Exporting a private key with SecKeychainItemExport

Tue, 06 Jul 2010 14:39:36 -0700 

I'm trying to export the private key part of a a Keychain identity. I 
invariably get status -25260, 
"Passphrase is required for import/export." That happens in the below whether 
or not I give kSecKeySecurePassphrase to have the user asked for the password 
or supply it myself. 

  CFDataRef exportedData;
  SecKeyImportExportParameters params;
  params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
  params.flags =   kSecKeyNoAccessControl;
  params.passphrase = (CFStringRef)(@"secsec");
  params.alertTitle = NULL;
  params.alertPrompt = NULL;
  
  status = SecKeychainItemExport(key,
                                 kSecFormatUnknown,
                                 0,
                                 &params,
                                 &exportedData);
  
I do actually have a key, which I confirm with this code:

  CSSM_KEY_PTR cssmKey;
  status = SecKeyGetCSSMKey(key, (const CSSM_KEY **)(&cssmKey));
  NSLog(@"get CSSM key %d\n", status);
  
  NSLog(@"blobtype = %d", cssmKey->KeyHeader.BlobType);
  NSLog(@"blob format = %d", cssmKey->KeyHeader.Format);
  NSLog(@"blob attr = %x", cssmKey->KeyHeader.KeyAttr);
  NSLog(@"blob usage = %x", cssmKey->KeyHeader.KeyUsage);
  
The BlobType is:
        CSSM_KEYBLOB_REFERENCE =                2, /* The blob is a reference 
to a key */
Format:
        CSSM_KEYBLOB_RAW_FORMAT_NONE =                  0,
        /* No further conversion need to be done */
Attributes:
        CSSM_KEYATTR_PERMANENT =                        0x00000001,
        CSSM_KEYATTR_SENSITIVE =                        0x00000008,
        CSSM_KEYATTR_EXTRACTABLE =                      0x00000020,
        /* Valid only in a key header generated by a CSP, not valid during an 
API call */
        CSSM_KEYATTR_ALWAYS_SENSITIVE =         0x00000010,
Usage: 
        CSSM_KEYUSE_ANY =                                       0x80000000,
        CSSM_KEYUSE_ENCRYPT =                           0x00000001,
        CSSM_KEYUSE_DECRYPT =                           0x00000002,
        CSSM_KEYUSE_SIGN =                                      0x00000004,
        CSSM_KEYUSE_VERIFY =                            0x00000008,
        CSSM_KEYUSE_SIGN_RECOVER =                      0x00000010,
        CSSM_KEYUSE_VERIFY_RECOVER =            0x00000020,
        CSSM_KEYUSE_WRAP =                                      0x00000040,
        CSSM_KEYUSE_UNWRAP =                            0x00000080,
        CSSM_KEYUSE_DERIVE =                            0x00000100

Any ideas?

-----
Brian Marick, independent consultant
Mostly on agile methods with a testing slant
Author of /Programming Cocoa with Ruby/
www.exampler.com, www.exampler.com/blog, www.twitter.com/marick

_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to