Adding SecKeyRef, SecIdentityRefs to an OS X Keychain

There exists the handy SecCertificateAddToKeychain() function, which allows a developer to add "floating" certificates (e.g. SecCertificateRef instances generated by SecCertificateCreateWithData()) to a keychain.

Where are the equivalent functions for SecKeyRef and SecIdentityRef instances? There is SecKeychainItemImport(), but it's 开发者_如何学运维for importing raw data. There is also SecItemAdd(), but it's limited to adding passwords.

What am I missing?

SecItemAdd is quite capable of adding certificates and keys to a keychain; just set the kSecClass attribute to the item's class (e.g. kSecClassKey) and pass the item references in an array in the kSecUseItemList attribute.

The only caveat is that a single call to SecItemAdd can only add items of the same class; if you want to add a certificate and a key, you need to do it in two calls.

You don't need to explicitly create or add identities to a keychain; they are implicit constructs that are automatically created when both the certificate and its private key are available.