I have a key for a symmetric cipher in my "login keychain" on macOS 10.13.2. When I try to export this key as a "Certificate Bundle (.p7b)" using the “Keychain Access” application, I only get an NSAlert saying
“An error has occurred. Unable to export an item.
One or more parameters passed to a function were not valid.”
Somewhat strange, since I cannot remember having passed a parameter to a function. If exporting the key as P7B is impossible, then “Keychain Access” should not offer this option. But we are not lost yet:
When I try to export the key as “Privacy Enhanced Mail (.pem)”, this works , but when I try to import the key on another Mac under macOS 10.13.2, I get:
“An error has occurred. Unable to import an item.
The contents of this item are cannot be retrieved.”
What is wrong with this key? Why can’t I transfer it from one computer to another one? Why can the “Keychain Access” application export it, but not import? This does not make sense to me, and some clarification would be appreciated very much.
The keychain item attributes of my key are the following (from “security dump-keychain –a”):
keychain: "/Users/jakob/Library/Keychains/login.keychain-db"
version: 512
class: 0x00000011
attributes:
0x00000000 <uint32>=0x00000011
0x00000001 <blob>="Pix Cipher"
0x00000002 <blob>=<NULL>
0x00000003 <uint32>=0x00000001
0x00000004 <uint32>=0x00000000
0x00000005 <uint32>=0x00000000
0x00000006 <blob>="2017-10-04 15:55:38 +0000"
0x00000007 <blob>=<NULL>
0x00000008 <blob>=0x7B38373139316361322D306663392D313164342D383439612D3030303530326235323132327D00 "{87191ca2-0fc9-11d4-849a-000502b52122}\000"
0x00000009 <uint32>=0x80000001
0x0000000A <uint32>=0x00000100
0x0000000B <uint32>=0x00000100
0x0000000C <blob>=0x0000000000000000
0x0000000D <blob>=0x0000000000000000
0x0000000E <uint32>=0x00000000
0x0000000F <uint32>=0x00000000
0x00000010 <uint32>=0x00000001
0x00000011 <uint32>=0x00000000
0x00000012 <uint32>=0x00000001
0x00000013 <uint32>=0x00000001
0x00000014 <uint32>=0x00000000
0x00000015 <uint32>=0x00000000
0x00000016 <uint32>=0x00000000
0x00000017 <uint32>=0x00000000
0x00000018 <uint32>=0x00000000
0x00000019 <uint32>=0x00000000
0x0000001A <uint32>=0x00000000
access: 5 entries
entry 0:
authorizations (6): decrypt derive export_clear export_wrapped mac sign
don't-require-password
description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ
applications (2):
0: /Users/jakob/Development/Pix/Pix.app (OK)
1: /Users/jakob/Library/Developer/Xcode/DerivedData/Pix-awdxlmdkgyyjspbogridcgeectag/Build/Products/Debug/Pix.app (status -67068)
entry 1:
authorizations (1): encrypt
don't-require-password
description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ
applications: <null>
entry 2:
authorizations (1): integrity
don't-require-password
description: d425e5d9fbaa178f7e22551143fa6392ccc5ec5469f4dd5e77db047b40a9b857
applications: <null>
entry 3:
authorizations (1): partition_id
don't-require-password
description: teamid:5LQRJW9462, teamid:5LQRJW9462
applications: <null>
entry 4:
authorizations (1): change_acl
don't-require-password
description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ
applications (0):
(The line "0x00000010 <uint32>=0x00000001" probably means that the key is "extractable".)