User Profile

Hi,Is it possible to create an X.509 certificate using only the system security frameworks? Basically I would like to implement a CA locally.The docs say it's "possible to create X.509 certificates", quote: Certificate, Key, and Trust Services Certificate, Key, and Trust Services is a C API for managing certificates, public and private keys, symmetric keys, and trust policies in iOS and OS X. You can use these services in your app to:Create certificates and asymmetric keysBut in the reference docs all I can find is reading existing certificates from DER/PEM/PKCS#12 sources. I would like to avoid using OpenSSL to do this.Kind Regards,Alex

Hi, I'm extending a macOS app so that it can store a user secret in the keychain and protect it with TouchID (see code snippet below). In my case, SecItemAdd returns status -34018 ("A required entitlement isn't present"). I did some research on Stackoverflow and indeed the error goes away when I add the "Keychain Sharing" capability. The keychain-access-groups in the entitlements plist is actually empty, but it seems the entitlement is required. Is this really the case? My app does not require nor wish to share keychain items with other apps. Also I can not easily use this capability as the production app bundle is generated with a third-party tool (Install4j) and I have no control over the signing / entitlements process. Kind Regards Alex      let secretData = "this-is-a-secret".data(using: .utf8)!     let accessControl = SecAccessControlCreateWithFlags(       nil, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)     let addQuery: [String: Any] = [kSecClass as String: kSecClassGenericPassword,                     kSecAttrAccount as String: account,                     kSecAttrService as String: service,                     kSecAttrComment as String: "Some comment",                     kSecAttrAccessControl as String: accessControl,                     kSecValueData as String: secretData]     let status = SecItemAdd(addQuery as CFDictionary, nil) (I would have attached a zip file with the sample Xcode project but the web form does not allow it).

Hi folks I have a GUI application that handles PDFs, registered as a PDF Service in /Library/PDF Services. To be precise, the application is regular .app bundle that lives in /Applications/BlueConnect.app and is triggered by a shell script in /Libary/PDF Services, which passes the PDF file (received as the 3rd argument of the shell script) to it. #!/bin/sh This shell script is invoked by the OS X PDF Workflow (Save as PDF dialog) See: https://developer.apple.com/library/mac/documentation/Printing/Conceptual/PDF_Workflow/pdfwf_concepts/pdfwf_concepts.html /Applications/BlueConnect.app/Contents/MacOS/MyApp "$3" Starting with Big Sur, this no longer works. All I see is a bouncing app icon in the dock. The process was launched but is stalling. I see some console output which leads me to believe that this is some kind of execution context issue, specifically the error "On-demand launch of the Window Server is allowed for root user only". I tried to change the app invocation to use open -a /Applications/BlueConnect.app --args $3. The app then manages to start and display its UI, but does not receive the command-line argument, even though the shell script receives it (i verified this by writing it to a file). The same command issued on the terminal works just fine. I'm really stumped here. Any pointers would be greatly appreciated. Full console output of failed launch: default 09:31:19.608382+0100 BlueConnect Received configuration update from daemon (initial) default 09:31:19.609101+0100 BlueConnect CHECKIN: pid=59013 default 09:31:19.616003+0100 BlueConnect CHECKEDIN: pid=59013 asn=0x0-0x1e11e1 foreground=1 default 09:31:19.621531+0100 BlueConnect send_message_with_reply_sync(): user tccd unavailable, sending 0x7fd0aba047c0 to system tccd error 09:31:19.621735+0100 BlueConnect send_message_with_reply_sync(): XPC_ERROR_CONNECTION_INVALID for message 0x7fd0aba047c0 error 09:31:19.621762+0100 BlueConnect TCCAccessRequest_block_invoke: Connection invalid default 09:31:19.623208+0100 BlueConnect Set a breakpoint at SLSLogBreak to catch errors/faults as they are logged. error 09:31:19.623276+0100 BlueConnect On-demand launch of the Window Server is allowed for root user only. default 09:31:19.623327+0100 BlueConnect Failed to look up the port for "com.apple.windowserver.active" (1100) error 09:31:19.623486+0100 BlueConnect On-demand launch of the Window Server is allowed for root user only. default 09:31:19.623517+0100 BlueConnect Failed to look up the port for "com.apple.windowserver.active" (1100) error 09:31:19.623541+0100 BlueConnect This user is not allowed access to the window system right now. default 09:31:19.625154+0100 BlueConnect FRONTLOGGING: version 1 default 09:31:19.625233+0100 BlueConnect Registered, pid=59013 ASN=0x0,0x1e11e1 default 09:31:19.626504+0100 BlueConnect BringForward: pid=59013 asn=0x0-0x1e11e1 bringForward=0 foreground=1 uiElement=0 launchedByLS=0 modifiersCount=0 allDisabled=0 default 09:31:19.627356+0100 BlueConnect Current system appearance, (HLTB: 1), (SLS: 0) default 09:31:19.631583+0100 BlueConnect Post-registration system appearance: (HLTB: 1) error 09:31:19.633404+0100 BlueConnect 0 is not a valid connection ID. error 09:31:19.633435+0100 BlueConnect 0 is not a valid connection ID. error 09:31:19.636796+0100 BlueConnect 0 is not a valid connection ID. error 09:31:19.636847+0100 BlueConnect 0 is not a valid connection ID. error 09:31:19.636868+0100 BlueConnect 0 is not a valid connection ID. error 09:31:19.636888+0100 BlueConnect 0 is not a valid connection ID. error 09:31:19.637229+0100 BlueConnect 0 is not a valid connection ID. default 09:31:19.637274+0100 BlueConnect Invalid Connection ID 0 default 09:31:19.651163+0100 BlueConnect Registering for test daemon availability notify post. default 09:31:19.651298+0100 BlueConnect notify_get_state check indicated test daemon not ready. default 09:31:19.659281+0100 BlueConnect Failed to look up the port for "com.apple.windowserver.active" (1100) default 09:31:19.659451+0100 BlueConnect Failed to look up the port for "com.apple.windowserver.active" (1100)