It took me too long to piece this information together, so I’m posting it here for posterity, and hopefully the Googles. There are 1000 ways to skin a cat with OpenSSL, however these are at least proven to work within an iOS application via the Xcode libraries.
First, make sure you have a version of OpenSSL that is not of the Heartbleed variety. If you are using OS X’s built-in OpenSSL, you should be ok. Head to the Terminal (or CMD prompt) and get started:
- openssl genrsa -out rsaPrivateKey.pem 4096 (2048 is likely fine too – dealers choice)
- openssl rsa -in rsaPrivateKey.pem -out rsaPrivateKey.key
- openssl req -new -key rsaPrivateKey.key -out rsaCertReq.crt (this step requires basic info, and iOS requires a password, so set one when it asks)
- openssl x509 -req -days 10000 -in rsaCertReq.crt -signkey rsaPrivateKey.key -out rsaCert.crt
- openssl x509 -outform der -in rsaCert.crt -out publicKey.der
- openssl pkcs12 -export -out privateKey.pfx -inkey rsaPrivateKey.key -in rsaCert.crt
In the end, the important files from an iOS standpoint are publicKey.der and privateKey.pfx. You will use publicKey.der to encrypt data, and privateKey.pfx to decrypt. I will eventually be posting Swift code later that shows how to use these keys in actual code. For now, enjoy your keys!