1

I have a symmetric key which I want to store in the OS X keychain. Storing passwords and usernames are working perfectly, so I changed My code to store a symmetric key which I want to use later by My app. I used the following code which give Me as response:

The specified attribute does not exist.

Here is My code:

// Identifier for symmetric key
static const uint8_t keyIdentfier[] = "net.eurobertics.TestKey";
NSData *tag = [[NSData alloc] initWithBytes:keyIdentfier length:sizeof(keyIdentfier)];

// Simple keygen algo - JUST FOR EXAMPLE DO NOT USE!
NSMutableData *key = [NSMutableData dataWithLength:8];
SecRandomCopyBytes(kSecRandomDefault, 8, key.mutableBytes);
NSString *base64key = [key base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength];

// Dictionary for keychain - insert a symmetric key with following attributes
NSMutableDictionary *dict = [[NSMutableDictionary alloc] init];
[dict setObject:(id)kSecClassKey forKey:(id)kSecClass];
[dict setObject:tag forKey:(id)kSecAttrApplicationTag];
[dict setObject:[NSNumber numberWithUnsignedInteger:CSSM_ALGID_AES] forKey:(id)kSecAttrKeyType];
[dict setObject:[NSNumber numberWithUnsignedInteger:(unsigned int)(kCCKeySizeAES128 << 3)] forKey:(id)kSecAttrKeySizeInBits];
[dict setObject:[NSNumber numberWithUnsignedInteger:(unsigned int)(kCCKeySizeAES128 << 3)] forKey:(id)kSecAttrEffectiveKeySize];
[dict setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanEncrypt];
[dict setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanDecrypt];
[dict setObject:(id)kCFBooleanFalse forKey:(id)kSecAttrCanSign];
[dict setObject:(id)kCFBooleanFalse forKey:(id)kSecAttrCanVerify];
[dict setObject:(id)kCFBooleanFalse forKey:(id)kSecAttrCanWrap];
[dict setObject:(id)kCFBooleanFalse forKey:(id)kSecAttrCanUnwrap];
[dict setObject:(id)kCFBooleanFalse forKey:(id)kSecAttrCanDerive];
[dict setObject:key forKey:(id)kSecValueData];

// Insert key into keychain based on dictionary attributes above
OSStatus osstatus = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);

// Set responsefield
[[self responseField] setStringValue:[NSString stringWithFormat:@"Key: %@\n\nStatus: %@", base64key, SecCopyErrorMessageString(osstatus, NULL)]];

I know that SecItemAdd is mainly for iOS but I want to port My app later to iOS so I want to be more compatible. Storing the key in the default (normally login) keychain is absolutely ok for Me because I will use the key periodically by My app.

Jason Aller
  • 3,541
  • 28
  • 38
  • 38
Eurobertics
  • 66
  • 1
  • 8

1 Answers1

0

I had found out why this is not working by another question from Me:

Storing a symmetric key in OS X keychain programmatically

Hope it helps someone

Community
  • 1
  • 1
Eurobertics
  • 66
  • 1
  • 8