2 Replies
      Latest reply on Feb 9, 2020 4:25 PM by newwbee
      newwbee Level 1 Level 1 (0 points)



        I am trying to extract the data from the P8 file to use it generate JWT.


        I understand that it is possible using dumpasn1 and extracting the OCTET STRING section. This is great, and is definitely possible.


        I was wondering if it was possible to do it on macOS using Apple's APIs (example SecItemImport), would make it simpler if it was possible all in the mac app.


        I tried the following but it didn't work:



        I got the OSStatus as -25257



        - Is there a way to do this using SecItemImport or any other Apple APIs as I am using it in a command line mac app ?

        - Are the parameters to SecItemImport are incorrect ?

        - Am down the wrong path? , any direction to the correct API would help.


        What I tried with SecItemImport:

        - Data extracted from the file

        - Decoding the data from the file

        - Some input formats


        Many thanks.


        import Foundation
        import Security
        func f1() {
            do {
                let fileURL = URL(fileURLWithPath: "some valid path");
                let data = try Data(contentsOf: fileURL)
                guard let string = String(data: data, encoding: .utf8) else {
                    print("Failed to convert data to string")
                let b64Text = string
                    .replacingOccurrences(of: "-----END PRIVATE KEY-----", with: "")
                    .replacingOccurrences(of: "-----BEGIN PRIVATE KEY-----", with: "")
                    .replacingOccurrences(of: "\n", with: "")
                guard let b64Data = b64Text.data(using: .utf8),
                    let decodedData = Data(base64Encoded: b64Data) else {
                    print("Was not b64 data")
                var outArray : CFArray?
                let filename : CFString? = nil
                var inputFormat = SecExternalFormat.formatUnknown
                var itemType = SecExternalItemType.itemTypePrivateKey
                let flags = SecItemImportExportFlags()
                //I tried data, b64Data, decodedData all seems to return an error
                let status = SecItemImport(decodedData as CFData,
                //status = -25257
                print("status = \(status)")
                for element in (outArray as [AnyObject]?) ?? [] {
                    print("element = \(element)")
            catch {
                print("Error: \(error)")
        • Re: Extract Data from P8 file
          eskimo Apple Staff Apple Staff (13,125 points)

          I had a look at this today and wasn’t able to get this work.  However, I also wasn’t able to rule this out either (SecItemImport looks like it can handle wrapped PKCS#8 keys, but I’m not sure about unwrapped ones.  My recommendation is that you open a DTS tech support incident so that I can allocate the time to research this properly.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"