Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to establish a SecIdentityRef in an iPhone keychain ? (Without a .p12)

How do you create a SecIdentityRef in an iPhone keychain if 1) you already have the private key in the keychain and 2) you have just received the certificate from a CA?

SecPKCS12Import does not help in this case unless there is an API to create a .p12 from a private key and a certificate.

SecIdentityCreateWithCertificate would be the answer on the Mac but it does not exist on the iPhone.

Is it possible using SecItemAdd ? http://developer.apple.com/library/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html

many thanks, Andrew

like image 272
Andrew Avatar asked Nov 22 '10 01:11

Andrew


1 Answers

OK, to answer my own question:

On iOS the keychain will automatically bound the certificate to the private key. That means you only need to:

  1. Generate the key pair
  2. Get a certificate that matches the private key
  3. Insert the certificate into the keychain.

After this you should be able to get a SecIdentityRef for the certificate / private key.

IMPORTANT: SecItemAdd function allows you to insert the certificate data directly (NSData of the DER representation). This way you will be able to get a valid certificate reference, but not an identity ref.
The right way to insert the certificate is to first use the SecCertificateCreateWithData function over the DER bytes of the certificate. This will return a SecCertificateRef object which then should be used to persist the certificate into the keychain using the SecItemAdd function.

I hope this will make someone's life easier ;-)

Regards, Pece

like image 61
pmilosev Avatar answered Sep 23 '22 17:09

pmilosev