Login/Register
Objective C: Exporting Private and Public Key from Keychain
Asked Answered
objective-ckeychainpublic-key-encryptionprivate-key
T

2

7

I am able to create a public-private keypair using SecKeyGeneratePair [Apple CryptoExercise]function.

Q1. The keys in the keychain appear as without displaying any name. How can we add a friendly name to the keys. enter image description here

Q2. However how can i export public and private key that has been generated in the usable format: 

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCWtYiGnhAv... 
-----END RSA PUBLIC KEY-----

and:

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

Note that they can be manually exported from the keychain but how can this be achieved using objective C Apis.

Any help would be appreciable.

There is a similar question here but without any answer: iPhone: How do you export a SecKeyRef or an NSData containing public key bits to the PEM format? There is no need of using OpenSSL just for this purpose.

Tapestry answered 7/6, 2015 at 2:3 Comment(0)
O
3

Maybe you could refer to these documents from Apple:

Obtaining a SecKeyRef Object for Public Key Cryptography and Certificate, Key, and Trust Services Programmer’s Guide

Obtaining a SecKeyRef Object for Public Key Cryptography

Extracting Keys from the Keychain If you are using existing public and private keys from your keychain, read Certificate, Key, and Trust Services Programming Guide to learn how to retrieve a SecKeychainItemRef object for that key.

Once you have obtained a SecKeychainItemRef, you can cast it to a SecKeyRef for use with this API.

Importing Existing Public and Private Keys Importing and exporting public and private key pairs is somewhat more complicated than generating new keys because of the number of different key formats in common use.

This example describes how to import and export a key pair in PEM (Privacy Enhanced Mail) format.

To export keys to a CFDataRef object

  1. Create and populate the key usage array.
  2. Create and populate the key attributes array.
  3. Set the key usage and attributes fields in the parameters object.
  4. Set the external format and flag values appropriately.
  5. Export the key with API as follows.
OSStatus oserr = SecItemExport(publickey,
    externalFormat, // See SecExternalFormat for details
    flags, // See SecItemImportExportFlags for details
    &params,
    (CFDataRef *)&pkdata); if (oserr) {
    fprintf(stderr, "SecItemExport failed (oserr=%d)\n", oserr);
    exit(-1); }
Overturf answered 25/6, 2015 at 11:36 Comment(4)
This does not answer the question.Smegma
While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes.Insured
@pc-shooter, thank you for tips. Now I know the concern and provide some essential parts of the answer as you said.Overturf
Looks much better now!Insured
C
0

Q1. How can we add a friendly name to the keys?

Use kSecAttrLabel key to pass label in parameters dictionary of SecKeyGeneratePair().

Q2. How to export keys to PEM format?

PEM format is the same data as the DER-encoded file but it is encoded in base64 with additional header and footer lines. Data in DER format can received using kSecFormatX509Cert parameter and kSecItemPemArmour flag when calling SecItemExport().

CFTypeRef key = NULL; // your key
CFDataRef data;
SecItemExport(key, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
NSString* base64EncodedString = [(__bridge NSData*)data base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength];
NSString* pemString = [NSString stringWithFormat:@"-----BEGIN FOO BAR KEY-----\n%@\n-----END FOO BAR KEY-----", base64EncodedString];
NSData* pemData = [pemString dataUsingEncoding:NSUTF8StringEncoding];
Collayer answered 28/6, 2017 at 16:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.