Function

SecKeyCopyExternalRepresentation

Returns an external representation of the given key suitable for the key's type.

Declaration

CFDataRef SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef  _Nullable *error);

Parameters

key

The key to export.

error

The address of a CFErrorRef object. If an error occurs, this is set to point at an error instance that describes the failure.

Return Value

A data object representing the key in a format suitable for the key type or NULL on error. Call the CFRelease function to free the key's memory when you are done with it.

Discussion

The operation fails if the key is not exportable, for example if it is bound to a smart card or to the Secure Enclave. It also fails in macOS if the key has the attribute kSecKeyExtractable set to NO.

The method returns data in the PKCS #1 format for an RSA key. For an elliptic curve public key, the format follows the ANSI X9.63 standard using a byte string of 04 || X || Y. For an elliptic curve private key, the output is formatted as the public key concatenated with the big endian encoding of the secret scalar, or 04 || X || Y || K. All of these representations use constant size integers, including leading zeros as needed.

See Also

Import and Export

Storing Keys as Data

Create an external representation of a key for transmission.

SecKeyCreateWithData

Restores a key from an external representation of that key.