Getting key data out of the keychain

Thu, 31 Dec 2015 02:02:27 -0800 

I want to encrypt something inside my OS X application: So I thought I'd store 
the key inside the keychain.

After a *lot* of reading and tinkering I finally managed to create a new AES 
key and get it back out again (as a SecKeyRef).

Now I want to use it with CCCrypt()

That expects raw key data, not a SecKeyRef.

I tried to get the data by asking the keychain for a data blob with 
kSecReturnData.

And I do get back a CFDataRef. But it is 96 Bytes, which strikes me as odd for 
a 128 bit key. And the actual bytes don't seem to change much between different 
keys.


A bit more information:

I create the key using SecKeyGenerateSymmetric() and that seems to work fine as 
the key shows up in Keychain Access.

I get the key data out of the keychain using SecItemCopyMatching() which also 
seems to work fine. It's just that the data returned is not what I was 
expecting. Also, I'm using Swift, and working with C-APIs is quite terrible. 
After some research I came up with this code to get at the reference returned 
by the SecItemCopyMatching():

                var temp: Unmanaged<AnyObject>?
                let status = withUnsafeMutablePointer(&temp) { 
SecItemCopyMatching(query, UnsafeMutablePointer($0)) }
                if status == errSecSuccess {
                        result = temp!.takeRetainedValue()
                }

As I said, that at least seems to work since I get the type of objects expected.
(A lot of seems, I realize. But clearly I'm missing something and I don't know 
what.)



So these are my questions:

I found a lot of code online that was promising, but nothing does quite what I 
need. Do I even have the right approach here?

Has anyone ever done this? Is there an easier method to get the actual bytes 
for an AES key out of a SecKeyRef?

Help!  :)


Andreas


_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to