I'm developing an application for IPhone that needs a certificate to call some services, so I'm adding a certificate to my keychain doing this:

 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certificadoData);
 NSMutableDictionary *dictionary = [[NSMutableDictionary alloc] init];
 [dictionary setObject:(__bridge id)kSecClassCertificate forKey:(__bridge id)kSecClass];
 [dictionary setObject:(__bridge id)(cert) forKey:(__bridge id<NSCopying>)(kSecValueRef)];
 OSStatus status = SecItemAdd((__bridge CFDictionaryRef)dictionary, NULL);

When I list all the kSecClassIdentity before this code, the result is none and, after this code, the return are two identities and one certificate. When I tried to use the identities, one is working correctly but the other don't. Why the SecItemAdd is creating two kSecClassIdentity for one kSecClassCertificate? And how I can identify the correct one?

I just had to solve this issue and from my reaserch the issue is that one of the identities contains private key and the other one contains public key.

So when you're trying to retrieve the identity you have to add

value: kSecAttrKeyClassPrivate / kSecAttrKeyClassPublic
key: kSecAttrKeyClass

to the dictionary used as filter in SecItemCopyMatching e.g.:

NSMutableDictionary *filterDictionary = [NSMutableDictionary dictionaryWithObjectsAndKeys:
                                             (__bridge id)kSecClassIdentity, kSecClass,
                                             kSecMatchLimitAll,              kSecMatchLimit,
                                             kCFBooleanTrue,                 kSecReturnRef,
                                             kSecAttrKeyClassPrivate,        kSecAttrKeyClass,
                                             nil];