Swift SecPKCS12Import returns different results on iOS 11 and iOS 10

Question

Created Oct ’17

Replies 15

Boosts 0

Views 4.6k

Participants 3

This function takes as an argument Base64 encoded PKCS#12 certificate string which is then decoded and passed to SecPKCS12Import function. After update to iOS 11 the SecPKCS12Import, yields different results. The securityError returns 0 on both OS versions.

The certificate:

MIIKggIBAzCCCkgGCSqGSIb3DQEHAaCCCjkEggo1MIIKMTCCBL8GCSqGSIb3DQEHBqCCBLAwggSsAgEAMIIEpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIieilQ1n37C0CAggAgIIEeM9Zotux9eIou4f8n2XfZ1Wj2IQ7WDHAYl0t6p46DcE+CjVNlsQXlZXNEx14pDuFaEAqewfBaMsZygANbchG1gAHfzsQluCyZkNmIS9jNlPqMaMN5coXJsbbG9tLuyAcQsFAzf28AXUAGYClCffvUEsECnb4NlDnNcn8/xTooLxGSomGiwAooyOOJtxv9ijWCjQPZuRfVF+OibDNsRXiabv9F5m1UhMEwpHz4GCBVn5eCRVHr7VK+/ShhnPOGRnq6gbTXz7JM9LKTp7if+qIrTTSPJjyNgUpdcp6W+gjkGI0lWk+3sZPO+NPkVo5NnT0hMqt3Pu5KaidaVpGWVUYi0ep22U2utGvrqgCMtkNEakAfthtRNO9GqhrlgdMyRN4uGAXd5Wvi366hVK3uniyr2bI/bS+xJocY/zftqfN1hiDOItFLE2+/5z+tcLQAfrcnpFnOecE1Y5zfXg6KSZI535nL7mOwR0ZOyTakHikfglojkNqsZe1MRWj0RoaC265Tqs4ef3sJLRv57vZyaYknkOQAKbEgMV3EcN2/YQFVi1ivfHaTgbb1R/on2KQ4dD7bjy2krlCRensRUKo6flEjX+GuHTiiErIhJkcz7Bvj+xKRr7XEs6vTn18qXQAOoue4ZtlvCVP8pZUVdj9psvZU4fmLZEj0I334B8hrqIAMKxjHDfYCDr93y0PXQk4LuR5Bt0bnPaRDV0rwvMBWodvlzpwPdl9pRXcET0ek/xiYKU2dLw5nzI4Dbh7gWtHezVGpuy4HJznRiiqv0x/XeILY7+FIfEXTMVvx18G7czgS+MGIS46610R4mHqpF5RRaeyKd3xFfWdiHV9BKZeC2e/maRF4tEoYEE6L7GoqODvAuVi3M407q8xgALlwq4zfSdhEJXqqeB8QqTI/fa0DPG0s6Rn2mk/PUxV4uPzV1OHDNVFgp99KXhwhf8Ifel0cx3uUpxRthBs+9sJE0xKUFOsd5TyiNMJjXj5iN/RiJHYxt4Y081pJEVGqlaTASytiAbXzZJPLUztM3Hi9WZ9zOkL+ufOvznHWLVfvG1aiDtmPugLUQMn3LLoy6QwS8QdOP7Iw+mXtOZaw5NTcevyAmHoUY0qrmqrdACPDdkW9SlPC+BWeGWV7SoZxousoZxKrJYwMx+g8N8tJv1gi5zOD64lq/tD37XohY78rK8NAtoBhDdGBZFnTm+z3ooN3WrWzYB/NydiWSXpQ30CAwPw0M4DTHJJ91ipCyKJLprQFg3QUtSBHoU4M7rKEKeG7qOWdO//WSWoSnlU6Gs2iLADQYEk+dq0auKvccjbA/vIatObsiJn7ht/Wu50Y0BXQ23v6+epb+6wMztxVBWiymoHyJEs7jqgzMCe0eoN6COCcExGwmbhhX/EUkAK0CAZmx0yjHo0JeOTyy+PQfQvHVIK/zWgDKb+f/kd59W0wRp884HPfoEk8/H4rFrds60WRUCk0VYBzAvEyuzBreeJqBvDMzYu+trwqD9v9OX726rBs92GI70tbImYQSkeYQgwggVqBgkqhkiG9w0BBwGgggVbBIIFVzCCBVMwggVPBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIkADSKx7S7iICAggABIIEyOH5KgUpUBrfLqRNa+f9DrKqMeXT5ajkLNiip/SAeG/jE1aBO4hnfbmvyR5CshHtcEavGlenHWgH4Wd1FdxvZt4ItcEefZvoUzoisBKp+2+N2x5gK2+Ga9Plu90e0ckp95jBXbPBXroYeZTxtTgR2IRzP2UdVMukaaRduWazQwJ3OOMX+hteIWTHLac3u/5QThy2hH/2bT183TaUUK3Ic81eVxUdkFeKyqUkeD/SCmeqeT+6qFlsu6pNzk6LWpNevECSD5Skv71HNXti8ez4klJf/YweTWfGd4L4v9zgno3Bf2OYSRb4fMbwy2W/2yW59BHI7I3cImhy92pnhOKjW1eqDZlIPM+CsQpPC0BabCC3xe8TvVI+tCOdxzUcI4IcJ52lM2I/SN7JZgVvPM//82RrmqVNyFvitbSL+EahX1neJd/BDY3WUIWmR1WiehP0Ef/lptFLJURF46KxuCg2yGwY57WXCLAMsa918deFB9VTWTG0Nedn1fzp4HXLI4QdTcKwHhNwbw/k3gC3sypHPil9kR7ZsdaU99mvK7PER5q1VQJp+zz6zJnO657jzZoUcopjVE0XOWNpssVO2czmF9cGyd3sJFzzdsXFQ5iVEHFKbFNfyo2FLUZl9OSc/NK6mOqSfJbeOoK7meDVYyr6pyMArpba+bAIgcAC2RIFj7nGl6whJZepYJh0gf3NQaswLBHS/3X1hme+2cMxwpKr4/8MJNpIvyLmS6un+LVSJXgAKm44EG7b9cBaJbgTPIaBcgV+hM8vUedpkiaLBC6aiGpec0NH3QOv08XgujN5ezjlKx9i1ubp+Gro4T3xhEioznSIvXE5C9t4fGNgnWVIrvDthxILXVsjdnbRQAlEqERy7TJxcfxXNMC45BVtEM25CAovFvzrtjCxM0RC/yqhjH7AHpRc+V4b6AG0TYpCrncNtsHmd7/zZS+3nBdJplQtIc/YN9BTDABPEWPzvejk4WL+3NvmKoPKJ9aTeVRL9jrQblRqQVe1iWdF39t8qxI9EyHNjmQihT+fvDZVk3j0Wxio/NJ85dTj4PD5QA6+plaWHpzyAXsou9GCEYQvE7dRWeIptvnrGtqkPefag/liTXEZ0fMhWpWmREmnkUvAlagsvXhLZ7EvhTYrjzE9EJ8zq1ecbSvLe44TCn1xGUPq3/9k6C3yV0NFmYRaQiByf6u53nIXM9qXyl+mqJLkbzbfkt7dpVV6eZq/RAFIquEtGtfQTTm1AOWm55fQOFzNrdDBLuKuHhv/R7nPHifd3kbIUH1m//1dr9u0GN0H7jWlJdshIQzfBBNhpSVFvVBLgk2uKTI3n7Z0X58j6YtNg7Gk0krix+lYV9HreXyhxLWQ2LgEK7LoItR2fbgLYa+m+c0iisd98SZkybecDvRNOIRZcckX1K6SeFgbKT5ngV2Q6jKp/GasmnVQOz3Vng/HYToWNGG8v92pNhNi/A1m82XX8M7MB8p9BWldVdC8ory86igQGipchzeqK0XdShK7c2uaeedRcZ0ZfHqbQIA8uUcShafimhhAf4PEA5h6nwI1WWoLvENGKWxrllqbhs7ezIQIhkvXy7fMfqiP+eOkpm7H2mwYDlllqTpZHJWj95b+x8j3UxWsjdURYDFOMCMGCSqGSIb3DQEJFTEWBBQoXRLkuOKg1bikO/YIJI3hPA7vozAnBgkqhkiG9w0BCRQxGh4YAEMAWgAxADIAMQAyADEAMgAxADIAMQA4MDEwITAJBgUrDgMCGgUABBQpr8DOi/yQS+0JYAsB583N0+yhBwQIKcvN+NW6BA8CAggADQo=

Password: "eet"

  let securityError: OSStatus = SecPKCS12Import(decodedData!, options, &items)

Returns list of 0 items. Whereas on iOS 10 I get 1 item in the array.

    func certificateFromCertificate(certP12: String, psswd: String) -> SecCertificate {
        let decodedData = NSData(base64Encoded: certP12, options:NSData.Base64DecodingOptions(rawValue: 0))

        let keytmp : NSString = kSecImportExportPassphrase as NSString
        let options : NSDictionary = [keytmp : psswd]

        var certificateRef: SecCertificate? = nil

        var items : CFArray?

        let securityError: OSStatus = SecPKCS12Import(decodedData!, options, &items)

        let theArray: CFArray = items!
        if securityError == noErr && CFArrayGetCount(theArray) > 0 {
            let newArray = theArray as [AnyObject] as NSArray
            let dictionary = newArray.object(at: 0)
            let secIdentity = (dictionary as AnyObject)[kSecImportItemIdentity as String] as! SecIdentity
            let securityError = SecIdentityCopyCertificate(secIdentity , &certificateRef)
            if securityError != noErr {
                certificateRef = nil
            }
        }

        certificate = certificateRef

        return certificateRef!
    }

The is a post on https://forums.developer.apple.com/thread/82373 saying that SecPKCS12Import implemented automatic conversion from Base64. This would mean I should decode plain certificate prior passing it to the function. Can this be the issue?

Development environment:

Programming language: Swift 3

Debug device: Apple iPad mini Retina Wi-Fi 32GB ME280SL/A

Development device: iMAC mini Xcode version 9.0 9A235

Boost

Answer 1

DTS Engineer OP

Apple

Oct ’17

This function extracts data from Base64 PKCS#12 certificate string.

SecPKCS12Import

was never documented to support Base64 data. If you have PKCS#12 data that’s Base64 encoded, you should decode it before passing it to

SecPKCS12Import

. You can do this using the various methods on

Data

.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

mareksip OP

Oct ’17

Hello @eskimo. I have updaded my question to be more precise,

This function takes as an argument Base64 encoded PKCS#12 certificate string which is then decoded and passed to SecPKCS12Import function. After update to iOS 11 the SecPKCS12Import, yields different results.

I pass decoded certificate string to SecPKCS12Import function.

Reards,

Marek

0

Answer 3

Evertson90 OP

Oct ’17

@mareksip did you manage to figure this out? I am facing the same problem since iOS 11. This is the code:

            NSString *clientCertificate = [arguments objectForKey:MESSAGE_CLIENT_IDENTITY];
            NSData *clientIdentityData = [[NSData alloc] initWithBase64EncodedString:clientCertificate options:NSDataBase64DecodingIgnoreUnknownCharacters];
           
            CFStringRef password = CFSTR("<<some password>>");
            const void *keys[] = { kSecImportExportPassphrase };
            const void *values[] = { password };
            CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
           
            CFArrayRef imported = NULL;
   
            OSStatus status = SecPKCS12Import((__bridge CFDataRef)clientIdentityData, options, &imported);
            if (status != 0) {
                NSLog(@"Error! %d", status);
                [self sendErrorCallbackWithMessage:@"PKCS12 is not valid" toCallback:command.callbackId shouldRetain:NO];
                return;
            }

The *clientCertificate contains a base64 string. This is decoded and stored in *clientIdentityData. The SecPKCS12Import returns status 0 with an empty list. In iOS 11 it used to return status 0 with a singleton list.

0

Answer 4

mareksip OP

Oct ’17

@Evertson90 not yet, I will update this thread once I figure out what is going on.

0

Answer 5

Evertson90 OP

Oct ’17

In my case, the pkcs12 was stored in local storage in iOS 10. When retrieving the pkcs12 from local storage in iOS 11, the SecPKCS12Import function suddenly returns 0 results. If i reinstall the app and store the pkcs12 in iOS 11, then it works (returning 1 dictionary). However, this is not an acceptable solution as it would require us to ask all users to reinstall the app.

@mareksip Do you also have a similar situation? Or does yours simply not work at all in iOS 11?

0

Answer 6

DTS Engineer OP

Apple

Oct ’17

@mareksip and @Evertson90, if you post:

A hex dump of some data you’re passing to
```
SecPKCS12Import
```
The associated password

I’ll take a look and see what I can see. Two things:

Post a test PKCS#12, not anything secret

The easiest way to get a hex dump is to call:

NSLog(@"%@", data);             // Objective-C
NSLog("%@", data as NSData)     // Swift

-

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 7

mareksip OP

Oct ’17

Hello @eskimo, I was unable to log whole certificate so I am passing whole string encoded in Base64.

MIIKggIBAzCCCkgGCSqGSIb3DQEHAaCCCjkEggo1MIIKMTCCBL8GCSqGSIb3DQEHBqCCBLAwggSsAgEAMIIEpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIieilQ1n37C0CAggAgIIEeM9Zotux9eIou4f8n2XfZ1Wj2IQ7WDHAYl0t6p46DcE+CjVNlsQXlZXNEx14pDuFaEAqewfBaMsZygANbchG1gAHfzsQluCyZkNmIS9jNlPqMaMN5coXJsbbG9tLuyAcQsFAzf28AXUAGYClCffvUEsECnb4NlDnNcn8/xTooLxGSomGiwAooyOOJtxv9ijWCjQPZuRfVF+OibDNsRXiabv9F5m1UhMEwpHz4GCBVn5eCRVHr7VK+/ShhnPOGRnq6gbTXz7JM9LKTp7if+qIrTTSPJjyNgUpdcp6W+gjkGI0lWk+3sZPO+NPkVo5NnT0hMqt3Pu5KaidaVpGWVUYi0ep22U2utGvrqgCMtkNEakAfthtRNO9GqhrlgdMyRN4uGAXd5Wvi366hVK3uniyr2bI/bS+xJocY/zftqfN1hiDOItFLE2+/5z+tcLQAfrcnpFnOecE1Y5zfXg6KSZI535nL7mOwR0ZOyTakHikfglojkNqsZe1MRWj0RoaC265Tqs4ef3sJLRv57vZyaYknkOQAKbEgMV3EcN2/YQFVi1ivfHaTgbb1R/on2KQ4dD7bjy2krlCRensRUKo6flEjX+GuHTiiErIhJkcz7Bvj+xKRr7XEs6vTn18qXQAOoue4ZtlvCVP8pZUVdj9psvZU4fmLZEj0I334B8hrqIAMKxjHDfYCDr93y0PXQk4LuR5Bt0bnPaRDV0rwvMBWodvlzpwPdl9pRXcET0ek/xiYKU2dLw5nzI4Dbh7gWtHezVGpuy4HJznRiiqv0x/XeILY7+FIfEXTMVvx18G7czgS+MGIS46610R4mHqpF5RRaeyKd3xFfWdiHV9BKZeC2e/maRF4tEoYEE6L7GoqODvAuVi3M407q8xgALlwq4zfSdhEJXqqeB8QqTI/fa0DPG0s6Rn2mk/PUxV4uPzV1OHDNVFgp99KXhwhf8Ifel0cx3uUpxRthBs+9sJE0xKUFOsd5TyiNMJjXj5iN/RiJHYxt4Y081pJEVGqlaTASytiAbXzZJPLUztM3Hi9WZ9zOkL+ufOvznHWLVfvG1aiDtmPugLUQMn3LLoy6QwS8QdOP7Iw+mXtOZaw5NTcevyAmHoUY0qrmqrdACPDdkW9SlPC+BWeGWV7SoZxousoZxKrJYwMx+g8N8tJv1gi5zOD64lq/tD37XohY78rK8NAtoBhDdGBZFnTm+z3ooN3WrWzYB/NydiWSXpQ30CAwPw0M4DTHJJ91ipCyKJLprQFg3QUtSBHoU4M7rKEKeG7qOWdO//WSWoSnlU6Gs2iLADQYEk+dq0auKvccjbA/vIatObsiJn7ht/Wu50Y0BXQ23v6+epb+6wMztxVBWiymoHyJEs7jqgzMCe0eoN6COCcExGwmbhhX/EUkAK0CAZmx0yjHo0JeOTyy+PQfQvHVIK/zWgDKb+f/kd59W0wRp884HPfoEk8/H4rFrds60WRUCk0VYBzAvEyuzBreeJqBvDMzYu+trwqD9v9OX726rBs92GI70tbImYQSkeYQgwggVqBgkqhkiG9w0BBwGgggVbBIIFVzCCBVMwggVPBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIkADSKx7S7iICAggABIIEyOH5KgUpUBrfLqRNa+f9DrKqMeXT5ajkLNiip/SAeG/jE1aBO4hnfbmvyR5CshHtcEavGlenHWgH4Wd1FdxvZt4ItcEefZvoUzoisBKp+2+N2x5gK2+Ga9Plu90e0ckp95jBXbPBXroYeZTxtTgR2IRzP2UdVMukaaRduWazQwJ3OOMX+hteIWTHLac3u/5QThy2hH/2bT183TaUUK3Ic81eVxUdkFeKyqUkeD/SCmeqeT+6qFlsu6pNzk6LWpNevECSD5Skv71HNXti8ez4klJf/YweTWfGd4L4v9zgno3Bf2OYSRb4fMbwy2W/2yW59BHI7I3cImhy92pnhOKjW1eqDZlIPM+CsQpPC0BabCC3xe8TvVI+tCOdxzUcI4IcJ52lM2I/SN7JZgVvPM//82RrmqVNyFvitbSL+EahX1neJd/BDY3WUIWmR1WiehP0Ef/lptFLJURF46KxuCg2yGwY57WXCLAMsa918deFB9VTWTG0Nedn1fzp4HXLI4QdTcKwHhNwbw/k3gC3sypHPil9kR7ZsdaU99mvK7PER5q1VQJp+zz6zJnO657jzZoUcopjVE0XOWNpssVO2czmF9cGyd3sJFzzdsXFQ5iVEHFKbFNfyo2FLUZl9OSc/NK6mOqSfJbeOoK7meDVYyr6pyMArpba+bAIgcAC2RIFj7nGl6whJZepYJh0gf3NQaswLBHS/3X1hme+2cMxwpKr4/8MJNpIvyLmS6un+LVSJXgAKm44EG7b9cBaJbgTPIaBcgV+hM8vUedpkiaLBC6aiGpec0NH3QOv08XgujN5ezjlKx9i1ubp+Gro4T3xhEioznSIvXE5C9t4fGNgnWVIrvDthxILXVsjdnbRQAlEqERy7TJxcfxXNMC45BVtEM25CAovFvzrtjCxM0RC/yqhjH7AHpRc+V4b6AG0TYpCrncNtsHmd7/zZS+3nBdJplQtIc/YN9BTDABPEWPzvejk4WL+3NvmKoPKJ9aTeVRL9jrQblRqQVe1iWdF39t8qxI9EyHNjmQihT+fvDZVk3j0Wxio/NJ85dTj4PD5QA6+plaWHpzyAXsou9GCEYQvE7dRWeIptvnrGtqkPefag/liTXEZ0fMhWpWmREmnkUvAlagsvXhLZ7EvhTYrjzE9EJ8zq1ecbSvLe44TCn1xGUPq3/9k6C3yV0NFmYRaQiByf6u53nIXM9qXyl+mqJLkbzbfkt7dpVV6eZq/RAFIquEtGtfQTTm1AOWm55fQOFzNrdDBLuKuHhv/R7nPHifd3kbIUH1m//1dr9u0GN0H7jWlJdshIQzfBBNhpSVFvVBLgk2uKTI3n7Z0X58j6YtNg7Gk0krix+lYV9HreXyhxLWQ2LgEK7LoItR2fbgLYa+m+c0iisd98SZkybecDvRNOIRZcckX1K6SeFgbKT5ngV2Q6jKp/GasmnVQOz3Vng/HYToWNGG8v92pNhNi/A1m82XX8M7MB8p9BWldVdC8ory86igQGipchzeqK0XdShK7c2uaeedRcZ0ZfHqbQIA8uUcShafimhhAf4PEA5h6nwI1WWoLvENGKWxrllqbhs7ezIQIhkvXy7fMfqiP+eOkpm7H2mwYDlllqTpZHJWj95b+x8j3UxWsjdURYDFOMCMGCSqGSIb3DQEJFTEWBBQoXRLkuOKg1bikO/YIJI3hPA7vozAnBgkqhkiG9w0BCRQxGh4YAEMAWgAxADIAMQAyADEAMgAxADIAMQA4MDEwITAJBgUrDgMCGgUABBQpr8DOi/yQS+0JYAsB583N0+yhBwQIKcvN+NW6BA8CAggADQo=

Certificate password is: "eet".

@Evertson90 I am loading the certificate from internal storage and saving the Base64 content. Then decoding each time I need to do digital signature.

0

Answer 8

DTS Engineer OP

Apple

Oct ’17

Hmmmm. On the Mac I put your Base-64 into a file and then decoded it as a PKCS12:

$ base64 -D < tmp.b64 > tmp.p12

I then imported the

.p12

into Keychain Access and it looks reasonable enough. So your data looks generally OK.

I then added the

.p12

to a test project and imported it programmatically with the following code:

let pkcs12URL = Bundle.main.url(forResource: "tmp", withExtension: "p12")!
let pkcs12Data = try! Data(contentsOf: pkcs12URL)

var importResult: CFArray? = nil
let err = SecPKCS12Import(
    pkcs12Data as NSData,
    [kSecImportExportPassphrase as String: "eet"] as NSDictionary,
    &importResult
)
print(err)
print(importResult)

This printed:

2017-10-23 10:19:18.794415+0100 xxsi[5412:556594] error: 0
2017-10-23 10:19:18.797754+0100 xxsi[5412:556594] importResult: Optional(
    <__NSArrayM 0x600000058420>({
        chain = (
            "<cert(0x7fc48780f820) s: CZ1212121218 i: GFR EET test CA 1>"
        );
        identity = "<SecIdentityRef: 0x600000234b40>";
        trust = "<SecTrustRef: 0x600000111af0>";
    })
)

Note I’ve changed the whitespace to make is easier to parse the string that

NSLog

prints for

importResult

.

This looks right to me, that is, you get

errSecSuccess

and an array containing a single dictionary that includes the

SecIdentity

and so on.

I then took the code you originally posted and rewrote it along the lines I’ve outlined above, resulting in this:

func certificateFromCertificate(certP12: String, psswd: String) -> SecCertificate? {
    guard let pkcs12Data = Data.init(base64Encoded: certP12) else {
        return nil
    }
    var importResult: CFArray? = nil
    let err = SecPKCS12Import(
        pkcs12Data as NSData,
        [kSecImportExportPassphrase as String: psswd] as NSDictionary,
        &importResult
    )
    guard err == errSecSuccess else {
        return nil
    }
    let importItems = importResult! as! [[String:Any]]
    guard let importDict = importItems.first else {
        return nil
    }
    let identity = importDict[kSecImportItemIdentity as String]! as! SecIdentity
    var certificate: SecCertificate? = nil
    let err2 = SecIdentityCopyCertificate(identity, &certificate)
    guard err2 == errSecSuccess else {
        return nil
    }
    return certificate!
}

When I call it like this:

let testP12Base64 = "MIIKggIBAzCCCkgGCSqGSIb3DQEHAaCCCjkEggo1MIIKMTCCBL8GCSqGSIb3DQEHBqCCBLAwggSsAgEAMIIEpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIieilQ1n37C0CAggAgIIEeM9Zotux9eIou4f8n2XfZ1Wj2IQ7WDHAYl0t6p46DcE+CjVNlsQXlZXNEx14pDuFaEAqewfBaMsZygANbchG1gAHfzsQluCyZkNmIS9jNlPqMaMN5coXJsbbG9tLuyAcQsFAzf28AXUAGYClCffvUEsECnb4NlDnNcn8/xTooLxGSomGiwAooyOOJtxv9ijWCjQPZuRfVF+OibDNsRXiabv9F5m1UhMEwpHz4GCBVn5eCRVHr7VK+/ShhnPOGRnq6gbTXz7JM9LKTp7if+qIrTTSPJjyNgUpdcp6W+gjkGI0lWk+3sZPO+NPkVo5NnT0hMqt3Pu5KaidaVpGWVUYi0ep22U2utGvrqgCMtkNEakAfthtRNO9GqhrlgdMyRN4uGAXd5Wvi366hVK3uniyr2bI/bS+xJocY/zftqfN1hiDOItFLE2+/5z+tcLQAfrcnpFnOecE1Y5zfXg6KSZI535nL7mOwR0ZOyTakHikfglojkNqsZe1MRWj0RoaC265Tqs4ef3sJLRv57vZyaYknkOQAKbEgMV3EcN2/YQFVi1ivfHaTgbb1R/on2KQ4dD7bjy2krlCRensRUKo6flEjX+GuHTiiErIhJkcz7Bvj+xKRr7XEs6vTn18qXQAOoue4ZtlvCVP8pZUVdj9psvZU4fmLZEj0I334B8hrqIAMKxjHDfYCDr93y0PXQk4LuR5Bt0bnPaRDV0rwvMBWodvlzpwPdl9pRXcET0ek/xiYKU2dLw5nzI4Dbh7gWtHezVGpuy4HJznRiiqv0x/XeILY7+FIfEXTMVvx18G7czgS+MGIS46610R4mHqpF5RRaeyKd3xFfWdiHV9BKZeC2e/maRF4tEoYEE6L7GoqODvAuVi3M407q8xgALlwq4zfSdhEJXqqeB8QqTI/fa0DPG0s6Rn2mk/PUxV4uPzV1OHDNVFgp99KXhwhf8Ifel0cx3uUpxRthBs+9sJE0xKUFOsd5TyiNMJjXj5iN/RiJHYxt4Y081pJEVGqlaTASytiAbXzZJPLUztM3Hi9WZ9zOkL+ufOvznHWLVfvG1aiDtmPugLUQMn3LLoy6QwS8QdOP7Iw+mXtOZaw5NTcevyAmHoUY0qrmqrdACPDdkW9SlPC+BWeGWV7SoZxousoZxKrJYwMx+g8N8tJv1gi5zOD64lq/tD37XohY78rK8NAtoBhDdGBZFnTm+z3ooN3WrWzYB/NydiWSXpQ30CAwPw0M4DTHJJ91ipCyKJLprQFg3QUtSBHoU4M7rKEKeG7qOWdO//WSWoSnlU6Gs2iLADQYEk+dq0auKvccjbA/vIatObsiJn7ht/Wu50Y0BXQ23v6+epb+6wMztxVBWiymoHyJEs7jqgzMCe0eoN6COCcExGwmbhhX/EUkAK0CAZmx0yjHo0JeOTyy+PQfQvHVIK/zWgDKb+f/kd59W0wRp884HPfoEk8/H4rFrds60WRUCk0VYBzAvEyuzBreeJqBvDMzYu+trwqD9v9OX726rBs92GI70tbImYQSkeYQgwggVqBgkqhkiG9w0BBwGgggVbBIIFVzCCBVMwggVPBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIkADSKx7S7iICAggABIIEyOH5KgUpUBrfLqRNa+f9DrKqMeXT5ajkLNiip/SAeG/jE1aBO4hnfbmvyR5CshHtcEavGlenHWgH4Wd1FdxvZt4ItcEefZvoUzoisBKp+2+N2x5gK2+Ga9Plu90e0ckp95jBXbPBXroYeZTxtTgR2IRzP2UdVMukaaRduWazQwJ3OOMX+hteIWTHLac3u/5QThy2hH/2bT183TaUUK3Ic81eVxUdkFeKyqUkeD/SCmeqeT+6qFlsu6pNzk6LWpNevECSD5Skv71HNXti8ez4klJf/YweTWfGd4L4v9zgno3Bf2OYSRb4fMbwy2W/2yW59BHI7I3cImhy92pnhOKjW1eqDZlIPM+CsQpPC0BabCC3xe8TvVI+tCOdxzUcI4IcJ52lM2I/SN7JZgVvPM//82RrmqVNyFvitbSL+EahX1neJd/BDY3WUIWmR1WiehP0Ef/lptFLJURF46KxuCg2yGwY57WXCLAMsa918deFB9VTWTG0Nedn1fzp4HXLI4QdTcKwHhNwbw/k3gC3sypHPil9kR7ZsdaU99mvK7PER5q1VQJp+zz6zJnO657jzZoUcopjVE0XOWNpssVO2czmF9cGyd3sJFzzdsXFQ5iVEHFKbFNfyo2FLUZl9OSc/NK6mOqSfJbeOoK7meDVYyr6pyMArpba+bAIgcAC2RIFj7nGl6whJZepYJh0gf3NQaswLBHS/3X1hme+2cMxwpKr4/8MJNpIvyLmS6un+LVSJXgAKm44EG7b9cBaJbgTPIaBcgV+hM8vUedpkiaLBC6aiGpec0NH3QOv08XgujN5ezjlKx9i1ubp+Gro4T3xhEioznSIvXE5C9t4fGNgnWVIrvDthxILXVsjdnbRQAlEqERy7TJxcfxXNMC45BVtEM25CAovFvzrtjCxM0RC/yqhjH7AHpRc+V4b6AG0TYpCrncNtsHmd7/zZS+3nBdJplQtIc/YN9BTDABPEWPzvejk4WL+3NvmKoPKJ9aTeVRL9jrQblRqQVe1iWdF39t8qxI9EyHNjmQihT+fvDZVk3j0Wxio/NJ85dTj4PD5QA6+plaWHpzyAXsou9GCEYQvE7dRWeIptvnrGtqkPefag/liTXEZ0fMhWpWmREmnkUvAlagsvXhLZ7EvhTYrjzE9EJ8zq1ecbSvLe44TCn1xGUPq3/9k6C3yV0NFmYRaQiByf6u53nIXM9qXyl+mqJLkbzbfkt7dpVV6eZq/RAFIquEtGtfQTTm1AOWm55fQOFzNrdDBLuKuHhv/R7nPHifd3kbIUH1m//1dr9u0GN0H7jWlJdshIQzfBBNhpSVFvVBLgk2uKTI3n7Z0X58j6YtNg7Gk0krix+lYV9HreXyhxLWQ2LgEK7LoItR2fbgLYa+m+c0iisd98SZkybecDvRNOIRZcckX1K6SeFgbKT5ngV2Q6jKp/GasmnVQOz3Vng/HYToWNGG8v92pNhNi/A1m82XX8M7MB8p9BWldVdC8ory86igQGipchzeqK0XdShK7c2uaeedRcZ0ZfHqbQIA8uUcShafimhhAf4PEA5h6nwI1WWoLvENGKWxrllqbhs7ezIQIhkvXy7fMfqiP+eOkpm7H2mwYDlllqTpZHJWj95b+x8j3UxWsjdURYDFOMCMGCSqGSIb3DQEJFTEWBBQoXRLkuOKg1bikO/YIJI3hPA7vozAnBgkqhkiG9w0BCRQxGh4YAEMAWgAxADIAMQAyADEAMgAxADIAMQA4MDEwITAJBgUrDgMCGgUABBQpr8DOi/yQS+0JYAsB583N0+yhBwQIKcvN+NW6BA8CAggADQo="
let certMaybe = certificateFromCertificate(certP12: testP12Base64, psswd: "eet")
NSLog("certMaybe: %@", String(describing: certMaybe))

it prints this:

2017-10-23 10:30:07.682515+0100 xxsi[5690:569551] certMaybe: Optional(<cert(0x7fa94f40e720) s: CZ1212121218 i: GFR EET test CA 1>)

which looks right to me.

I’m not sure why you’re having problems here but as far as I can tell

SecPKCS12Import

is behaving properly.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 9

Evertson90 OP

Oct ’17

Hey @eskimo,

I sent the file to your email.

0

Answer 10

DTS Engineer OP

Apple

Oct ’17

For those following along on home, Evertson90’s issue is definitely different from mareksip’s issue. While I believe that my 23 Oct post has sorted out mareksip’s issue, it does not solve Evertson90’s.

As best as I can tell iOS 11 is complaining about the format of the private key embedded within their PKCS#12. Alas, they are not able to share their PKCS#12 here on DevForums, so I’ve recommended that we move over to a DTS tech support incident.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 11

mareksip OP

Oct ’17

Quinn, thank you for the time you dedicated to my issue. Nonetheless, I replaced your function with mine and I am getting nil result on line:

guard let importDict = importItems.first else { 
   return nil 
}

I am affraid tha this issue might be connecteted to Everson90's

Regards.

0

Answer 12

DTS Engineer OP

Apple

Oct ’17

Nonetheless, I replaced your function with mine and I am getting nil result on line:

On what OS version. I ran the code from my 23 Oct post on both 11.0 and 11.0.3 and both work as described in that post. Are you say that that exact code fails on your iOS 11 devices? Or were you testing with different PKCS#12 input?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 13

mareksip OP

Oct ’17

I have tested the code on iPad Mini 11.0.3 (15A432).

Are you say that that exact code fails on your iOS 11 devices?

Yes, the exact code fails on iOS 11.

with different PKCS#12 input?

Tested with the same input as I have posted.

0

Answer 14

DTS Engineer OP

Apple

Oct ’17

Yes, the exact code fails on iOS 11.
…
Tested with the same input as I have posted.

Well, that’s weird. It Works On My Machine™.

At this point I’m going to recommend what I recommended to Evertson90: you should open a DTS tech support incident so that DTS’s security specialist can look at this in depth.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 15

mareksip OP

Oct ’17

I continue to solve this issue with DTS with Follow-up: 676191222.

Thank you for assistance so far.

0