如何从钥匙串获取数字身份?

问题描述 投票:0回答:1

我正在遵循Apple的教程:https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates/storing_a_certificate_in_the_keychain

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/identities/storing_an_identity_in_the_keychain

关于如何存储和检索钥匙串中的身份。

存储身份似乎很好,返回了errSecSuccess。但是,当尝试获取任何身份时,我会返回errSecItemNotFound(或-25300)。

即使丢弃钥匙串也无法按预期工作;成功添加身份后,SecItemCopyMatching仍返回errSecItemNotFound

请参见以下与文档中提供的摘录基本匹配的代码:

// Store the digital identity in the keychain:
let addQuery: [String : Any] = [kSecClass as String: kSecClassIdentity,
                                kSecValueRef as String: identity,
                                kSecAttrLabel as String: "myid"]

guard SecItemAdd(addQuery as CFDictionary, nil) == errSecSuccess else {
    print("Could not store identity in keychain")
    return false
}

// Obtain the digital identity from the keychain:
let getQuery: [String : Any] = [kSecClass as String: kSecClassIdentity,
                                kSecAttrLabel as String: "myid",
                                kSecReturnRef as String: kCFBooleanTrue!]
var item: CFTypeRef?
let status = SecItemCopyMatching(getQuery as CFDictionary, &item)
guard status == errSecSuccess else {
    print("Could not find identity in keychain, OSerror: \(status)") // <---- -25300
    return false
}

let localIdentity = item as! SecIdentity

// [...]

为了完整起见,这就是我“转储”钥匙串(至少是身份)的方法:

let getQuery: [String : Any] = [kSecClass as String : secClass,
                                kSecReturnData as String  : kCFBooleanTrue!,
                                kSecReturnAttributes as String : kCFBooleanTrue!,
                                kSecReturnRef as String : kCFBooleanTrue!,
                                kSecMatchLimit as String : kSecMatchLimitAll]
var items: CFTypeRef?
let status = SecItemCopyMatching(getQuery as CFDictionary, &items) // <--- again, status = -25300

缺少什么?

我多次浏览了文档。将物品存储在钥匙串中会花费一些时间吗?如果是这样,Apple提供的示例是否提及?

为什么在存储项目时为什么会得到errSecSuccess,但是之后我却不允许我阅读该项目?

我也在真实设备上进行测试。

ios swift security keychain ios13
1个回答
0
投票

我终于找到了答案。

在身份上使用标签是棘手的,因为身份不是作为原子项存储在钥匙串中,而是作为单独的私钥和证书存储,并且这些项以不同的方式使用标签。

https://forums.developer.apple.com/thread/98029

即:

  1. 将身份添加到钥匙串时,将kSecReturnPersistentRef传递给SecItemAdd
  2. 在任何地方保存永久性引用
  3. 稍后,当您需要返回身份时,使用该持久引用调用SecItemCopyMatching

这很有意义,我终于可以用这种方式解决我的问题。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.