Adding SecKeyRef, SecIdentityRefs to an OS X Keychain
There exists the handy SecCertificateAddToKeychain()
function, which allows a developer to add "floating" certificates (e.g. SecCertificateRef
instances generated by SecCertificateCreateWithData()
) to a keychain.
Where are the equivalent functions for SecKeyRef
and SecIdentityRef
instances? There is SecKeychainItemImport()
, but it's 开发者_如何学运维for importing raw data. There is also SecItemAdd()
, but it's limited to adding passwords.
What am I missing?
SecItemAdd
is quite capable of adding certificates and keys to a keychain; just set the kSecClass
attribute to the item's class (e.g. kSecClassKey) and pass the item references in an array in the kSecUseItemList
attribute.
The only caveat is that a single call to SecItemAdd
can only add items of the same class; if you want to add a certificate and a key, you need to do it in two calls.
You don't need to explicitly create or add identities to a keychain; they are implicit constructs that are automatically created when both the certificate and its private key are available.
精彩评论