appropriate OID identifying the algorithm. This is the DigestInfo structure, as defined in section 10.1.2 of RFC 2313.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Taking advantage of the fact that old school RSA signatures are deterministic, which is terribly cryptographic practice but great for debugging (-: