There is no explicit support for CSR in Security Framework in iOS. However, it is not that difficult to build CSR 'manually' - it is just ASN.1 DER block of data that are available at iOS runtime.
Here is pseudo code of that:
- Use
SecKeyGeneratePair()
from Security Framework to create fresh public/private key - Implement
getPublicKeyBits
method to retrieve NSData-form of fresh public key (see https://developer.apple.com/library/ios/samplecode/CryptoExercise/Introduction/Intro.html ) - Implement
getPrivateKey
method to retrieve SecKeyRef from Keychain - Follow http://www.ietf.org/rfc/rfc2986.txt to construct ASN.1 DER of CSR in NSMutableData
- Use CC_SHA1_* to create signature hash of Certification Request Info (part of CSR)
- Use SecKeyRawSign and private key to sign CSR
This will create proper CSR (in form of NSData) that can be sent to CA for approval.
My implementation is available on GitHub: http://github.com/ateska/ios-csr .