Geek Answers Handbook

Goal C: export the private and public key from the keychain

I can create a public-private keypair using SecKeyGeneratePair [Apple CryptoExercise] .

Q1. The keys in the keychain are displayed so that they do not display any name. How to add a friendly name to keys. enter image description here

Q2. However, how can I export the public and private keys that were generated in a usable format:

 -----BEGIN RSA PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCWtYiGnhAv... -----END RSA PUBLIC KEY-----

and

 -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----

Please note that they can be manually exported from the keychain, but how can this be achieved using Object Apis C.

Any help would be noticeable.

There is a similar question here, but without an answer: iPhone: how do you export SecKeyRef or NSData containing the public key in PEM format? There is no need to use OpenSSL for this purpose.

+7
objective-c keychain public-key-encryption private-key
source share
2 answers

Perhaps you can refer to these documents from Apple:

Obtaining a SecKeyRef Object for Public Key Cryptography and a Guide for Programmers on Certificates, Keys, and Trusted Services

Getting a SecKeyRef Object for Public Key Cryptography

Removing keys from a keychain If you are using existing public and private keys from your keychain, read the certificate, key and trust Service Programming Guide to learn how to get SecKeychainItemRef for this key.

Once you get SecKeychainItemRef, you can SecKeyRef for use with this API.

Importing existing public and private keys Importing and exporting a pair of public and private keys is somewhat more complicated than generating new keys due to the number of different key formats in common use.

This example describes how to import and export a key pair in PEM (Privacy Enhanced Mail).

To export keys to a CFDataRef object

  • Create and populate an array of key usage.
  • Create and populate an array of key attributes.
  • Set the usage fields and key attributes in the parameter object.
  • Set the external format and flag values โ€‹โ€‹accordingly.
  • Export the key with the API as follows.
 OSStatus oserr = SecItemExport(publickey, externalFormat, // See SecExternalFormat for details flags, // See SecItemImportExportFlags for details &params, (CFDataRef *)&pkdata); if (oserr) { fprintf(stderr, "SecItemExport failed (oserr=%d)\n", oserr); exit(-1); }
+3
source share

Q1. How to add a friendly name to keys?

Use kSecAttrLabel to pass the label in the SecKeyGeneratePair() parameter dictionary.

Q2. How to export keys to PEM format?

The PEM format is the same data as a DER-encoded file, but it is encoded in base64 with additional header and footer lines. DER-formatted data can be obtained using the kSecFormatX509Cert and kSecItemPemArmour parameters when calling SecItemExport() .

 CFTypeRef key = NULL; // your key CFDataRef data; SecItemExport(key, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); NSString* base64EncodedString = [(__bridge NSData*)data base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength]; NSString* pemString = [NSString stringWithFormat:@"-----BEGIN FOO BAR KEY-----\n%@\n-----END FOO BAR KEY-----", base64EncodedString]; NSData* pemData = [pemString dataUsingEncoding:NSUTF8StringEncoding];
0
source share

More articles:


All Articles