Why security transform failed

App & System Services Core OS
yangyang_2020 OP
Created Aug ’20
Replies 3
Boosts 0
Views 578
Participants 3
Hi.
I am following apple document (https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecTransformPG/EncryptionandDecryption/EncryptionandDecryption.html#//apple_ref/doc/uid/TP40010801-CH3-SW1) to implement the encrypt/decrypt with public/private key on macOS.
when I add below to set padding 
Code Block  
SecTransformSetAttribute(
														 encrypt,
														 kSecPaddingKey,
														 kSecPaddingPKCS7Key,
														 &error);
		if (error) { CFShow(error); exit(-1); }


The SecTransformExecute will fail as below.

Error Domain=NSOSStatusErrorDomain Code=-2147415748 "The operation couldn’t be completed. (OSStatus error -2147415748 - CSSMERRCSPINVALIDATTRPADDING)" UserInfo=0x6080002750c0 {NSDescription=CSSMERRCSPINVALIDATTRPADDING}

Please give some suggestion about this. Thanks.
Replies  3
Boosts  0
Views  578
Participants  3
DTS Engineer OP
Apple
Aug ’20
Security transforms are no longer best practice. Unless you need to support old versions of macOS (things prior to 10.12) there are better ways to achieve your goals.

A good place to start here is the CryptoCompatibility sample code. If you need help beyond that, please post more details about the specific security operation you’re trying to implement.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
TyngJJ OP
Aug ’20
More generally, the error codes returned by various Security APIs can usually be converted to something human-readable by SecCopyErrorMessageString. When all you have is a negative integer, it will at least turn it back into the enum as a string.
The specific error CSSMERR_CSP_INVALID_ATTR_PADDING suggests padding was the issue.
0
DTS Engineer OP
Apple
Aug ’20

More generally, the error codes returned by various Security APIs can usually be converted …

Fun fact! The security command-line tool will map errors for you:

Code Block  
% security error -2147415748
Error: 0x8001093C -2147415748 CSSMERR_CSP_INVALID_ATTR_PADDING


Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Why security transform failed
First post date Last post date
 
 
Q