No (non-deprecated) way to inspect a free-floating SecKeyRef
| Originator: | wiml | ||
| Number: | rdar://11840882 | Date Originated: | 10-Jul-2012 10:34 AM |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.7 |
| Classification: | Reproducible: | Always |
10-Jul-2012 10:34 AM W Lewis: Summary: The crypto APIs which replaced the deprecated CSSM APIs do not seem to provide a way to get information about a SecKeyRef if that key is not in a keychain. Steps to Reproduce: The recommended API which can return information about a key is SecItemCopyMatching(). However, SecItemCopyMatching() does not work for keys which are not in keychains, as for example public keys found in certificates, received over the wire and imported, or ephemeral keypairs generated for the duration of a session. Expected Results: It's not clear to me whether SecItemCopyMatching() is even *supposed* to work here or not--- the documentation is too vague, and the implementation is too buggy (see RADAR 10155924 etc) to tell what its intended behavior is. Notes: I'd really strongly suggest replacing SecItemCopyMatching() with a better-designed API.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!