User Profile

I am having trouble creating a CSR to renew a SecIdentity whose private SecKey is stored in slot 9d of a smartcard. For slot 9a, I am able to accomplish this by way of SecKeyCreateSignature using CertificateSigningRequest from a gently-modified fork of swift-certificates/swift-crypto to sort out all the details. But for the SecKey associated with slot 9d, the Security framework instantly returns an "algorithm not supported by the key" error when I call SecKeyCreateSignature, without even prompting for a PIN. I believe the difference is that kSecAttrCanSign is true for slot 9a but false for slot 9d. The value makes some sense for day-to-day usage because this identity is usually not used for signing, but if we are to occasionally sign a CSR for this key an exception would need to be made. Is there any way to basically force this exception with the Security framework? Again the actual private key material is not available so the only access as far as I'm aware is via the enumerated SecKey reference. Is there any way to SecKeyCreateWithData a secondary reference to the same underlying (but unexportable!) key but with allowed-usage attributes of my own choosing?

I have two ODRecord objects in Swift, and am trying to see if one is a member of the other. I tried: func myIsMember_attempt1(_ r: ODRecord, ofGroup g: ODRecord) -> Bool? { do { let isM = try g.isMemberRecord(r)     // -> Constant 'isM' inferred to have type '()', which may be unexpected return isM; } catch { print("Error: \(error)") return nil; } } Despite the discussion of "Return value" at https://developer.apple.com/documentation/opendirectory/odrecord/1427975-ismemberrecord it appears the ODRecord.isMemberRecord() function does not return any value!? [I'm guessing due to the idiosyncratic implementation of the underlying BOOL-returning NSError-taking method on the Objective-C side?] So noticing there was also a ODRecordContainsMember function available, I tried: func myIsMember_attempt2(_ r: ODRecord, ofGroup g: ODRecord) -> Bool? { let isM = ODRecordContainsMember(        Unmanaged.passUnretained(g).toOpaque() as! ODRecordRef,        Unmanaged.passUnretained(r).toOpaque() as! ODRecordRef,        nil      )      // -> Treating a forced downcast to 'ODRecordRef' as optional will never produce 'nil' [??https://bugs.swift.org/browse/SR-4209]      // -> crashes when run…! return isM; } so it seems that an ODRecordRef isn't just the raw pointer of an ODRecord? Is there any chance of the ODRecord.isMemberRecord() method getting fixed in Swift? Is there any way to use ODRecordContainsMember from Swift in the meantime?