Show Menu

Need an iOS Developer?

Submit your 30 day Job Listing for FREE

This quick iOS Application Development tip will show you How to get SecKeyRefM from base64 coded string, which for iOS 7 utilises: initWithBase64EncodedString::options

So, let’s assume that you have a base64 coded public key, like:


The first thing that you must do, is base64 decode your NSString to NSData: Check out this StackOverflow answer for a solution to this . If you are developing for iOS 7, which by now I hope you would be then you can use this: initWithBase64EncodedString::options

Once you have the string decoded as NSData, you can attempt to create a certificate from it. The format of the certificate you received matters – you can use DER (which is common) or PKCS12. You’re likely to be getting it as DER, so that’s what I’ll assume you need guidance on.

Create a certificate and policy:

SecCertificateRef   cert    = NULL;
SecPolicyRef        policy  = NULL;

cert = SecCertificateCreateWithData(kCFAllocatorDefault, data);
policy = SecPolicyCreateBasicX509();

If the certificate data was in an incorrect format when passed toSecCertificateCreateWithData you will get a NULL result.

At this point you have the certificate, but not the public key. To obtain the public key you must create a trust reference and evaluate the trust of the certificate .

OSStatus        status      = noErr;
SecKeyRef       *publicKey  = NULL;
SecTrustRef     trust       = NULL;
SecTrustResultType  trustType   = kSecTrustResultInvalid;

if (cert != NULL){
    SecCertificateRef   certArray[1] = {cert};
    certs = CFArrayCreate(kCFAllocatorDefault, (void *)certArray, 1, NULL);
    status = SecTrustCreateWithCertificates(certs, policy, &trust);

    if (status == errSecSuccess){
        status = SecTrustEvaluate(trust, &trustType);

        // Evaulate the trust.
        switch (trustType) {
            case kSecTrustResultInvalid:
            case kSecTrustResultConfirm:
            case kSecTrustResultDeny:
            case kSecTrustResultUnspecified:
            case kSecTrustResultFatalTrustFailure:
            case kSecTrustResultOtherError:
            case kSecTrustResultRecoverableTrustFailure:
                *publicKey = SecTrustCopyPublicKey(trust);
            case kSecTrustResultProceed:
                *publicKey = SecTrustCopyPublicKey(trust);


If everything goes well, then you should now have a populated SecKeyRef with the public key. If it didn’t go well, you will have a NULL SecKeyRef and an OSStatus indicating what went wrong. SecBase.h in the Security framework gives more detailed information on those error codes.

Now that you have your SecKeyRef with a public key, using it to encrypt data with a corresponding private key is covered well by the: programming guide

Note, that you will have to release the things you allocated above (policy, certs) using ARC or CFRelease.

having issues?

We have a Questions and Answer section where you can ask your iOS Development questions to thousands of iOS Developers.

Ask Question

FREE Download!

Get your FREE Swift 2 Cheat Sheet and quick reference guide PDF download when you sign up to SwiftMonthly

Sharing is caring

If you enjoyed this tutorial, please help us and others by sharing using one of the social media buttons below.

Written by:

I work in the shadows. You can thank me by being a good soul.