Exporting a Private Key with a passphrase

I am trying to export a private key the is generated with SecKeyGeneratePair as a encrypted PKCS8. It fails with a bad access using the new SecItemExport. Here is my code. It works just fine when I use the SecKeychainItemExport but that is depricated.


    NSDictionary * privateKeyParameters = @{(id)kSecAttrIsPermanent:@YES,
                                            (id)kSecAttrIsExtractable:@YES,
                                            (id)kSecAttrCanDerive:@YES,
                                            (id)kSecAttrCanDecrypt:@YES,
                                            };
  
    NSDictionary * publicKeyParameters = @{(id)kSecAttrIsPermanent:@YES,
                                           (id)kSecAttrIsExtractable:@YES,
                                           (id)kSecAttrCanEncrypt:@YES,
                                           };
  
    NSDictionary * parameters = @{(id)kSecAttrKeyType:(id)kSecAttrKeyTypeRSA,
                                  (id)kSecAttrKeySizeInBits:@4096,
                                  (id)kSecPrivateKeyAttrs:privateKeyParameters,
                                  (id)kSecPublicKeyAttrs:publicKeyParameters
                                  };
  
    SecKeyRef publicKey;
    SecKeyRef privateKey;
  
    CFDataRef privateBytes = NULL;
  
    if (SecKeyGeneratePair((__bridge CFDictionaryRef)parameters, &publicKey, &privateKey) == errSecSuccess) {
      
        SecItemImportExportKeyParameters params;
        params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
        params.flags = kSecKeyNoAccessControl;
        params.passphrase = CFSTR("Apass");
      
        OSStatus err = SecItemExport(privateKey, kSecFormatWrappedPKCS8, 0, &params, &privateBytes);
    }
Up vote post of loosegoose Down vote post of loosegoose
1.2k views
Posted by
loosegoose
Reply
Add a Comment

Accepted Reply

You’re not setting all the fields of the 

SecItemImportExportKeyParameters
structure. That structure contains various pointers; if those pointers contain junk values, that’d explain the crash.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

You’re not setting all the fields of the 

SecItemImportExportKeyParameters
structure. That structure contains various pointers; if those pointers contain junk values, that’d explain the crash.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Thats weird cause those other fields are optional so I didn't think it mattered but it did. Here is the parameters I had to use to prompt the user to enter a passphrase and export the key as a PKCS8 key in case anyone has the same issue I did.


SecItemImportExportKeyParameters params;
params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
params.flags = kSecKeySecurePassphrase;
params.passphrase = NULL;
params.alertTitle = CFSTR("Title");
params.alertPrompt = CFSTR("Prompt");
params.accessRef = NULL;
params.keyAttributes = NULL;
params.keyUsage = NULL;


Thank you for your help

Posted by
loosegoose
Up vote reply of loosegoose Down vote reply of loosegoose
Add a Comment