3 Replies
      Latest reply: Sep 14, 2016 2:26 AM by eskimo RSS
      Marek R Level 1 Level 1 (0 points)

        I have a private key in p12 which has empty passphrase set. Now when I'm trying to import this private key using SecPKCS12Import on OS X or iOS, I've got an error (equivalent on windows works).

        - (NSError *)setClientIdentityCertificateFromPKCS12Data: (NSData *)PKCS12Data 
                                                   withPassword: (NSString *)password
        {
             OSStatus securityError = errSecSuccess;
             const void *keys[] = { kSecImportExportPassphrase };
             const void *values[] = { (__bridge CFStringRef)password };
             CFDictionaryRef optionsDictionary = NULL;
             optionsDictionary = CFDictionaryCreate( NULL, keys, values, (password?1:0), NULL, NULL);
             CFArrayRef items = NULL; securityError = SecPKCS12Import((__bridge CFDataRef)PKCS12Data, optionsDictionary, &items);
        

        I've tried different combinations when password is empty:

        • optionsDictionary = NULL
        • optionsDictionary with no values
        • optionsDictionary with @"" value for key kSecImportExportPassphrase

          it always ends with securityError not equal to errSecSuccess. Respectively:

        • securityError=-25260 "Passphrase is required for import/export."
        • securityError=-25260 "Passphrase is required for import/export."
        • securityError=-25264 "MAC verification failed during PKCS12 import (wrong password?)"

         

        Now I'm Ok that it doesn't work. I understudy that p12 without a password is a security threat, but If this is the reason why it doesn't work I need some documentation which states that. I've tried to google that without luck so far.

        I've also tried to import this file to OS X Keychain application with same result (invalid password), so this must be problem with SecPKCS12Import.

        Or maybe there is a way to overcome this problem?