将私钥添加到iOS Keychain中 [英] Adding private key into iOS Keychain
问题描述
我正在尝试将私钥添加到iOS钥匙串中。证书(公钥)工作正常,但私钥拒绝...我完全搞砸为什么下面的代码不起作用。
I am trying to add a private key into the iOS keychain. The certificate (public key) works fine but the private key refuses... I am totally confused why the following code does not work.
首先我检查当前是否key(= Keychain是键/值存储时的键)在Keychain中是free。然后我将添加私钥。
First I am checking if the current key (=key in case of that the Keychain is a key/value store) is 'free' in the Keychain. Then I am going to add the private key.
CFStringRef labelstring = CFStringCreateWithCString(NULL, [key cStringUsingEncoding:NSUTF8StringEncoding], kCFStringEncodingUTF8);
NSArray* keys = [NSArray arrayWithObjects:(__bridge id)kSecClass,kSecAttrLabel,kSecReturnData,kSecAttrAccessible,nil];
NSArray* values = [NSArray arrayWithObjects:(__bridge id)kSecClassKey,labelstring,kCFBooleanTrue,kSecAttrAccessibleWhenUnlocked,nil];
NSMutableDictionary* searchdict = [NSMutableDictionary dictionaryWithObjects:values forKeys:keys];
CFRelease(labelstring);
NSMutableDictionary *query = searchdict;
CFTypeRef item = NULL;
OSStatus error = SecItemCopyMatching((__bridge_retained CFDictionaryRef) query, &item);
if (error)
{
NSLog(@"Error: %ld (statuscode)", error);
}
if(error != errSecItemNotFound)
{
SecItemDelete((__bridge_retained CFDictionaryRef) query);
}
[query setObject:(id)data forKey:(__bridge id)kSecValueData];
OSStatus status = SecItemAdd((__bridge_retained CFDictionaryRef) query, &item);
if(status)
{
NSLog(@"Keychain error occured: %ld (statuscode)", status);
return NO;
}
调试输出如下:
2012-07-26 15:33:03.772 App[15529:1b03] Error: -25300 (statuscode)
2012-07-26 15:33:11.195 App[15529:1b03] Keychain error occured: -25299 (statuscode)
第一个错误代码 -25300
表示 errSecItemNotFound
。因此,此密钥没有存储值。然后,当我尝试将私钥添加到Keychain中时,我得到 -25299
,这意味着 errSecDuplicateItem
。我不明白。为什么会发生这种情况?
The first error code -25300
represents errSecItemNotFound
. So there is no value stored for this key. Then, when I try to add the private key into the Keychain I get -25299
which means errSecDuplicateItem
. I do not understand this. Why is this happening?
有没有人对此有任何线索或暗示?
Does anyone have a clue or hint on this?
Apple的错误代码:
Apple's error codes:
errSecSuccess = 0, /* No error. */
errSecUnimplemented = -4, /* Function or operation not implemented. */
errSecParam = -50, /* One or more parameters passed to a function where not valid. */
errSecAllocate = -108, /* Failed to allocate memory. */
errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */
errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */
errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */
errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */
errSecDecode = -26275, /* Unable to decode the provided data. */
errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */
提前致谢!
更新#1:我发现它只是第一次有效。即使数据和密钥不同,在第一次存储到钥匙串后我也无法存储其他密钥。
推荐答案
以下代码适用于我:
NSMutableDictionary *query = [[NSMutableDictionary alloc] init];
[query setObject:(id)kSecClassKey forKey:(id)kSecClass];
[query setObject:(id)kSecAttrAccessibleWhenUnlocked forKey:(id)kSecAttrAccessible];
[query setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnData];
//adding access key
[query setObject:(id)key forKey:(id)kSecAttrApplicationTag];
//removing item if it exists
SecItemDelete((CFDictionaryRef)query);
//setting data (private key)
[query setObject:(id)data forKey:(id)kSecValueData];
CFTypeRef persistKey; OSStatus status = SecItemAdd((CFDictionaryRef)query, &persistKey);
if(status) {
NSLog(@"Keychain error occured: %ld (statuscode)", status);
return NO;
}
这篇关于将私钥添加到iOS Keychain中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!