Databases
StackOverflow2013
Postsdbo
PORetrieving keys from a custom system-wide keychain in Mac OS X 10.7+
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORetrieving keys from a custom system-wide keychain in Mac OS X 10.7+
    text
    copied!<p>I am working on an app for OSX Lion and onwards. The app has a root daemon process. I have created a system-wide keychain using "SecKeychainCreate" in /Library/Keychains which is accessible only by the daemon and wish to store generic keys in that keychain. Can anyone help me with retrieving generic keys from this keychain programmatically ? To add a key to the keychain, I used the "SecKeychainItemCreateFromContent" function as it accepts a SecKeychainRef parameter and passed kSecPublicKeyItemClass as the first parameter. Here is my code : </p> <pre><code>char *itemLabel = "Generic public key"; //Setting up the attribute vector (each attribute consists of {tag, length, pointer}): SecKeychainAttribute attrs[] = {kSecLabelItemAttr, strlen(itemLabel), itemLabel}; SecKeychainAttributeList attributes = { sizeof(attrs)/sizeof(attrs[0]), attrs }; //pubKey is the key (NSData) that I want to store, while tempKeyChain is my keychain status = SecKeychainItemCreateFromContent(kSecPublicKeyItemClass, &amp;attributes, [pubKey length],(__bridge const void *)pubKey, tempKeyChain, NULL, NULL); if (status != noErr) { NSString *error = (__bridge NSString *)SecCopyErrorMessageString(status, NULL); NSLog(@"Error in adding item to keychain : %@",error); return errSecUnimplemented; } </code></pre> <p>Now, to retrieve the key, there are two options - "SecKeychainSearchCreateFromAttributes" which is deprecated in OS X 10.7 and so is useless, or "SecItemCopyMatching". The former accepts a SecKeychainRef parameter while the latter does not. So, I manually set my search list using "SecKeychainSetSearchList" to include tempKeyChain, and then used "SecItemCopyMatching". Here is the code for that : </p> <pre><code>OSStatus status; SecKeychainRef defaultKeychain = nil; SecKeychainCopyDefault(&amp;defaultKeychain); NSArray *searchList = [NSArray arrayWithObjects:(__bridge id)defaultKeychain,tempKeyChain, nil]; OSStatus result = SecKeychainSetSearchList((__bridge CFArrayRef)searchList); if (result != noErr) { NSString *error = (__bridge NSString *)SecCopyErrorMessageString(result, NULL); NSLog(@"Error : %@",error); return errSecUnimplemented; } NSMutableDictionary *query = [[NSMutableDictionary alloc] init]; [query setObject:kSecClassKey forKey:(id)kSecClass]; [query setObject:@"Generic public key" forKey:kSecAttrLabel]; CFTypeRef items; status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &amp;items); return status; </code></pre> <p>This code always gives a status of "Item not found", even though my keychain is added to the search list alongwith the default search list.</p> <p>I would greatly appreciate any pointers on why this might be happening, or any other better ways to store and retrieve keys from a custom keychain. </p> <p>P.S - I do not want to store passwords, only keys (public and private). Could anyone guide me to some code or present a small code snippet explaining the same ? Thanks.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload