I have a private key in p12 which has empty passphrase set. Now when I'm trying to import this private key using SecPKCS12Import on OS X or iOS, I've got an error (equivalent on windows works).
- (NSError *)setClientIdentityCertificateFromPKCS12Data: (NSData *)PKCS12Data
withPassword: (NSString *)password
{
OSStatus securityError = errSecSuccess;
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { (__bridge CFStringRef)password };
CFDictionaryRef optionsDictionary = NULL;
optionsDictionary = CFDictionaryCreate( NULL, keys, values, (password?1:0), NULL, NULL);
CFArrayRef items = NULL; securityError = SecPKCS12Import((__bridge CFDataRef)PKCS12Data, optionsDictionary, &items);
I've tried different combinations when password is empty:
optionsDictionary = NULL
with no valuesoptionsDictionary
withoptionsDictionary
value for key@""
kSecImportExportPassphrase
it always ends with
securityError
not equal to errSecSuccess
. Respectively:
"Passphrase is required for import/export."securityError=-25260
"Passphrase is required for import/export."securityError=-25260
"MAC verification failed during PKCS12 import (wrong password?)"securityError=-25264
Now I'm Ok that it doesn't work. I understudy that
p12
without a password is a security threat, but If this is the reason why it doesn't work I need some documentation which states that. I've tried to google that without luck so far.I've also tried to import this file to OS X Keychain application with same result (invalid password), so this must be problem with
SecPKCS12Import
.Or maybe there is a way to overcome this problem?