Function

SecKeyGeneratePair

Creates an asymmetric key pair.

Declaration

OSStatus SecKeyGeneratePair(CFDictionaryRef parameters, SecKeyRef  _Nullable *publicKey, SecKeyRef  _Nullable *privateKey);

Parameters

parameters

A dictionary of key-value pairs that specify the type of keys to be generated.

publicKey

On return, points to the keychain item object of the new public key. Call the CFRelease function to release this object when you are finished with it.

privateKey

On return, points to the keychain item object of the new private key. Call the CFRelease function to release this object when you are finished with it.

Return Value

Discussion

In order to generate a key pair, the dictionary passed in the parameters parameter must contain at least the following key-value pairs:

  • A kSecAttrKeyType key with a value of any key type defined in SecItem.h (see Keychain Services), for example, kSecAttrKeyTypeRSA.

  • A kSecAttrKeySizeInBits key with a value specifying the requested key size in bits. This can be specified as either a CFNumberRef or CFStringRef value. For example, RSA keys may have key size values of 512, 768, 1024, or 2048.

In addition, you can specify a number of other optional attributes for the public and private keys. The way you do this depends on whether you are writing code for macOS or iOS:

  • In macOS, add the key-value pairs to the parameters dictionary directly. The specified attributes are applied to both the public and private keys.

  • In iOS, add dictionaries for the keys kSecPublicKeyAttrs and kSecPrivateKeyAttrs to the parameters dictionary, and provide the attributes in those dictionaries. The attributes specified in these dictionaries are added to either the public or private key, respectively, allowing you to apply separate attributes to each key.

The possible attributes are as follows; for details on each attribute, see Keychain Services:

See Also

Legacy iOS Key Operations

SecKeyEncrypt

Encrypts a block of plaintext.

SecKeyDecrypt

Decrypts a block of ciphertext.

SecKeyRawSign

Generates a digital signature for a block of data.

SecKeyRawVerify

Verifies a digital signature.

SecPadding

The types of padding to use when you create or verify a digital signature.