xcode 无法使用钥匙串访问导入代码签名公钥或私钥(Mac OS X Mavericks)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23543198/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can't import Code-signing Public or Private keys using Keychain access (Mac OS X Mavericks)
提问by Jason FB
In an attempt to build an iOS project (in XCode), I need to import my colleague's public and private keys for the code signing identity, but I am unable to do so because I get an error in Keychain Access that says "An error has occurred. Unable to import an item. / The contents of this item cannot be retrieved"
在尝试构建一个 iOS 项目(在 XCode 中)时,我需要为代码签名身份导入我同事的公钥和私钥,但我无法这样做,因为我在 Keychain Access 中收到一个错误,提示“一个错误已经发生。无法导入项目。/无法检索此项目的内容”
FULL DETAILS:
详细信息:
I have got two keys from my colleague's computer, exported them from his Keychain as two files:
我从同事的电脑上拿到了两把钥匙,从他的钥匙串中导出为两个文件:
Roomer Inc.p12 (the private key)
Roomer Inc.p12(私钥)
Roomer Inc.pem (the public key)
Roomer Inc.pem(公钥)
When he exported these, he left the password blank (Although we also tried with a password of "test" and got the same results).
当他导出这些时,他将密码留空(尽管我们也尝试使用“test”密码并得到相同的结果)。
When I double-click Roomer Inc.p12 (for the private key), it opens in Keychain Access and promts me to choose the keychain ("login" is selected by default)
当我双击 Roomer Inc.p12(用于私钥)时,它会在 Keychain Access 中打开并提示我选择钥匙串(默认选择“登录”)
I click "Add" and then I am prompted for the password to the keychain (which I leave blank)
我单击“添加”,然后系统提示我输入钥匙串的密码(我将其留空)
Next I always see this message in Keychain access:
接下来我总是在钥匙串访问中看到此消息:
However, despite this message appearing, when I click OK, I see a new private key entry for "Roomer Inc". Note that this entry is a private key in the "login" key chain as I would expect, but has no expiration date (should it?)
但是,尽管出现此消息,但当我单击“确定”时,我会看到“Roomer Inc”的新私钥条目。请注意,正如我所料,此条目是“登录”密钥链中的私钥,但没有到期日期(应该吗?)
Next, for the Roomer Inc.pem file (the public key) I am asked to choose the keychain ("login") and I click Add
接下来,对于 Roomer Inc.pem 文件(公钥),我被要求选择钥匙串(“登录”),然后单击“添加”
Then, I also get the "An error has occurred. Unable to import an item. / The contents of this item cannot be retrieved" message for the public key as well. In this case however (unlike the Private key), I do not see any entry corresponding for what I just added.
然后,我还收到公钥的“发生错误。无法导入项目。/无法检索此项目的内容”消息。然而,在这种情况下(与私钥不同),我没有看到与我刚刚添加的内容相对应的任何条目。
So, it appears that the private key entry may or may not be OK (I have no way to verify), and the public key entry for Roomer cannot be installed in the keychain without this error message. Please note that I also tried using the security import command to import the public key :
因此,看起来私钥条目可能正常,也可能不正确(我无法验证),并且如果没有此错误消息,则无法在钥匙串中安装 Roomer 的公钥条目。请注意,我还尝试使用 security import 命令导入公钥:
$ security import Roomer\ Inc.pem -f pkcs12 ~/Library/Keychains/login.keychain
$ security import Roomer\ Inc.pem -f pkcs12 ~/Library/Keychains/login.keychain
1 key imported.
1 键导入。
When I do this, although the command returns "1 key imported" I do not see a public key for "Roomer Inc" in my Keychain Access window (I closed out Keychain Access and re-opened it).
当我这样做时,虽然命令返回“1 个已导入的密钥”,但我在“钥匙串访问”窗口中没有看到“Roomer Inc”的公钥(我关闭了钥匙串访问并重新打开了它)。
Either way, we have identified that this is our blocker. (The symptom of course is that the XCode project won't build for the AdHoc provisioning profile to be used with TestFlight). I have left off the additional steps regarding the XCode build and TestFlight setup, because we believe the core problem has to do with importing the keys as explained above.
不管怎样,我们已经确定这是我们的拦截器。(当然,症状是 XCode 项目不会为与 TestFlight 一起使用的 AdHoc 配置文件构建)。我已经省略了有关 XCode 构建和 TestFlight 设置的附加步骤,因为我们认为核心问题与导入密钥有关,如上所述。
回答by Jason FB
We figured out our problem, and I am posting my answer here so that others may find it helpful.
我们解决了我们的问题,我在这里发布我的答案,以便其他人可能会发现它有帮助。
The problem is really a UX problem with Keychain Access. Let me back up and give a little context: when you create a distribution certificate with Apple, you create it based on a PRIVATE KEY and App-based permissions.
问题实际上是 Keychain Access 的 UX 问题。让我备份并提供一些背景信息:当您使用 Apple 创建分发证书时,您是根据私钥和基于应用程序的权限创建的。
In Keychain Access, the distribution certificate is listed as a child below the name of the private key that it was created from. Here's the catch: When you use the search box in Keychain access (in my case we were typing in "Roomer" because that's the name on our distribution certificate), it won't look for a certificate with that name, it will look for a certificate attached to a private key for that name.
在 Keychain Access 中,分发证书作为创建它的私钥名称下方的子项列出。这里有一个问题:当您在钥匙串访问中使用搜索框时(在我的例子中,我们输入“Roomer”,因为这是我们分发证书上的名称),它不会查找具有该名称的证书,它会查找附加到该名称的私钥的证书。
So my colleague had create a distribution certificate based on a private key that was named "Jorge Davila" (his name), even though the distribution certificate was named "iPhone Distribution: Roomer Inc."
所以我的同事基于一个名为“Jorge Davila”(他的名字)的私钥创建了一个分发证书,即使分发证书被命名为“iPhone Distribution: Roomer Inc.”。
When he searched for "Roomer" in Keychain Access, the correct one was NOT displayed in the search results because the key this certificate was created from was named "Jorge Davila" not "Roomer". Thus, he was exporting the wrong certificate and didn't realize because there were others (some expired) with that name.
当他在 Keychain Access 中搜索“Roomer”时,搜索结果中没有显示正确的一个,因为创建此证书的密钥被命名为“Jorge Davila”而不是“Roomer”。因此,他导出了错误的证书并且没有意识到,因为还有其他(一些已过期)具有该名称。
Here's how the correct one looks:
以下是正确的外观:
This is a relatively nuanced problem with the UX of Keychain Access and the fact that the search tool doesn't give you the results you expect it to. I am posting this answer in the hope that others may find it useful.
这是 Keychain Access 的 UX 的一个相对细微的问题,而且搜索工具不会为您提供您期望的结果。我发布这个答案是希望其他人可能会觉得它有用。
