Hello,
We are attempting to use the SecTrust APIs to extract the public key from a certificate and evaluate a certificate chain. However, we are running into an issue where this is failing due to a "weak key size".
For example, once we have created a SecTrust object for our certificate and attempt to extract the public key using SecTrustCopyKey we get this error in the console:
[seckey] SecKeyCreate init(ECPublicKey) failed: -26275
Additionally when we attempt to run SecTrustEvaluateWithError we get:
Optional<CFDictionaryRef>
▿ some : 3 elements
▿ 0 : 2 elements
- key : TrustResultDetails
▿ value : 1 element
▿ 0 : 2 elements
▿ 0 : 2 elements
- key : WeakKeySize
- value : 0
▿ 1 : 2 elements
- key : MissingIntermediate
- value : 0
▿ 1 : 2 elements
- key : TrustResultValue
- value : 6
▿ 2 : 2 elements
- key : TrustEvaluationDate
- value : 2021-12-06 23:10:09 +0000
For reference the certificate we are using has the following attributes:
- Signature algorithm:
sha384ECDSA - Public key:
ECC (384 bits)
We have done some research and found this notice regarding key sizes here: https://support.apple.com/en-au/HT210176
However as far we can tell that should only apply to RSA keys and not ECC. We're also not using these certificates for TLS connections.
We have done some further testing using OpenSSL and didn't run into any issues using these certificates, so we suspect this issue is specific to Apple's APIs.
Any advice would be appreciated.
Thanks!