Open Radar

 
Summary:
The iOS Security framework enables generation public and private key pairs, signing and verifying data with key pairs, importing X.509 certificates in DER format, importing identities from pkcs12 files, and adding items to the keychain.  Thus capabilities exist in the framework to generate keys, manage data in the X.509 format, sign data, and add items to the keychain.  Therefore, it seems reasonable that a mechanism should exist to generate keys, package them in a certificate, self-sign the certificate, and add the certificate as a keychain item with the Security framework, but there is not.

Steps to Reproduce:
- Start using the Security framework.
- Use SecKeyGeneratePair(...) to generate a key pair.
- Look at documentation about how to add these keys to the keychain as an X.509 certificate or identity
- Find nothing.

Expected Results:
- Start using the Security framework.
- Use SecKeyGeneratePair(...) to generate a key pair.
- Look at documentation about how to add these keys to the keychain as an X.509 certificate or identity
- Call some method like SecCertificateCreateWithPublicKey(…) or SecIdentityCreateWithKeyPair(…)
- Call SecItemAdd(…) to add the new certificate/identity to the keychain.
- Bask in how awesome and easy Apple engineers made the Security framework to use.

Actual Results:
- Give up and figure out how to compile and bundle OpenSSL in your app.
- Use OpenSSL to accomplish the task that should be available as part of the Security framework.