Get device's digital identities

App & System Services Networking
roee84 OP
Created Aug ’20
Replies 4
Boosts 0
Views 358
Participants 2
I've implemented a VPN app (using Packet Tunnel Provider) for iOS and for macOS.
I have the com.apple.managed.vpn.shared keychain access group.

Is it possible to read all the digital identities installed on the device?

  • I read the documentation but I didn't understand if I can get only the digital identities installed via MDM and only if it's done with the same profile which installed the VPN payload, or if I can read all the digital identities including those which were installed via mail. see eskimos reply and documentation

  • If it's possible to read the digital identities, how can I do it should I call something like 'SecItemCopyMatching' (see example code), or something like 'reading in a PKCS#12-formatted blob and then importing the contents of the blob into the app's keychain using the function SecPKCS12Import' like it's written at the documentation


Answered by DTS Engineer in 629259022

is there any other way my app can read a digital identity which was
manually installed?

No.

Or is the only way is to open the file picker and let the user choose
the digital identity?

Once imported the digital identity lives in the keychain, not in a separate file.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Replies  4
Boosts  0
Views  358
Participants  2
DTS Engineer OP
Apple
Aug ’20

Is it possible to read all the digital identities installed on the
device?

No. com.apple.managed.vpn.shared lets you access a digital identity which was installed as part of a VPN configuration profile. Other digital identies, such as those installed using Mail, are placed in an Apple-private keychain access group.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
2
roee84 OP
Aug ’20
Thanks for the answer!
And a final question on this - is there any other way my app can read a digital identity which was manually installed? Maybe there's such a permission request for the user? Or is the only way is to open the file picker and let the user choose the digital identity?
0
DTS Engineer OP
Apple
Aug ’20
Accepted Answer

is there any other way my app can read a digital identity which was
manually installed?

No.

Or is the only way is to open the file picker and let the user choose
the digital identity?

Once imported the digital identity lives in the keychain, not in a separate file.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
1
roee84 OP
Aug ’20
Oh, so there's no way for my app to get access to an already installed digital identity.
Seems that I'll have to ask the customers to send it via the MDM, and I might also submit an enhancement request about this.
Thanks for your time!

0
Get device's digital identities
First post date Last post date
 
 
Q