本文介绍了iPhone TrustStore CA 证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

你们中有人知道如何更改 Security.framework/TrustStore.sqlite3 的内容吗?似乎 iPhone 使用它来存储受信任的 CA 证书.我真的希望我的 iPod touch 信任我的自定义证书.除此之外,你们中有人知道编辑 sqlite3 数据库文件的应用程序(win32)吗(除了 sqliteman,这个总是对我崩溃).

Does any of you have a clue how to alter the contents of Security.framework/TrustStore.sqlite3. It seems as if the iPhone uses it to store trusted CA certificates. I really want my iPod touch to trust my custom certificate. Beside that, does anyone of you know an app (win32) to edit sqlite3 database files (except sqliteman, this one always crashes for me).

推荐答案

我可以想象其他人会遇到这个问题,所以我想回答它是如何工作的(Apple 不喜欢看到):

I can imagine that someone else will encounter this problem, therefore I'd like to answer how it works (Apple won't like to see that):

1st) iPhoneOS 信任存储在/System/Library/Frameworks/Security.framework/TrustStore.sqlite3 中的每个 CA 证书

1st) The iPhoneOS trusts every CA certificate stored in /System/Library/Frameworks/Security.framework/TrustStore.sqlite3

2nd)该数据库中的某些字段包含我不理解的数据,而其他诸如SHA1"之类的含义非常明显.

2nd) Some fields in that database contain data which I did not understand, while other's meanings like "SHA1" are quite obvious.

3rd) 在你的 iPod/iPhone 上有两个不同的 TrustStore.sqlite3s.第二个位于/private/var/Keychains/TrustStore.sqlite3.它们之间的唯一区别是 Apple 只信任 Security.framework 中的内容.

3rd) There are two different TrustStore.sqlite3s on your iPod/iPhone. The second one is located at /private/var/Keychains/TrustStore.sqlite3. The only difference between those is that Apple only trusts the contents of the one in Security.framework.

4th) 后者用于存储用户安装的证书(谢谢,koregan),而表格布局是一样的.

4th) The latter one is used to store user installed certificates (thanks, koregan), while the table layout is the same.

5th) 使用 Mail 或 Safari 打开您的自签名证书并安装它.

5th) Open your self-signed certificate using Mail or Safari and install it.

6th) 使用您最喜欢的 SQLite 数据库管理器打开/private/var/Keychains/TrustStore.sqlite3 并在 tsettings 中查找SHA1"BLOB 包含您的 CA 证书哈希的行.

6th) Open /private/var/Keychains/TrustStore.sqlite3 using your favourite SQLite database manager and look for the row in tsettings whose "SHA1" BLOB contains the hash of your CA certificate.

7th) 提取整行并将其插入到 TrustStore.sqlite3 的 tsettings 表中.

7th) Extract the whole row and insert it into TrustStore.sqlite3's tsettings table.

8) 确保您已将数据库复制回设备,然后重新启动它.

8th) Make sure you copied the database back to the device, reboot it.

9th) 现在它应该完全信任那些由您的自定义 CA 签名的证书.

9th) By now it should totally trust those certificates which are signed by your custom CA.

这篇关于iPhone TrustStore CA 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-11 18:25