The server would send a certificate in a .pem or .der format continaing the public key.
Yes. DER format would be easier because you can pass the data directly to
SecCertificateCreateWithData
.
My app would use the SecKey functions as shown in this document to save the key sent in that certificate to the keychain
You could do this but it's not required; you can get the public key from the certificate, even when it's not in the keychain, using
SecTrustCopyPublicKey
. I described how to do this in
this post on the old DevForums.
Note that putting a certificate or public key in the keychain is possible but rarely necessary and, in situations where it's optional, there's no benefit to it. The keychain is about storing secrets, and public keys aren't secret.
I'd sign my data using the public key I stored in the keychain.
Huh? When you sign data you're supposed to use the private key; that's the only way things make sense (the signature proves that someone with access to the private key signed the data).
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"