以编程方式从钥匙串Mac中删除私钥 [英] Delete Private key from keychain mac programmatically
问题描述
我有一个p12文件,例如带有一些密码的mycert.p12,我使用安全工具导入了该文件,并按预期将其正确安装在了钥匙串中,现在我正尝试从钥匙串中删除私人和公共物品,我可以删除公众使用带有安全工具的delete-certificate -Z,但私钥并未被删除,如何使用SecItemDelete删除此或任何可用的特殊脚本.
I have a p12 file , say mycert.p12 with some password , i import it using security tool and this properly install in keychain as expected , now i am trying to delete private and public entires from keychain , i am able to delete the public using delete-certificate -Z with security tool , but the private key does not get removed , how to use SecItemDelete to delete this or any special script available .
谢谢
推荐答案
您可以使用SecItemCopyMatching和SecKeychainItemDelete实现此目的.第一个搜索项目,第二个删除项目.
You can use SecItemCopyMatching and SecKeychainItemDelete to achieve this. First one makes a search for the items, second one deletes the items.
对于SecItemCopyMatching,您需要定义一个搜索字典,该字典定义要查找的项,例如,您可以使用要查找的钥匙的钥匙串名称.例如,我有一个名为"iPhone配置实用程序(8AE57ABA-8DCD-4A29-9013-07FB2AEDADCE)"的私钥.
For SecItemCopyMatching you need to define a search dictionary, which defines which item you want to find, for example you can use the keychain's name of the key you want to find. As an example i have a private key called "iPhone Configuration Utility (8AE57ABA-8DCD-4A29-9013-07FB2AEDADCE)".
要以编程方式删除此特殊私钥,可以使用以下代码段:
To delete this special private key programmatically you can use following code snippet:
NSMutableDictionary *query = [NSMutableDictionary new];
[query setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[query setObject:@"iPhone Configuration Utility (8AE57ABA-8DCD-4A29-9013-07FB2AEDADCE)" forKey:(__bridge id)kSecAttrLabel];
[query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnRef];
[query setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
CFTypeRef result = NULL;
OSStatus status = 0;
status = SecItemCopyMatching((__bridge CFDictionaryRef )query, &result);
NSLog(@"%@", SecCopyErrorMessageString(status, NULL));
SecKeychainItemDelete((SecKeychainItemRef)result);
字典中的第一个对象(组合键)定义您正在搜索私钥.如果要搜索证书,则可以使用KSecClassCertificate,或者如果要搜索密码,则可以使用KSecClassGenericPassword.
The first object,key combo in the dictionary defines that you are searching for a private key. If you are searching for a certificate you can use KSecClassCertificate or if you are searching for a password use KSecClassGenericPassword.
第二个代码使用KSecAttrLabel定义了钥匙串中项目的名称.
The second defines the name of the item in Keychain, with KSecAttrLabel.
SecItemCopyMatching返回对找到的项目的引用,3d定义了引用的类型,此处为SecKeychainItemRef,因为此类型需要SecKeychainItemDelete.
SecItemCopyMatching returns a reference to the found items, the 3d defines the type of the reference, here SecKeychainItemRef because this type needs SecKeychainItemDelete.
第4条定义您只需要一个匹配项,如果要所有匹配项,请使用KSecMatchLimitAll.
The 4th defines that you want only one match, if you want all matching items then use KSecMatchLimitAll.
然后调用SecItemCopyMatching,它返回对第一个与搜索词典匹配的项目的引用.
Then you call SecItemCopyMatching and it returns a reference to the first found item which matches the search dictionary.
SecCopyErrorMessageString向您显示一条错误消息,您可以在其中查看是否正确,然后显示无错误",或者,如果找不到该项目,则会显示一条"Item not found"消息,依此类推.
SecCopyErrorMessageString prints you an error message where you can see if it goes right, then it prints No Error, or if it couldn't find the item, then you get a Item not found message and so on.
最后,您使用找到的项目的引用调用SecKeychainItemDelete.
At last you call SecKeychainItemDelete with the reference to the found item.
您可以定义搜索词典,因为您可以搜索钥匙串中的每个项目,例如密码,互联网密码,证书等.如果您想更深入地了解Apple的钥匙串服务,请参阅:
You have many possibilities to define the search dictionary as you can search for every item in the keychain like passwords, internet passwords, certificates and so on. If you want to go deeper look at Apples keychain services reference:
希望这会有所帮助
这篇关于以编程方式从钥匙串Mac中删除私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
