Extract Data from P8 file

Hi,


I am trying to extract the data from the P8 file to use it generate JWT.


I understand that it is possible using dumpasn1 and extracting the OCTET STRING section. This is great, and is definitely possible.


I was wondering if it was possible to do it on macOS using Apple's APIs (example SecItemImport), would make it simpler if it was possible all in the mac app.


I tried the following but it didn't work:


Error:

I got the OSStatus as -25257


Questions:

- Is there a way to do this using SecItemImport or any other Apple APIs as I am using it in a command line mac app ?

- Are the parameters to SecItemImport are incorrect ?

- Am down the wrong path? , any direction to the correct API would help.


What I tried with SecItemImport:

- Data extracted from the file

- Decoding the data from the file

- Some input formats


Many thanks.


import Foundation
import Security

func f1() {
    
    do {
        let fileURL = URL(fileURLWithPath: "some valid path");
        
        let data = try Data(contentsOf: fileURL)
        
        guard let string = String(data: data, encoding: .utf8) else {
            print("Failed to convert data to string")
            return
        }
        
        let b64Text = string
            .replacingOccurrences(of: "-----END PRIVATE KEY-----", with: "")
            .replacingOccurrences(of: "-----BEGIN PRIVATE KEY-----", with: "")
            .replacingOccurrences(of: "\n", with: "")
        
        guard let b64Data = b64Text.data(using: .utf8),
            let decodedData = Data(base64Encoded: b64Data) else {
            print("Was not b64 data")
            return
        }
        
        print(string)
        
        
        var outArray : CFArray?
        let filename : CFString? = nil
        var inputFormat = SecExternalFormat.formatUnknown
        var itemType = SecExternalItemType.itemTypePrivateKey
        let flags = SecItemImportExportFlags()
        
        //I tried data, b64Data, decodedData all seems to return an error
        let status = SecItemImport(decodedData as CFData,
                                   filename,
                                   &inputFormat,
                                   &itemType,
                                   flags,
                                   nil,
                                   nil,
                                   &outArray)
        
        //status = -25257
        
        print("status = \(status)")
        
        for element in (outArray as [AnyObject]?) ?? [] {
            
            print("element = \(element)")
        }
    }
    catch {
        print("Error: \(error)")
    }
}

f1()

Replies

I had a look at this today and wasn’t able to get this work. However, I also wasn’t able to rule this out either (

SecItemImport
looks like it can handle wrapped PKCS#8 keys, but I’m not sure about unwrapped ones. My recommendation is that you open a DTS tech support incident so that I can allocate the time to research this properly.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks a lot Quinn, I have raised a DTS incident for the same.

@newwbee Did you ever get resolution on this?
Ah, I remember that incident well. The short answer here is that many bugs were filed (r. 59424536, 59666816; FB7592665)-: The long answer depends on your target platform. Are you trying to do this on the Mac? Or on an iOS-based platform?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"