I have a DER encoded digital certificate that comes from outside a keychain. I am trying to search the keychain for a matching private key.
I am able to parse the DER certificate and show all the values as follows:
CFErrorRef error = NULL;
CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, cert->der, cert->len, kCFAllocatorNull);
SecCertificateRef certref = SecCertificateCreateWithData(kCFAllocatorDefault, data);
CFDictionaryRef values = SecCertificateCopyValues(certref, NULL, &error);
CFShow(values);
I am able to search for keys in the keychain as follows:
CFTypeRef keys = NULL;
CFIndex count;
CFIndex i;
CFStringRef dictkeys[] = {
kSecClass,
kSecMatchLimit,
kSecReturnRef,
kSecReturnAttributes
};
CFTypeRef dictvalues[] = {
kSecClassKey,
kSecMatchLimitAll,
kCFBooleanTrue,
kCFBooleanTrue
};
CFDictionaryRef query = CFDictionaryCreate(
NULL,
(const void **) dictkeys,
dictvalues,
sizeof(dictkeys) / sizeof(dictkeys[0]),
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks
);
OSStatus err = SecItemCopyMatching(query, &keys);
Where I am stuck is how to join the two together.
What value from the certificate should I be extracting to allow a lookup for a link to the private key?
What parameter do I pass into SecItemCopyMatching to search for a matching private key?