6 Replies
      Latest reply on Mar 18, 2020 1:38 PM by meaton
      sho@jp Level 1 Level 1 (0 points)

        hello, Im trying to use ClientCertificate at iOS app.


        First,I get PKCF#12 from web


        Second, I get SecIdentity using SecPKCF12import to store identity, And It's Success(get "0" in "status" and get SecIdentity in "identity")

        let options = [kSecImportExportPassphrase as String: password]
        let status = SecPKCS12Import(data!, options as CFDictionary, &rawItems)
        let identity = items[0][kSecImportItemIdentity as String] as! SecIdentity


        Then, store identity in keychain,and its Success(get "0" in "status" )

        query = [
            kSecClass as String:kSecClassIdentity,
            kSecValueRef as String:identity,
            kSecAttrLabel as String:"1234567890" as AnyObject
        let status = SecItemAdd(query as CFDictionary, nil)


        After that, I tried to get SecIdentity from keychain,but its Fail(get "-25300" in "status" )

        query = [
             kSecClass as String:kSecClassIdentity,
             kSecReturnRef as String:true as AnyObject,
             kSecAttrLabel as String:"1234567890" as AnyObject,
             kSecMatchLimit as String:kSecMatchLimitAll
        var result:AnyObject? = nil
        let status = SecItemCopyMatching(query as CFDictionary, &result)



        Should I need to do something more?


        Sorry for showing only a part of source code.

        please give me advice..

        • Re: I can't get SecIdentity from Keychain
          eskimo Apple Staff Apple Staff (13,425 points)

          Using labels on an identity is tricky because identities are not stored in the keychain as an atomic item but are store as a separate private key and certificate, and those items use labels in different ways.  Have you tried using a persistence reference here?  That is:

          1. Pass kSecReturnPersistentRef to SecItemAdd when you add the identity to the keychain

          2. Save the persistent reference wherever

          3. Later on, when you need the identity back, call SecItemCopyMatching with that persistent reference

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"