SecCertificateAddToKeychain - 导入中的未知格式

SecCertificateAddToKeychain - Unknown format in import

函数 SecCertificateAddToKeychain() 为我创建的用于测试的证书提供了一个错误。

证书 - TestCert.p12:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
openssl pkcs12 -export -inkey key.pem -in cert.pem -out TestCert.p12

代码:

NSData  *certData = [NSData dataWithContentsOfFile:path];
if (certData)  {
   SecCertificateRef  newCert = SecCertificateCreateWithData (NULL, (CFDataRef)certData);
   if (newCert)  {
      OSStatus  addResult = SecCertificateAddToKeychain (newCert, NULL);
      if (addResult)  {
         NSString  *errStr = SecCopyErrorMessageString (addResult, NULL);
         NSLog (@"Cannot add certificate to keychain: %@", errStr);
      }
   }
}

输出:无法将证书添加到钥匙串:导入格式未知。 有什么想法吗?

SecCertificateCreateWithData 仅描述了 X.509 格式,而不是 PKCS#12。

对于 P12 你想要 SecPkcs12Import (which will import to the default keychain by default) or SecItemImport (which will not import private keys unless you explicitly give it the keychain into which to import them -- e.g. SecKeychainCopyDefault).