问题
I have a p12 file , say mycert.p12 with some password , i import it using security tool and this properly install in keychain as expected , now i am trying to delete private and public entires from keychain , i am able to delete the public using delete-certificate -Z with security tool , but the private key does not get removed , how to use SecItemDelete to delete this or any special script available .
Thanks
回答1:
You can use SecItemCopyMatching and SecKeychainItemDelete to achieve this. First one makes a search for the items, second one deletes the items.
For SecItemCopyMatching you need to define a search dictionary, which defines which item you want to find, for example you can use the keychain's name of the key you want to find. As an example i have a private key called "iPhone Configuration Utility (8AE57ABA-8DCD-4A29-9013-07FB2AEDADCE)".
To delete this special private key programmatically you can use following code snippet:
NSMutableDictionary *query = [NSMutableDictionary new];
[query setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[query setObject:@"iPhone Configuration Utility (8AE57ABA-8DCD-4A29-9013-07FB2AEDADCE)" forKey:(__bridge id)kSecAttrLabel];
[query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnRef];
[query setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
CFTypeRef result = NULL;
OSStatus status = 0;
status = SecItemCopyMatching((__bridge CFDictionaryRef )query, &result);
NSLog(@"%@", SecCopyErrorMessageString(status, NULL));
SecKeychainItemDelete((SecKeychainItemRef)result);
The first object,key combo in the dictionary defines that you are searching for a private key. If you are searching for a certificate you can use KSecClassCertificate or if you are searching for a password use KSecClassGenericPassword.
The second defines the name of the item in Keychain, with KSecAttrLabel.
SecItemCopyMatching returns a reference to the found items, the 3d defines the type of the reference, here SecKeychainItemRef because this type needs SecKeychainItemDelete.
The 4th defines that you want only one match, if you want all matching items then use KSecMatchLimitAll.
Then you call SecItemCopyMatching and it returns a reference to the first found item which matches the search dictionary.
SecCopyErrorMessageString prints you an error message where you can see if it goes right, then it prints No Error, or if it couldn't find the item, then you get a Item not found message and so on.
At last you call SecKeychainItemDelete with the reference to the found item.
You have many possibilities to define the search dictionary as you can search for every item in the keychain like passwords, internet passwords, certificates and so on. If you want to go deeper look at Apples keychain services reference:
https://developer.apple.com/library/mac/documentation/Security/Reference/keychainservices/index.html#//apple_ref/c/func/SecCopyErrorMessageString
Hope this helps
来源:https://stackoverflow.com/questions/27824829/delete-private-key-from-keychain-mac-programmatically