Can't import public key into OSX Keychain

Question

I created a couple of self-signed S/MIME certificates (using OSX Keychain & OpenSSL) and then exported these into 3 files:

• Certificate (.cer)
• Private Key (.p12)
• Public Key (.pem)

When attempting to import these back into another Mac, the Certificate and Private Key imported without any issues. But the Public Key can't be imported.

Instead I get the following error message:

An error has occurred. Unable to import an item.

The contents of this time cannot be retrieved

How can I import the public key? Should it be converted to another format for import?

Answer 1

Its a bug in OSX. You can import from the command line as per this answer:

https://stackoverflow.com/a/11979625/59198

The command is:

security import pub_key.pem -k ~/Library/Keychains/login.keychain

You'll then need to rename the key in keychain.app

Answer 2

The certificate actually contains a copy of the public key (along with a name, and a signature from the certificate authority saying that name and that public key go together). Normally you don't need to deal with the public key as a separate item if you're using a certificate-based system like SMIME. If you wanted to, you could extract a copy of the public key from the certificate using the openssl x509 command.

(I wonder if Keychain is refusing to import the public key because it thinks it already has a copy, in the certificate? Keychain's error messages are usually pretty vague.)

Answer 3

A .p12 file can hold your key pair. You'll be prompted for a password if it contains your private key. Keychain will show the private key in a nested way. If imported correctly it should show under 'My Certificates'.