Put RSA private key in iPhone keychain using SecItemAdd

Question

I generated a private PKCS#12 key and then put it in PEM format, and sent it over to the iPhone app. I want to save this private key in the iPhone Keychain.

First, I removed the headers like "BEGIN RSA PRIVATE KEY". Then I converted the rest of it into NSData. Then, using code like this:

CFDictionaryRef issues in Swift

I was able to get a SecKeyRef from this private key.

Now I want to know how I can insert this SecKeyRef into the keychain using SecItemAdd?

like - https://github.com/kishikawakatsumi/KeychainAccess or https://github.com/soffes/SSKeychain — Sunil Sharma, Jun 16 '16 at 17:59
These libraries aren't that helpful, since I am trying to put a private Key, which is a PKCS12 converted NSData. I already converted it to SecKeyRef, just haven't figured out how to add a SecKeyRef, thats it. — hockeybro, Jun 16 '16 at 18:02
try to convert SecKeyRef to nsdata again and store in keychain — Sunil Sharma, Jun 16 '16 at 18:38

score 0 · Answer 1 · answered Jun 16 '16 at 19:55

Try to use this method to convert SecKeyRef to NSData

- (NSData *)getPublicKeyBitsFromKey:(SecKeyRef)givenKey {

    static const uint8_t publicKeyIdentifier[] = "com.your.company.publickey";
    NSData *publicTag = [[NSData alloc] initWithBytes:publicKeyIdentifier length:sizeof(publicKeyIdentifier)];

    OSStatus sanityCheck = noErr;
    NSData * publicKeyBits = nil;

    NSMutableDictionary * queryPublicKey = [[NSMutableDictionary alloc] init];
    [queryPublicKey setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
    [queryPublicKey setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
    [queryPublicKey setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];

    // Temporarily add key to the Keychain, return as data:
    NSMutableDictionary * attributes = [queryPublicKey mutableCopy];
    [attributes setObject:(__bridge id)givenKey forKey:(__bridge id)kSecValueRef];
    [attributes setObject:@YES forKey:(__bridge id)kSecReturnData];
    CFTypeRef result;
    sanityCheck = SecItemAdd((__bridge CFDictionaryRef) attributes, &result);
    if (sanityCheck == errSecSuccess) {
        publicKeyBits = CFBridgingRelease(result);

        // Remove from Keychain again:
        (void)SecItemDelete((__bridge CFDictionaryRef) queryPublicKey);
    }

    return publicKeyBits;
}

And then add it to keychain.
I hope this will solve your problem.

score 0 · Answer 2 · answered Sep 18 '16 at 18:14

0

This works for me:

Convert the private key to PKCS#8 format.
Strip header
Add to keychain

These two libs could help: Swift: https://github.com/btnguyen2k/swift-rsautils Obj-C: https://github.com/ideawu/Objective-C-RSA

answered Sep 18 '16 at 18:14

btnguyen

51
4

How do you convert the private key to PKCS#8? – raistlin Feb 21 '17 at 13:20

Put RSA private key in iPhone keychain using SecItemAdd

2 Answers2