Keys created with SecKeyCreateRandomKey cannot be extracted

Hi

I've been running after a problem on my iOS app, I'm creating hundreds of keypairs with SecKeyCreateRandomKey for several different usernames, in this case, different identifiers kSecAttrApplicationTag.

After I create the key pairs I extract the public keys using SecItemCopyMatching, again, hundreds of them.

Problem is, without a logic explanation, some of those keys cannot be extracted. After running after the issue for hours, I noticed that EVERY time I try to extract a public key and the identifier have exactly 87 chars, the public key cannot be found. Doesn't matter the content or names used on the identifier, every time the length hits 87, SecItemCopyMatching returns -25300

is this some kind of limitation that is not explained on the documentation? thanks

digging deeply I noticed several identifier sizes fail to extract the key:

[982:69528] key with 7 chars is invalid [982:69528] key with 23 chars is invalid [982:69528] key with 39 chars is invalid [982:69528] key with 55 chars is invalid [982:69528] key with 71 chars is invalid [982:69528] key with 87 chars is invalid [982:69528] key with 103 chars is invalid [982:69528] key with 119 chars is invalid [982:69528] key with 135 chars is invalid [982:69528] key with 151 chars is invalid [982:69528] key with 167 chars is invalid [982:69528] key with 183 chars is invalid [982:69528] key with 199 chars is invalid [982:69528] key with 215 chars is invalid [982:69528] key with 231 chars is invalid [982:69528] key with 247 chars is invalid [982:69528] key with 263 chars is invalid [982:69528] key with 279 chars is invalid [982:69528] key with 295 chars is invalid

-added to the original post-

digging deeply I noticed several identifier sizes fail to extract the key.

Something to do with base64 encoding?

I'm not doing any base64 encoding actually. The kSecAttrApplicationTag required for SecKeyGeneratePair or SecKeyCreateRandomKey, is an NSData generated from a UInt8 array (in turn generated from an NSString that is plain text).

It’s hard to say exactly what’s going on here without running your code, and I don’t have time to go down that path today. However, I do have an alternative suggestion. You wrote:

I extract the public keys using SecItemCopyMatching

Storing the private and public keys independently is always error prone. I generally avoid this by only storing the private key and then getting the public key from it using SecKeyCopyPublicKey.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Keys created with SecKeyCreateRandomKey cannot be extracted
 
 
Q