开发者

Adding SecKeyRef, SecIdentityRefs to an OS X Keychain

There exists the handy SecCertificateAddToKeychain() function, which allows a developer to add "floating" certificates (e.g. SecCertificateRef instances generated by SecCertificateCreateWithData()) to a keychain.

Where are the equivalent functions for SecKeyRef and SecIdentityRef instances? There is SecKeychainItemImport(), but it's 开发者_如何学运维for importing raw data. There is also SecItemAdd(), but it's limited to adding passwords.

What am I missing?


SecItemAdd is quite capable of adding certificates and keys to a keychain; just set the kSecClass attribute to the item's class (e.g. kSecClassKey) and pass the item references in an array in the kSecUseItemList attribute.

The only caveat is that a single call to SecItemAdd can only add items of the same class; if you want to add a certificate and a key, you need to do it in two calls.

You don't need to explicitly create or add identities to a keychain; they are implicit constructs that are automatically created when both the certificate and its private key are available.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜