• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Exporting a private key with SecKeychainItemExport
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Exporting a private key with SecKeychainItemExport

  • Subject: Exporting a private key with SecKeychainItemExport
  • From: Brian Marick <email@hidden>
  • Date: Tue, 6 Jul 2010 16:38:05 -0500
I'm trying to export the private key part of a a Keychain identity. I invariably get status -25260,
"Passphrase is required for import/export." That happens in the below whether or not I give kSecKeySecurePassphrase to have the user asked for the password or supply it myself.

  CFDataRef exportedData;
  SecKeyImportExportParameters params;
  params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
  params.flags =   kSecKeyNoAccessControl;
  params.passphrase = (CFStringRef)(@"secsec");
  params.alertTitle = NULL;
  params.alertPrompt = NULL;

  status = SecKeychainItemExport(key,
                                 kSecFormatUnknown,
                                 0,
                                 &params,
                                 &exportedData);

I do actually have a key, which I confirm with this code:

  CSSM_KEY_PTR cssmKey;
  status = SecKeyGetCSSMKey(key, (const CSSM_KEY **)(&cssmKey));
  NSLog(@"get CSSM key %d\n", status);

  NSLog(@"blobtype = %d", cssmKey->KeyHeader.BlobType);
  NSLog(@"blob format = %d", cssmKey->KeyHeader.Format);
  NSLog(@"blob attr = %x", cssmKey->KeyHeader.KeyAttr);
  NSLog(@"blob usage = %x", cssmKey->KeyHeader.KeyUsage);

The BlobType is:
	CSSM_KEYBLOB_REFERENCE =		2, /* The blob is a reference to a key */
Format:
	CSSM_KEYBLOB_RAW_FORMAT_NONE =			0,
	/* No further conversion need to be done */
Attributes:
	CSSM_KEYATTR_PERMANENT =			0x00000001,
	CSSM_KEYATTR_SENSITIVE =			0x00000008,
	CSSM_KEYATTR_EXTRACTABLE =			0x00000020,
	/* Valid only in a key header generated by a CSP, not valid during an API call */
	CSSM_KEYATTR_ALWAYS_SENSITIVE =		0x00000010,
Usage:
	CSSM_KEYUSE_ANY =					0x80000000,
	CSSM_KEYUSE_ENCRYPT =				0x00000001,
	CSSM_KEYUSE_DECRYPT =				0x00000002,
	CSSM_KEYUSE_SIGN =					0x00000004,
	CSSM_KEYUSE_VERIFY =				0x00000008,
	CSSM_KEYUSE_SIGN_RECOVER =			0x00000010,
	CSSM_KEYUSE_VERIFY_RECOVER =		0x00000020,
	CSSM_KEYUSE_WRAP =					0x00000040,
	CSSM_KEYUSE_UNWRAP =				0x00000080,
	CSSM_KEYUSE_DERIVE =				0x00000100

Any ideas?

-----
Brian Marick, independent consultant
Mostly on agile methods with a testing slant
Author of /Programming Cocoa with Ruby/
www.exampler.com, www.exampler.com/blog, www.twitter.com/marick

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Exporting a private key with SecKeychainItemExport
      • From: Jens Alfke <email@hidden>
    • Re: Exporting a private key with SecKeychainItemExport
      • From: Brian Marick <email@hidden>
  • Prev by Date: Re: Finder view in an application
  • Next by Date: Re: Adding secure notes to a keychain programmatically
  • Previous by thread: Re: Adding secure notes to a keychain programmatically
  • Next by thread: Re: Exporting a private key with SecKeychainItemExport
  • Index(es):
    • Date
    • Thread