Hello,
I have implemented signing of PDF files with a SecIdentityRef. It works OK but the user has to import all the required identities and cerificates manually in our app. The user experience would be much better if I could access the identities and certificates that are installed on the device (Settings->General->Profile). Is there an API that provides access to them?
Is there an API that provides access to them?
No. This limitation is explained in QA1745 Making Certificates and Keys Available To Your App.
The user experience would be much better if I could access the identities and certificates that are installed on the device …
Are you primarily interested in users on managed devices? Or are you looking for a solution that applies on both managed and unmanaged devices?
The reason I ask is that I recommend that you file an enhancement request about this, but the nature of your enhancement request would depend on your target market:
For managed users you could imagine a way that the device manager could install an identity (via a configuration profile) such that the identity shows up in a specified keychain access group. That seems like a pretty reasonable and straightforward request to me.
OTOH, for unmanaged users you’d need wider access to the Apple ‘slice’ of the keychain, and doing this while maintaining platform security goạls is a lot more challenging.
Of course, there’s nothing to stop you filing two enhancement requests (-:
If you do file any bug reports here, please post the bug numbers, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Is there an API that provides access to them?
No. This limitation is explained in QA1745 Making Certificates and Keys Available To Your App.
The user experience would be much better if I could access the identities and certificates that are installed on the device …
Are you primarily interested in users on managed devices? Or are you looking for a solution that applies on both managed and unmanaged devices?
The reason I ask is that I recommend that you file an enhancement request about this, but the nature of your enhancement request would depend on your target market:
For managed users you could imagine a way that the device manager could install an identity (via a configuration profile) such that the identity shows up in a specified keychain access group. That seems like a pretty reasonable and straightforward request to me.
OTOH, for unmanaged users you’d need wider access to the Apple ‘slice’ of the keychain, and doing this while maintaining platform security goạls is a lot more challenging.
Of course, there’s nothing to stop you filing two enhancement requests (-:
If you do file any bug reports here, please post the bug numbers, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thanks for the info. I think we are interested in unmanaged users. We'll file an enhancement request if the management decides so. But the odds of getting this done don't seem promissing.