0 Replies
      Latest reply on Dec 27, 2017 7:02 AM by rx8
      rx8 Level 1 Level 1 (0 points)

        I have a key for a symmetric cipher in my "login keychain" on macOS 10.13.2. When I try to export this key as a "Certificate Bundle (.p7b)" using the “Keychain Access” application, I only get an NSAlert saying

         

        “An error has occurred. Unable to export an item.

        One or more parameters passed to a function were not valid.”

         

        Somewhat strange, since I cannot remember having passed a parameter to a function. If exporting the key as P7B is impossible, then “Keychain Access” should not offer this option. But we are not lost yet:

         

        When I try to export the key as “Privacy Enhanced Mail (.pem)”, this works , but when I try to import the key on another Mac under macOS 10.13.2, I get:

         

        “An error has occurred. Unable to import an item.

        The contents of this item are cannot be retrieved.”

         

        What is wrong with this key? Why can’t I transfer it from one computer to another one? Why can the “Keychain Access” application export it, but not import? This does not make sense to me, and some clarification would be appreciated very much.

         

        The keychain item attributes of my key are the following (from “security dump-keychain –a”):

         

        keychain: "/Users/jakob/Library/Keychains/login.keychain-db"

        version: 512

        class: 0x00000011

        attributes:

            0x00000000 <uint32>=0x00000011

            0x00000001 <blob>="Pix Cipher"

            0x00000002 <blob>=<NULL>

            0x00000003 <uint32>=0x00000001

            0x00000004 <uint32>=0x00000000

            0x00000005 <uint32>=0x00000000

            0x00000006 <blob>="2017-10-04 15:55:38 +0000"

            0x00000007 <blob>=<NULL>

            0x00000008 <blob>=0x7B38373139316361322D306663392D313164342D383439612D3030303530326235323132327D00 "{87191ca2-0fc9-11d4-849a-000502b52122}\000"

            0x00000009 <uint32>=0x80000001

            0x0000000A <uint32>=0x00000100

            0x0000000B <uint32>=0x00000100

            0x0000000C <blob>=0x0000000000000000

            0x0000000D <blob>=0x0000000000000000

            0x0000000E <uint32>=0x00000000

            0x0000000F <uint32>=0x00000000

            0x00000010 <uint32>=0x00000001

            0x00000011 <uint32>=0x00000000

            0x00000012 <uint32>=0x00000001

            0x00000013 <uint32>=0x00000001

            0x00000014 <uint32>=0x00000000

            0x00000015 <uint32>=0x00000000

            0x00000016 <uint32>=0x00000000

            0x00000017 <uint32>=0x00000000

            0x00000018 <uint32>=0x00000000

            0x00000019 <uint32>=0x00000000

            0x0000001A <uint32>=0x00000000

        access: 5 entries

            entry 0:

        authorizations (6): decrypt derive export_clear export_wrapped mac sign

        don't-require-password

                description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ

        applications (2):

                    0: /Users/jakob/Development/Pix/Pix.app (OK)

                    1: /Users/jakob/Library/Developer/Xcode/DerivedData/Pix-awdxlmdkgyyjspbogridcgeectag/Build/Products/Debug/Pix.app (status -67068)

            entry 1:

        authorizations (1): encrypt

        don't-require-password

        description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ

        applications: <null>

            entry 2:

        authorizations (1): integrity

        don't-require-password

                description: d425e5d9fbaa178f7e22551143fa6392ccc5ec5469f4dd5e77db047b40a9b857

        applications: <null>

            entry 3:

        authorizations (1): partition_id

        don't-require-password

        description: teamid:5LQRJW9462, teamid:5LQRJW9462

        applications: <null>

            entry 4:

        authorizations (1): change_acl

        don't-require-password

        description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ

        applications (0):

         

        (The line "0x00000010 <uint32>=0x00000001" probably means that the key is "extractable".)