Post not yet marked as solved
My little Swift program on macOS 12.3.1 creates a cryptographic key for a symmetric cipher as follows:
let parameters = NSMutableDictionary()
var raw = 256
let num = CFNumberCreate(kCFAllocatorDefault, .sInt32Type, &raw)!
var optError: Unmanaged<CFError>?
parameters.setValue("Pix Cipher", forKey: kSecAttrLabel as String)
parameters.setValue(kSecAttrKeyTypeAES, forKey: kSecAttrKeyType as String)
parameters.setValue(num, forKey: kSecAttrKeySizeInBits as String)
parameters.setValue(kCFBooleanTrue, forKey: kSecAttrIsPermanent as String)
parameters.setValue(kCFBooleanTrue, forKey: kSecAttrCanEncrypt as String)
parameters.setValue(kCFBooleanTrue, forKey: kSecAttrCanDecrypt as String)
key = SecKeyGenerateSymmetric(parameters, &optError)
This key can be stored in the Key Chain and works fine for encryption and decryption. But when I want to export it using
var error: Unmanaged<CFError>?
let cfData = SecKeyCopyExternalRepresentation(key!, &error)
, this fails, with error set to something like
Error Domain=NSOSStatusErrorDomain Code=-4 "MacOS error: -4"
What does "MacOS error: -4" mean? (kCFMessagePortTransportError/kCSIdentityDeletedErr /unimpErr?) Why does SecKeyCopyExternalRepresentation not work? What is wrong with the key?
Kind regards,
Jakob
Post not yet marked as solved
I have a key for a symmetric cipher in my "login keychain" on macOS 10.13.2. When I try to export this key as a "Certificate Bundle (.p7b)" using the “Keychain Access” application, I only get an NSAlert saying“An error has occurred. Unable to export an item.One or more parameters passed to a function were not valid.”Somewhat strange, since I cannot remember having passed a parameter to a function. If exporting the key as P7B is impossible, then “Keychain Access” should not offer this option. But we are not lost yet:When I try to export the key as “Privacy Enhanced Mail (.pem)”, this works , but when I try to import the key on another Mac under macOS 10.13.2, I get:“An error has occurred. Unable to import an item.The contents of this item are cannot be retrieved.”What is wrong with this key? Why can’t I transfer it from one computer to another one? Why can the “Keychain Access” application export it, but not import? This does not make sense to me, and some clarification would be appreciated very much.The keychain item attributes of my key are the following (from “security dump-keychain –a”):keychain: "/Users/jakob/Library/Keychains/login.keychain-db"version: 512class: 0x00000011attributes: 0x00000000 <uint32>=0x00000011 0x00000001 <blob>="Pix Cipher" 0x00000002 <blob>=<NULL> 0x00000003 <uint32>=0x00000001 0x00000004 <uint32>=0x00000000 0x00000005 <uint32>=0x00000000 0x00000006 <blob>="2017-10-04 15:55:38 +0000" 0x00000007 <blob>=<NULL> 0x00000008 <blob>=0x7B38373139316361322D306663392D313164342D383439612D3030303530326235323132327D00 "{87191ca2-0fc9-11d4-849a-000502b52122}\000" 0x00000009 <uint32>=0x80000001 0x0000000A <uint32>=0x00000100 0x0000000B <uint32>=0x00000100 0x0000000C <blob>=0x0000000000000000 0x0000000D <blob>=0x0000000000000000 0x0000000E <uint32>=0x00000000 0x0000000F <uint32>=0x00000000 0x00000010 <uint32>=0x00000001 0x00000011 <uint32>=0x00000000 0x00000012 <uint32>=0x00000001 0x00000013 <uint32>=0x00000001 0x00000014 <uint32>=0x00000000 0x00000015 <uint32>=0x00000000 0x00000016 <uint32>=0x00000000 0x00000017 <uint32>=0x00000000 0x00000018 <uint32>=0x00000000 0x00000019 <uint32>=0x00000000 0x0000001A <uint32>=0x00000000access: 5 entries entry 0:authorizations (6): decrypt derive export_clear export_wrapped mac signdon't-require-password description: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ applications (2): 0: /Users/jakob/Development/Pix/Pix.app (OK) 1: /Users/jakob/Library/Developer/Xcode/DerivedData/Pix-awdxlmdkgyyjspbogridcgeectag/Build/Products/Debug/Pix.app (status -67068) entry 1:authorizations (1): encryptdon't-require-passworddescription: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ applications: <null> entry 2:authorizations (1): integritydon't-require-password description: d425e5d9fbaa178f7e22551143fa6392ccc5ec5469f4dd5e77db047b40a9b857applications: <null> entry 3:authorizations (1): partition_iddon't-require-passworddescription: teamid:5LQRJW9462, teamid:5LQRJW9462applications: <null> entry 4:authorizations (1): change_acldon't-require-passworddescription: .í2ô JC®ÏûGÑ–[1]d|Ò’jÿ applications (0):(The line "0x00000010 <uint32>=0x00000001" probably means that the key is "extractable".)
Post not yet marked as solved
I have a key for symmetric cryptography (AES, 256 bits) in my “login” keychain on macOS 10.12. The “Keychain Access” application is telling that the usage of this key is “encrypt, decrypt” and that all applications are allowed to access it without confirmation. A little Swift program of mine is able to retrieve this key from the keychain, using the function SecItemCopyMatching, but when it tries to use the key for encryption, in the following code, where key is the key and data some Data:var optError: Unmanaged<CFError>?
let cipher = SecEncryptTransformCreate(key, &optError)
if let error = optError {
throw CipherException(error.takeRetainedValue())
}
SecTransformSetAttribute(cipher, kSecPaddingKey, kSecPaddingPKCS7Key, &optError);
if let error = optError {
throw CipherException(error.takeRetainedValue())
}
var cfData = data as CFTypeRef
SecTransformSetAttribute(cipher, kSecTransformInputAttributeName, cfData, &optError);
if let error = optError {
throw CipherException(error.takeRetainedValue())
}
cfData = SecTransformExecute(cipher, &optError)
, it gets the error: The operation couldn’t be completed. (OSStatus error -2147416032 - CSSMERR_CSP_OPERATION_AUTH_DENIED).How is this possible? What authorization is denied and why? Could this be a bug in macOS? I could not find any useful information about this error in the Internet, and especially not in this forum, so any help is greatly appreciated.Maybe I should add that the key in question had been created by an earlier version of the same program. But when I try to use a new key with the same characteristics, I run into the same problem.
rx8.