Keychain access shows as name in dialogs, instead of what I created the key with
I create a asymmetric signing key on macOS using this code:
const NSData* SignKeyTag = [@"ca.website.signRSA2048" dataUsingEncoding:NSUTF8StringEncoding];
const NSNumber* SignKeySize = @2048;
const SecKeyAlgorithm SigningAlg = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384;
const NSString* SignKeyType = (id)kSecAttrKeyTypeRSA;
const NSString* SignKeyLabel = @"Signing Key";
NSDictionary* attributes =
@{
(id)kSecAttrKeyType: SignKeyType,
(id)kSecAttrKeySizeInBits: SignKeySize,
(id)kSecAttrLabel: SignKeyLabel,
(id)kSecAttrDescription: SignKeyLabel,
(id)kSecPrivateKeyAttrs:
@{
(id)kSecAttrIsPermanent: @YES,
(id)kSecAttrApplicationTag: SignKeyTag,
},
};
CFErrorRef error = NULL;
myPrivKeyRef = SecKeyCreateRandomKey((__bridge CFDictionaryRef)attributes, &error);
This works fine, and I'm able to sign and verify without issue. The problem I'm facing is that if permission needs to be given to access the key, the dialog asking the user to Allow/Deny/Always Allow access to the key shows the name <key> instead of any of the labels/tag/descriptions I give it. Also if I edit the key in Keychain Access.app, it also asks me for permission to change <key>.
Keychain Access shows the label correctly in the list, I don't see <key> anywhere in the key info. Also if I enumerate the attributes for the key in code I don't see <key>.
Now, I'm assuming that label I'm seeing may be from the public key. However the documentation says I shouldn't store the public key separately, and just get it from the private key when required using SecKeyCopyPublicKey().
Any ideas? Thanks!
objective-c macos cocoa cryptography keychain
edited Nov 15 '18 at 6:52
Marek H
2,4851222
asked Nov 15 '18 at 0:29
mb13mb13
327
add a comment |
I create a asymmetric signing key on macOS using this code:
const NSData* SignKeyTag = [@"ca.website.signRSA2048" dataUsingEncoding:NSUTF8StringEncoding];
const NSNumber* SignKeySize = @2048;
const SecKeyAlgorithm SigningAlg = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384;
const NSString* SignKeyType = (id)kSecAttrKeyTypeRSA;
const NSString* SignKeyLabel = @"Signing Key";
NSDictionary* attributes =
@{
(id)kSecAttrKeyType: SignKeyType,
(id)kSecAttrKeySizeInBits: SignKeySize,
(id)kSecAttrLabel: SignKeyLabel,
(id)kSecAttrDescription: SignKeyLabel,
(id)kSecPrivateKeyAttrs:
@{
(id)kSecAttrIsPermanent: @YES,
(id)kSecAttrApplicationTag: SignKeyTag,
},
};
CFErrorRef error = NULL;
myPrivKeyRef = SecKeyCreateRandomKey((__bridge CFDictionaryRef)attributes, &error);
This works fine, and I'm able to sign and verify without issue. The problem I'm facing is that if permission needs to be given to access the key, the dialog asking the user to Allow/Deny/Always Allow access to the key shows the name <key> instead of any of the labels/tag/descriptions I give it. Also if I edit the key in Keychain Access.app, it also asks me for permission to change <key>.
Keychain Access shows the label correctly in the list, I don't see <key> anywhere in the key info. Also if I enumerate the attributes for the key in code I don't see <key>.
Now, I'm assuming that label I'm seeing may be from the public key. However the documentation says I shouldn't store the public key separately, and just get it from the private key when required using SecKeyCopyPublicKey().
Any ideas? Thanks!
objective-c macos cocoa cryptography keychain
edited Nov 15 '18 at 6:52
Marek H
2,4851222
asked Nov 15 '18 at 0:29
mb13mb13
327
kSecDescriptionItemAttr is not listed as applicable to kSecClassKey items. I tried some experiments using "security" command line and with code like yours. Didn't find an answer. Seems like it should use the kSecAttrLabel but doesn't seem to work at either level of the attributes dictionary despite it showing up in KeychainAccess as you said. ¯_(ツ)_/¯
– Dad
Nov 20 '18 at 4:37
add a comment |
I create a asymmetric signing key on macOS using this code:
const NSData* SignKeyTag = [@"ca.website.signRSA2048" dataUsingEncoding:NSUTF8StringEncoding];
const NSNumber* SignKeySize = @2048;
const SecKeyAlgorithm SigningAlg = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384;
const NSString* SignKeyType = (id)kSecAttrKeyTypeRSA;
const NSString* SignKeyLabel = @"Signing Key";
NSDictionary* attributes =
@{
(id)kSecAttrKeyType: SignKeyType,
(id)kSecAttrKeySizeInBits: SignKeySize,
(id)kSecAttrLabel: SignKeyLabel,
(id)kSecAttrDescription: SignKeyLabel,
(id)kSecPrivateKeyAttrs:
@{
(id)kSecAttrIsPermanent: @YES,
(id)kSecAttrApplicationTag: SignKeyTag,
},
};
CFErrorRef error = NULL;
myPrivKeyRef = SecKeyCreateRandomKey((__bridge CFDictionaryRef)attributes, &error);
This works fine, and I'm able to sign and verify without issue. The problem I'm facing is that if permission needs to be given to access the key, the dialog asking the user to Allow/Deny/Always Allow access to the key shows the name <key> instead of any of the labels/tag/descriptions I give it. Also if I edit the key in Keychain Access.app, it also asks me for permission to change <key>.
Keychain Access shows the label correctly in the list, I don't see <key> anywhere in the key info. Also if I enumerate the attributes for the key in code I don't see <key>.
Now, I'm assuming that label I'm seeing may be from the public key. However the documentation says I shouldn't store the public key separately, and just get it from the private key when required using SecKeyCopyPublicKey().
Any ideas? Thanks!
objective-c macos cocoa cryptography keychain
edited Nov 15 '18 at 6:52
Marek H
2,4851222
asked Nov 15 '18 at 0:29
mb13mb13
327
I create a asymmetric signing key on macOS using this code:
const NSData* SignKeyTag = [@"ca.website.signRSA2048" dataUsingEncoding:NSUTF8StringEncoding];
const NSNumber* SignKeySize = @2048;
const SecKeyAlgorithm SigningAlg = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384;
const NSString* SignKeyType = (id)kSecAttrKeyTypeRSA;
const NSString* SignKeyLabel = @"Signing Key";
NSDictionary* attributes =
@{
(id)kSecAttrKeyType: SignKeyType,
(id)kSecAttrKeySizeInBits: SignKeySize,
(id)kSecAttrLabel: SignKeyLabel,
(id)kSecAttrDescription: SignKeyLabel,
(id)kSecPrivateKeyAttrs:
@{
(id)kSecAttrIsPermanent: @YES,
(id)kSecAttrApplicationTag: SignKeyTag,
},
};
CFErrorRef error = NULL;
myPrivKeyRef = SecKeyCreateRandomKey((__bridge CFDictionaryRef)attributes, &error);
This works fine, and I'm able to sign and verify without issue. The problem I'm facing is that if permission needs to be given to access the key, the dialog asking the user to Allow/Deny/Always Allow access to the key shows the name <key> instead of any of the labels/tag/descriptions I give it. Also if I edit the key in Keychain Access.app, it also asks me for permission to change <key>.
Keychain Access shows the label correctly in the list, I don't see <key> anywhere in the key info. Also if I enumerate the attributes for the key in code I don't see <key>.
Now, I'm assuming that label I'm seeing may be from the public key. However the documentation says I shouldn't store the public key separately, and just get it from the private key when required using SecKeyCopyPublicKey().
Any ideas? Thanks!
objective-c macos cocoa cryptography keychain
objective-c macos cocoa cryptography keychain
edited Nov 15 '18 at 6:52
Marek H
2,4851222
asked Nov 15 '18 at 0:29
mb13mb13
327
edited Nov 15 '18 at 6:52
Marek H
2,4851222
asked Nov 15 '18 at 0:29
mb13mb13
327
edited Nov 15 '18 at 6:52
Marek H
2,4851222
edited Nov 15 '18 at 6:52
Marek H
2,4851222
edited Nov 15 '18 at 6:52
Marek H
2,4851222
2,4851222
asked Nov 15 '18 at 0:29
mb13mb13
327
asked Nov 15 '18 at 0:29
mb13mb13
327
asked Nov 15 '18 at 0:29
mb13mb13
327
327
kSecDescriptionItemAttr is not listed as applicable to kSecClassKey items. I tried some experiments using "security" command line and with code like yours. Didn't find an answer. Seems like it should use the kSecAttrLabel but doesn't seem to work at either level of the attributes dictionary despite it showing up in KeychainAccess as you said. ¯_(ツ)_/¯
– Dad
Nov 20 '18 at 4:37
add a comment |
kSecDescriptionItemAttr is not listed as applicable to kSecClassKey items. I tried some experiments using "security" command line and with code like yours. Didn't find an answer. Seems like it should use the kSecAttrLabel but doesn't seem to work at either level of the attributes dictionary despite it showing up in KeychainAccess as you said. ¯_(ツ)_/¯
– Dad
Nov 20 '18 at 4:37
kSecDescriptionItemAttr is not listed as applicable to kSecClassKey items. I tried some experiments using "security" command line and with code like yours. Didn't find an answer. Seems like it should use the kSecAttrLabel but doesn't seem to work at either level of the attributes dictionary despite it showing up in KeychainAccess as you said. ¯_(ツ)_/¯
– Dad
Nov 20 '18 at 4:37
kSecDescriptionItemAttr is not listed as applicable to kSecClassKey items. I tried some experiments using "security" command line and with code like yours. Didn't find an answer. Seems like it should use the kSecAttrLabel but doesn't seem to work at either level of the attributes dictionary despite it showing up in KeychainAccess as you said. ¯_(ツ)_/¯
– Dad
Nov 20 '18 at 4:37
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53310790%2fkeychain-access-shows-key-as-name-in-dialogs-instead-of-what-i-created-the-ke%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53310790%2fkeychain-access-shows-key-as-name-in-dialogs-instead-of-what-i-created-the-ke%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
kSecDescriptionItemAttr is not listed as applicable to kSecClassKey items. I tried some experiments using "security" command line and with code like yours. Didn't find an answer. Seems like it should use the kSecAttrLabel but doesn't seem to work at either level of the attributes dictionary despite it showing up in KeychainAccess as you said. ¯_(ツ)_/¯
– Dad
Nov 20 '18 at 4:37