jokeyrhyme · June 29, 2019 08:38
diff --git a/macos-keychain-research.m b/macos-keychain-research.m
 //
 //  main.m
 //  macos-keychain-delete-private-key
 //
 //  Created by Ron Waldon on 2016-08-30.
 //  Copyright © 2016 Ron Waldon. All rights reserved.
 //

 #import <Foundation/Foundation.h>
 #import <Security/Security.h>

 // https://stackoverflow.com/questions/27824829/delete-private-key-from-keychain-mac-programmatically

 NSString * NSDataToHex (NSData *data) {
    // https://stackoverflow.com/a/12442672/488373
    NSUInteger dataLength = [data length];
    NSMutableString *string = [NSMutableString stringWithCapacity:dataLength * 2];
    const unsigned char *dataBytes = [data bytes];
    for (NSInteger idx = 0; idx < dataLength; ++idx) {
        [string appendFormat:@"%02x", dataBytes[idx]];
    }
    return string;
 }

 void NSLogSecKeychainCertificate (NSString *name) {
    OSStatus status;

    const NSMutableDictionary *query = [NSMutableDictionary new];

    [query setObject:(__bridge id)kSecClassCertificate forKey:(__bridge id)kSecClass];
    [query setObject:name forKey:(__bridge id)kSecAttrLabel];
    [query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnAttributes];
    [query setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];

    CFTypeRef result = NULL;

    status = SecItemCopyMatching((__bridge CFDictionaryRef )query, &result);
    NSLog(@"SecItemCopyMatching: %@", SecCopyErrorMessageString(status, NULL));

    NSDictionary *dict = (__bridge NSDictionary *)(CFDictionaryRef) result;
    NSLog(@"NSLogSecKeychainCertificate: %@", dict);

    NSData *pkhh = [dict valueForKey:(NSString *)kSecAttrPublicKeyHash];
    NSLog(@"NSLogSecKeychainCertificate: %@", NSDataToHex(pkhh));
 }

 void NSLogSecKeychainKey (NSString *name) {
    OSStatus status;

    const NSMutableDictionary *query = [NSMutableDictionary new];

    [query setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
    [query setObject:name forKey:(__bridge id)kSecAttrLabel];
    [query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnAttributes];
    [query setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];

    CFTypeRef result = NULL;

    status = SecItemCopyMatching((__bridge CFDictionaryRef )query, &result);
    NSLog(@"SecItemCopyMatching: %@", SecCopyErrorMessageString(status, NULL));

    NSDictionary *dict = (__bridge NSDictionary *)(CFDictionaryRef) result;
    NSLog(@"NSLogSecKeychainKey: %@", dict);

    NSData *klbl = [dict valueForKey:(NSString *)kSecAttrApplicationLabel];
    NSLog(@"NSLogSecKeychainKey: %@", NSDataToHex(klbl));
 }

 int main(int argc, const char * argv[]) {
    @autoreleasepool {
        NSLogSecKeychainCertificate(@"Internet Widgits Pty Ltd");
        NSLogSecKeychainKey(@"self-signed-2016-08-30T02:50:37Z");
    }

    return 0;
 }
	//
	// main.m
	// macos-keychain-delete-private-key
	//
	// Created by Ron Waldon on 2016-08-30.
	// Copyright © 2016 Ron Waldon. All rights reserved.
	//

	#import <Foundation/Foundation.h>
	#import <Security/Security.h>

	// https://stackoverflow.com/questions/27824829/delete-private-key-from-keychain-mac-programmatically

	NSString * NSDataToHex (NSData *data) {
	// https://stackoverflow.com/a/12442672/488373
	NSUInteger dataLength = [data length];
	NSMutableString string = [NSMutableString stringWithCapacity:dataLength 2];
	const unsigned char *dataBytes = [data bytes];
	for (NSInteger idx = 0; idx < dataLength; ++idx) {
	[string appendFormat:@"%02x", dataBytes[idx]];
	}
	return string;
	}

	void NSLogSecKeychainCertificate (NSString *name) {
	OSStatus status;

	const NSMutableDictionary *query = [NSMutableDictionary new];

	[query setObject:(__bridge id)kSecClassCertificate forKey:(__bridge id)kSecClass];
	[query setObject:name forKey:(__bridge id)kSecAttrLabel];
	[query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnAttributes];
	[query setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];

	CFTypeRef result = NULL;

	status = SecItemCopyMatching((__bridge CFDictionaryRef )query, &result);
	NSLog(@"SecItemCopyMatching: %@", SecCopyErrorMessageString(status, NULL));

	NSDictionary dict = (__bridge NSDictionary )(CFDictionaryRef) result;
	NSLog(@"NSLogSecKeychainCertificate: %@", dict);

	NSData pkhh = [dict valueForKey:(NSString )kSecAttrPublicKeyHash];
	NSLog(@"NSLogSecKeychainCertificate: %@", NSDataToHex(pkhh));
	}

	void NSLogSecKeychainKey (NSString *name) {
	OSStatus status;

	const NSMutableDictionary *query = [NSMutableDictionary new];

	[query setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
	[query setObject:name forKey:(__bridge id)kSecAttrLabel];
	[query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnAttributes];
	[query setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];

	CFTypeRef result = NULL;

	status = SecItemCopyMatching((__bridge CFDictionaryRef )query, &result);
	NSLog(@"SecItemCopyMatching: %@", SecCopyErrorMessageString(status, NULL));

	NSDictionary dict = (__bridge NSDictionary )(CFDictionaryRef) result;
	NSLog(@"NSLogSecKeychainKey: %@", dict);

	NSData klbl = [dict valueForKey:(NSString )kSecAttrApplicationLabel];
	NSLog(@"NSLogSecKeychainKey: %@", NSDataToHex(klbl));
	}

	int main(int argc, const char * argv[]) {
	@autoreleasepool {
	NSLogSecKeychainCertificate(@"Internet Widgits Pty Ltd");
	NSLogSecKeychainKey(@"self-signed-2016-08-30T02:50:37Z");
	}

	return 0;
	}