kSecAttrIsPermanent not persisting RSA keypair

Privacy & Security General
cheydev OP
Created Mar ’23
Replies 3
Boosts 0
Views 457
Participants 2

Hello! I am trying to persist my RSA keypair generated with SecKeyCreateRandomKey. I am able to create the keypair with and retrieve the keys while the app is open:

var err: Unmanaged<CFError>?
let privateKeyAttr = [
    kSecClass: kSecClassKey,
    kSecAttrKeyType: kSecAttrKeyTypeRSA,
    kSecAttrKeySizeInBits: 2048,
    kSecPrivateKeyAttrs: [
     kSecAttrIsPermanent: true,
     kSecAttrApplicationTag: "tag"
    ]
  ] as CFDictionary
    
   guard let privateKey = SecKeyCreateRandomKey(privateKeyAttr, &err) else {
    return
   }

but when the app is killed and opened again, I am unable to retrieve the private key and SecItemCopyMatching returns -25300 errSecItemNotFound :

let storeAttr = [
   kSecClass: kSecClassKey,
   kSecAttrApplicationTag: "tag",
    
   kSecAttrKeyType: kSecAttrKeyTypeRSA,
  
   kSecReturnRef: true] as CFDictionary

var item: CFTypeRef?
  var key: SecKey
  let res = SecItemCopyMatching(storeAttr , &item)

  if (res == errSecSuccess) {
   return item as! SecKey
  } else {
   return nil
  }
Replies  3
Boosts  0
Views  457
Participants  2
DTS Engineer OP
Apple
Mar ’23

What platform is this on?

This matters because the keychain on macOS has lots of degrees of freedom. If you’re curious, see TN3137 On Mac keychain APIs and implementations.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
cheydev OP
Mar ’23

iOS

0
DTS Engineer OP
Apple
Mar ’23

kSecAttrApplicationTag is defined to be a data value, not a string. If you use Data("tag".utf8) does that help?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
kSecAttrIsPermanent not persisting RSA keypair
First post date Last post date
 
 
Q