I have an application developed in QT in C++ and using Objective-C++ (.mm) as the native language for compiling IOs.
In this application I need to access the configuration profiles installed on the iPhone (e.g. -> .pfx digital certificate) as I do successfully on MacOS using the keychain certificate.
I am using the following code to try to search for the certificate in my .mm file:
NSDictionary *query = @{
(id)kSecClass: (id)kSecClassCertificate,
(id)kSecMatchLimit: (id)kSecMatchLimitAll,
(id)kSecReturnRef: @YES,
};
CFTypeRef result = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)query, &result);
if (status == errSecSuccess) {
NSArray *response = (__bridge_transfer NSArray *)result;
for (id r in response) {
qDebug() << "ok";
}
} else {
qDebug() << "error certificate: " << status;
}
Running this code always returns: error certificate: -25300 (errSecItemNotFound). Even with configuration profiles installed on the iPhone, they are listed in the tab VPN Management and Device -> Configuration Profiles.
I would like to clarify some points such as:
-
Is it possible to access the certificates installed on the IOs, list them and use them in digital signatures as I have already done successfully on MacOS (using the <Security/Security.h> lib in C++)?
-
If it is possible, what would the code be like to list the installed configuration profiles and use their private key to sign the hash of a document?
-
Is there any further configuration needed in the project architecture? For example: In XCode, I went to target -> Capability -> I added the Keychain sharing capability.
Is it possible to access the certificates installed on the iOS … ?
No. If when you install credentials via a configuration profile, the system places them in an Apple-only keychain access group. There’s no way for third-party apps to access them.
This is documented, albeit in a very old doc, in QA1745 Making Certificates and Keys Available To Your App.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"