5 Replies
      Latest reply on Jul 17, 2019 2:01 AM by chrsgrf
      sho@jp Level 1 Level 1 (0 points)

        hello, Im trying to use ClientCertificate at iOS app.

         

        First,I get PKCF#12 from web

         

        Second, I get SecIdentity using SecPKCF12import to store identity, And It's Success(get "0" in "status" and get SecIdentity in "identity")

        let options = [kSecImportExportPassphrase as String: password]
        let status = SecPKCS12Import(data!, options as CFDictionary, &rawItems)
        let identity = items[0][kSecImportItemIdentity as String] as! SecIdentity
        
        
        
        

         

        Then, store identity in keychain,and its Success(get "0" in "status" )

        query = [
            kSecClass as String:kSecClassIdentity,
            kSecValueRef as String:identity,
            kSecAttrLabel as String:"1234567890" as AnyObject
        ]
        let status = SecItemAdd(query as CFDictionary, nil)
        
        

         

        After that, I tried to get SecIdentity from keychain,but its Fail(get "-25300" in "status" )

        query = [
             kSecClass as String:kSecClassIdentity,
             kSecReturnRef as String:true as AnyObject,
             kSecAttrLabel as String:"1234567890" as AnyObject,
             kSecMatchLimit as String:kSecMatchLimitAll
        ]
        var result:AnyObject? = nil
        let status = SecItemCopyMatching(query as CFDictionary, &result)
        

         

        Why?

        Should I need to do something more?

         

        Sorry for showing only a part of source code.

        please give me advice..

        • Re: I can't get SecIdentity from Keychain
          eskimo Apple Staff Apple Staff (11,625 points)

          Using labels on an identity is tricky because identities are not stored in the keychain as an atomic item but are store as a separate private key and certificate, and those items use labels in different ways.  Have you tried using a persistence reference here?  That is:

          1. Pass kSecReturnPersistentRef to SecItemAdd when you add the identity to the keychain

          2. Save the persistent reference wherever

          3. Later on, when you need the identity back, call SecItemCopyMatching with that persistent reference

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"