Okay I've made some progress, to better understand the structure and the data that is stored within the keychain I tried debugPrinting out all the attributes within the identity, however it seems like only the kSecClassCertificate related attributes are present, and none of the kSecClassKey, even though I can retrieve the private key: let query: [String: Any] = [kSecClass as String: kSecClassIdentity, kSecMatchLimit as String: kSecMatchLimitAll, kSecReturnAttributes as String: true, kSecReturnRef as String: true, ]; var item: CFTypeRef?; let status = SecItemCopyMatching(query as CFDictionary, &item); debugPrint(status); let output = item as! [[String: Any]]; for entry in output { do { debugPrint("Certificate attributes:"); let label = entry[kSecAttrLabel as String]; debugPrint("Label: ", label!); let certType: CSSM_CERT_TYPE = entry[kSecAttrCertificateType as String] as! CSSM_CERT_TYPE; debugPrint("Cert item type: ", certType); let issuer = entry[kSecAttrIssuer as String]; debugPrint("Issuer: ", String(data: issuer! as! Data, encoding: .utf8)!); let serialNumber = entry[kSecAttrSerialNumber as String]; debugPrint("Serial number: ", serialNumber!); var cert: SecCertificate?; SecIdentityCopyCertificate(entry[kSecValueRef as String] as! SecIdentity, &cert); debugPrint("Certificate: ", cert!); debugPrint(); } do { debugPrint("Key attributes:"); let keyClass = entry[kSecAttrKeyClass as String]; debugPrint("Key class: ", keyClass); let keyType = entry[kSecAttrKeyType as String]; debugPrint("Key type: ", keyType); let applicationLabel = entry[kSecAttrApplicationLabel as String]; debugPrint("Application label: ", applicationLabel); let applicationTag = entry[kSecAttrApplicationTag as String]; debugPrint("Application tag: ", applicationTag); let sizeInBits = entry[kSecAttrKeySizeInBits as String]; debugPrint("Size in bits: ", sizeInBits); let effectiveKeySize = entry[kSecAttrEffectiveKeySize as String]; debugPrint("Effective key size: ", effectiveKeySize); var pkey: SecKey?; SecIdentityCopyPrivateKey(entry[kSecValueRef as String] as! SecIdentity, &pkey); debugPrint("Private key: ", pkey!); debugPrint(); } }

[quote='814638022, DTS Engineer, /thread/768855?answerId=814638022#814638022'] If so, the SecItem API has a specific class for that, kSecClassIdentity. This works in terms of SecIdentity objects. [/quote] Ah, thank you, that's exactly what I was looking for.