I am generating a key pair using SecKeyGeneratePair() on iOS. I would like to get those keys (both public and private) onto another iOS device. I see two options for importing a public and private key on iOS.
1) Generate a PKCS12 blob, send it to the second device, and call SecPKCS12Import().
2) Use SecItemCopyMatching() to copy out the raw key data, bundle them up in my own format, then use SecItemAdd() on the second device to create a public and private key in the keychain.
The first option seems far preferable, but I can't find any way to export a PKCS12 blob. On OS X, SecItemExport() appears to support PKCS12 export, but that function does not exist on iOS.
The second option apparently doesn't work. I can't ever get `SecItemAdd()` to actually create a private RSA key object, no matter what parameters I pass in the dictionary. I always get back error -25353 ("errKCNoSuchAttr / errSecNoSuchAttr: / The attribute does not exist"). After fighting that challenge for a while, I eventually ran across this post in the old developer forums, which suggests that adding private keys via SecItemAdd() is not supported.
I'd love a third option, but I'm not seeing one. It seems like generating a PKCS12 blob is the right way to go, but as far as I can tell, the iOS system frameworks don't support that natively, and I can't see how to get enough information out of SecItemCopyMatching() to create a useful PKCS12 blob even if I pull in something like OpenSSL.
So yeah, if anyone has a way to make this work, I'd love to hear about it.