Hi, I've noticed that the SFCertificatePanel is now displaying trust settings whereas it previous didn't. Further, the documentation explicitly states that it will not. This class displays certificate details, but not trust settings. To display a certificate with editable trust settings in a panel or sheet, use the SFCertificateTrustPanel class. To display certificates in a custom view, use the SFCertificateView class. https://developer.apple.com/documentation/securityinterface/sfcertificatepanel?language=objc Steps to reproduce: Load up a certificate object Show the panel Expected: The certificate details will be displayed, but the user will not be shown or be able to manipulate the trust settings Actual: The certificate details are displayed as well as Trust settings. More Information: I tested the same code on Mojave and Catalina. They match my expectations. However, on Big Sur 11.5 they don't. Is this a regression?

I'm not a cryptographer so please be patient with me :) I'm trying to figure out how the encryption/decryption happens in some of algorithms in SecKeyAlgorithm (for example kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM). I'm trying to find the answers for these questions: Is the output of the encryption is publickey + ciphertext + tag? (in that respected order) Is the tag in 1) == authentication tag (someone said that is GCM tag instead and I don't know what is the different). What is the expected error throws from Apple API if the tag validation failed in the decryption process? As the input of AES-GCM is 4 params: the secret key, IV (nonce), plain message, additional authentication data (AAD), how can developer supply all the params in the API SecKeyCreateEncryptedData as it's signature is: CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext,                         CFErrorRef *error) Thank you very much for the help! Hieu.

Since Apple is deprecating support for ACL on MacOS 10.15+, if we were to store private key - x509 cert in iOS style keychain using keychain access group, will Safari browser be able to recognize that and prompt for cert picker? Thanks, Peter

Hello, We have a kSecClassKey object and on MacOS, we have been setting the key non-extractable in the following manner, but many of the attributes seem to be deprecated. Is there a better/recommended way of doing this on MacOS for private keys on login keychain using newer keychain attributes? Thanks, Peter (ex: kSecKeyExtractable) Current legacy code on MacOS:   int attributeListSize = 1;   int attributeIndex = 0;   unsigned int falseValue = 0;   SecKeychainAttributeList privateKeyAttrList;   SecKeychainAttribute privateKeyKeyChainAttributes[attributeListSize];   privateKeyKeyChainAttributes[attributeIndex].tag = kSecKeyExtractable;   privateKeyKeyChainAttributes[attributeIndex].data = &falseValue;   privateKeyKeyChainAttributes[attributeIndex].length = sizeof(falseValue);   privateKeyAttrList.count = attributeListSize;   privateKeyAttrList.attr = privateKeyKeyChainAttributes;   OSStatus status = SecKeychainItemModifyAttributesAndData((SecKeychainItemRef) keyRef, &privateKeyAttrList, 0, NULL);   if (status != errSecSuccess)   {     NSString *errMessage = [NSString stringWithFormat: @"Failed to modify kSecKeyExtractable attribute for key, status: %d", status];     *error = [self buildNSErrorForDomain:errorDomain                  errorCode:keychainFailure                 errorMessage: errMessage               underlyingError:[NSError errorWithDomain:keychainErrorDomain code:status userInfo:nil]                 shouldRetry:false];   }

As usual crash is happening on newer version of iOS 15 Crash log Fatal Exception: NSInvalidArgumentException 0 CoreFoundation 0x1814dc05c __exceptionPreprocess 1 libobjc.A.dylib 0x1999f6f54 objc_exception_throw 2 CoreFoundation 0x181533190 __CFDictionaryCreateGeneric 3 Security 0x18a239674 SecKeyGetAlgorithmId 4 Security 0x18a2d53d0 SecKeyGetSignatureAlgorithmForPadding 5 Security 0x18a2d5328 SecKeyRawSign 6 App Name 0x100bc90f8 -[login privatekeytouch] + 1484 (CprLoginContrl.m:1484) 7 libdispatch.dylib 0x18114cc04 _dispatch_call_block_and_release 8 libdispatch.dylib 0x18114e950 _dispatch_client_callout 9 libdispatch.dylib 0x18115cd30 _dispatch_main_queue_callback_4CF 10 CoreFoundation 0x181494ce4 CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE 11 CoreFoundation 0x18144eebc __CFRunLoopRun 12 CoreFoundation 0x1814623c8 CFRunLoopRunSpecific 13 GraphicsServices 0x19cc7338c GSEventRunModal 14 UIKitCore 0x183e080bc -[UIApplication _run] 15 UIKitCore 0x183b85be8 UIApplicationMain 16 App Name 0x10079a7b8 main + 22 (main.m:22) 17 ??? 0x101639a24 (Missing) crashed during SecKeyRawSign, anything has changed on ios 15?