I am trying to export a private key the is generated with SecKeyGeneratePair as a encrypted PKCS8. It fails with a bad access using the new SecItemExport. Here is my code. It works just fine when I use the SecKeychainItemExport but that is depricated.
NSDictionary * privateKeyParameters = @{(id)kSecAttrIsPermanent:@YES,
(id)kSecAttrIsExtractable:@YES,
(id)kSecAttrCanDerive:@YES,
(id)kSecAttrCanDecrypt:@YES,
};
NSDictionary * publicKeyParameters = @{(id)kSecAttrIsPermanent:@YES,
(id)kSecAttrIsExtractable:@YES,
(id)kSecAttrCanEncrypt:@YES,
};
NSDictionary * parameters = @{(id)kSecAttrKeyType:(id)kSecAttrKeyTypeRSA,
(id)kSecAttrKeySizeInBits:@4096,
(id)kSecPrivateKeyAttrs:privateKeyParameters,
(id)kSecPublicKeyAttrs:publicKeyParameters
};
SecKeyRef publicKey;
SecKeyRef privateKey;
CFDataRef privateBytes = NULL;
if (SecKeyGeneratePair((__bridge CFDictionaryRef)parameters, &publicKey, &privateKey) == errSecSuccess) {
SecItemImportExportKeyParameters params;
params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
params.flags = kSecKeyNoAccessControl;
params.passphrase = CFSTR("Apass");
OSStatus err = SecItemExport(privateKey, kSecFormatWrappedPKCS8, 0, ¶ms, &privateBytes);
}