George Garside Blog

A place of many ramblings about macOS and development. If you find something useful on here, it's probably an accident.

macOS security frameworks use error codes in response to various states. These error codes will be shown by Keychain Access or the security tool in Terminal. Error numbers and descriptions are enumerated in this table.

CodeDescription
0No error.
-4Function or operation not implemented.
-34The disk is full.
-36I/O error.
-49File already open with write permission.
-50One or more parameters passed to a function were not valid.
-61Write permissions error.
-108Failed to allocate memory.
-128User canceled the operation.
-192A required resource could not be found.
-193A required resource is missing or damaged.
-673The specified location (URL) is an unknown type, or does not contain enough information.
-674A helper application to open the specified URL could not be found.
-909Bad parameter or invalid state for operation.
-1854The location (URL) of this item is missing or improperly formatted.
-2070errSecInternalComponent
-4960errSecCoreFoundationUnknown
-5000Access to this item was denied.
-5023Authentication failed. The password for this server may have changed since the item was added to the keychain.
-5046This AppleShare IP server is configured to not allow users to save passwords for automatic login. Contact the server administrator for more information.
-9800SSL protocol error
-9801Cipher Suite negotiation failure
-9802Fatal alert
-9803I/O would block (not fatal)
-9804attempt to restore an unknown session
-9805connection closed gracefully
-9806connection closed via error
-9807invalid certificate chain
-9808bad certificate format
-9809underlying cryptographic error
-9810Internal error
-9811module attach failure
-9812valid cert chain, untrusted root
-9813cert chain not verified by root
-9814chain had an expired cert
-9815chain had a cert not yet valid
-9816server closed session with no notification
-9817insufficient buffer provided
-9818bad SSLCipherSuite
-9819unexpected message received
-9820bad MAC
-9821decryption failed
-9822record overflow
-9823decompression failure
-9824handshake failure
-9825misc. bad certificate
-9826bad unsupported cert format
-9827certificate revoked
-9828certificate expired
-9829unknown certificate
-9830illegal parameter
-9831unknown Cert Authority
-9832access denied
-9833decoding error
-9834decryption error
-9835export restriction
-9836bad protocol version
-9837insufficient security
-9838internal error
-9839user canceled
-9840no renegotiation allowed
-9841peer cert is valid, or was ignored if verification disabled
-9842server has requested a client cert
-9843peer host name mismatch
-9844peer dropped connection before responding
-9845decryption failure
-9846bad MAC
-9847record overflow
-9848configuration error
-9849unexpected (skipped) record in DTLS
-9850weak ephemeral dh key
-9851SNI
-9852transport (socket) shutdown, e.g., TCP RST or FIN.
-9853network timeout triggered
-9854TLS configuration failed
-9855unsupported TLS extension
-9856peer rejected unexpected message
-9857decompression failed
-9858handshake failed
-9859decode failed
-9860inappropriate fallback
-9861missing extension
-9862bad OCSP response
-9863certificate required
-9864unknown PSK identity
-9865unknown or unrecognized name
-9880ATS violation
-9881ATS violation: minimum protocol version is not ATS compliant
-9882ATS violation: selected ciphersuite is not ATS compliant
-9883ATS violation: peer key size is not ATS compliant
-9884ATS violation: peer leaf certificate hash algorithm is not ATS compliant
-9885ATS violation: peer certificate hash algorithm is not ATS compliant
-9886ATS violation: peer certificate is not issued by trusted peer
-25240The specified access control list is not in standard (simple) form.
-25241The specified policy cannot be found.
-25242The specified trust setting is invalid.
-25243The specified item has no access control.
-25244Invalid attempt to change the owner of this item.
-25245No trust results are available.
-25256Import/Export format unsupported.
-25257Unknown format in import.
-25258Key material must be wrapped for export.
-25259An attempt was made to import multiple private keys.
-25260Passphrase is required for import/export.
-25261The password reference was invalid.
-25262The Trust Settings Record was corrupted.
-25263No Trust Settings were found.
-25264MAC verification failed during PKCS12 import (wrong password?)
-25291No keychain is available. You may need to restart your computer.
-25292This keychain cannot be modified.
-25293The user name or passphrase you entered is not correct.
-25294The specified keychain could not be found.
-25295The specified keychain is not a valid keychain file.
-25296A keychain with the same name already exists.
-25297The specified callback function is already installed.
-25298The specified callback function is not valid.
-25299The specified item already exists in the keychain.
-25300The specified item could not be found in the keychain.
-25301There is not enough memory available to use the specified item.
-25302This item contains information which is too large or in a format that cannot be displayed.
-25303The specified attribute does not exist.
-25304The specified item is no longer valid. It may have been deleted from the keychain.
-25305Unable to search the current keychain.
-25306The specified item does not appear to be a valid keychain item.
-25307A default keychain could not be found.
-25308User interaction is not allowed.
-25309The specified attribute could not be modified.
-25310This keychain was created by a different version of the system software and cannot be opened.
-25311This item specifies a key size which is too large or too small.
-25312A required component (data storage module) could not be loaded. You may need to restart your computer.
-25313A required component (certificate module) could not be loaded. You may need to restart your computer.
-25314A required component (policy module) could not be loaded. You may need to restart your computer.
-25315User interaction is required, but is currently not allowed.
-25316The contents of this item cannot be retrieved.
-25317The contents of this item cannot be modified.
-25318One or more certificates required to validate this certificate cannot be found.
-25319The specified preferences domain is not valid.
-25320In dark wake, no UI possible
-26267A certificate was not signed by its proposed parent.
-26275Unable to decode the provided data.
-34018A required entitlement isn’t present.
-60001The authorization rights are invalid.
-60002The authorization reference is invalid.
-60003The authorization tag is invalid.
-60004The returned authorization is invalid.
-60005The authorization was denied.
-60006The authorization was canceled by the user.
-60007The authorization was denied since no user interaction was possible.
-60008Unable to obtain authorization for this operation.
-60009The authorization is not allowed to be converted to an external format.
-60010The authorization is not allowed to be created from an external format.
-60011The provided option flag(s) are invalid for this authorization operation.
-60031The specified program could not be executed.
-60032An invalid status was returned during execution of a privileged tool.
-60033The requested socket address is invalid (must be 0-1023 inclusive).
-66992notarization indicates this code has been revoked
-66993an invalid runtime version was explicitly set
-66994invalid entitlement plist
-66995the image contains multiple executable segments
-66996signature is valid but signer is not trusted
-66997a Team Identifier is wrong or inappropriate
-66998a Team Identifier string is invalid
-66999resource fork, Finder information, or similar detritus not allowed
-67000a requested signature digest algorithm is not supported
-67001disk image format unrecognized, invalid, or unsuitable
-67002the code is valid but does not seem to be an app
-67003invalid destination for symbolic link in bundle
-67004code is too big for current signing format
-67005invalid platform identifier or platform mismatch
-67006operation was terminated by explicit cancelation
-67007resource envelope is obsolete (version 1 signature)
-67008unsealed contents present in the root directory of an embedded framework
-67009embedded framework contains modified or invalid version
-67010main executable failed strict validation
-67011bundle format is ambiguous (could be app or framework)
-67012.DS_Store files cannot be a symlink
-67013resource envelope is obsolete (custom omit rules)
-67014unsealed contents present in the bundle root
-67015the main executable or Info.plist must be a regular file (no symlinks, etc.)
-67016unsupported resource found (something not a directory, file or symlink)
-67017library validation flag cannot be used with an i386 binary
-67018errSecCSVetoed
-67019the codesign_allocate helper tool cannot be found or used
-67020monitor callback returned invalid value
-67021nested code is modified or invalid
-67022nested code is unsigned
-67023invalid resource directory (directory or signature have been modified)
-67024a system database or file is corrupt
-67025presented data is out of date
-67026File created by an AppSandbox, exec/open not allowed
-67027no matches for search or update operation
-67028bundle format unrecognized, invalid, or unsuitable
-67029the code has no main executable file
-67030invalid Info.plist (plist or signature have been modified)
-67031host returned invalid or inconsistent guest attributes
-67032cannot access a database
-67033permission to use a database denied
-67034the code on disk does not match what is running
-67035host protocol violation – invalid guest hash
-67036signature too large to embed (size limitation of on-disk representation)
-67037operation inapplicable or not supported for this type of code
-67039host protocol violation – the given guest is not a guest of the given host
-67040host protocol violation – invalid guest state change request
-67041host protocol violation – proxy hosting not engaged
-67042host protocol violation – operation not allowed with/for a dedicated guest
-67043host protocol violation – contradictory hosting modes
-67044host protocol violation – absolute guest path required
-67045invalid or unsupported format for signature
-67046attempt to specify guest of code that is not a host
-67047code rejected its host
-67048internal error in Code Signing subsystem
-67049object file format unrecognized, invalid, or unsuitable
-67050code failed to satisfy specified code requirement(s)
-67051unsupported type or version of code requirement(s)
-67052invalid or corrupted code requirement(s)
-67053invalid resource specification rule(s)
-67054a sealed resource is missing or invalid
-67055the sealed resource directory is invalid
-67056code has no resources but signature indicates they must be present
-67057resources are present but not sealed by signature
-67058a required plist file or resource is malformed
-67059unsupported type or version of signature
-67060the code cannot be read by the verifier (file system permissions etc.)
-67061invalid signature (code or signature have been modified)
-67062code object is not signed at all
-67063code identity has been invalidated
-67064ambiguous guest specification (host has multiple guests with these attribute values)
-67065host has no guest with the requested attributes
-67066given attribute values are invalid
-67067cannot locate guests using this attribute set
-67068cannot find code object on disk
-67069a required pointer argument was NULL
-67070invalid or inappropriate API flag(s) specified
-67071invalid API object reference
-67072unimplemented code signing feature
-67585The required service is not available.
-67586The client ID is not correct.
-67587A device reset has occurred.
-67588A device failure has occurred.
-67589Adding an application ACL subject failed.
-67590The public key is incomplete.
-67591A signature mismatch has occurred.
-67592The specified key has an invalid start date.
-67593The specified key has an invalid end date.
-67594A conversion error has occurred.
-67595A SSLv2 rollback error has occurred.
-67596The quota was exceeded.
-67597The file is too big.
-67598The specified database has an invalid blob.
-67599The specified database has an invalid key blob.
-67600The specified database has an incompatible blob.
-67601The specified database has an incompatible key blob.
-67602A host name mismatch has occurred.
-67603There is an unknown critical extension flag.
-67604No basic constraints were found.
-67605No basic CA constraints were found.
-67606The authority key ID is not valid.
-67607The subject key ID is not valid.
-67608The key usage is not valid for the specified policy.
-67609The extended key usage is not valid.
-67610The ID linkage is not valid.
-67611The path length constraint was exceeded.
-67612The root or anchor certificate is not valid.
-67613The CRL has expired.
-67614The CRL is not yet valid.
-67615The CRL was not found.
-67616The CRL server is down.
-67617The CRL has a bad Uniform Resource Identifier.
-67618An unknown certificate extension was encountered.
-67619An unknown CRL extension was encountered.
-67620The CRL is not trusted.
-67621The CRL policy failed.
-67622The issuing distribution point was not valid.
-67623An email address mismatch was encountered.
-67624The appropriate extended key usage for SMIME was not found.
-67625The key usage is not compatible with SMIME.
-67626The key usage extension is not marked as critical.
-67627No email address was found in the certificate.
-67628The subject alternative name extension is not marked as critical.
-67629The appropriate extended key usage for SSL was not found.
-67630The OCSP response was incorrect or could not be parsed.
-67631The OCSP request was incorrect or could not be parsed.
-67632OCSP service is unavailable.
-67633The OCSP server did not recognize this certificate.
-67634An end-of-data was detected.
-67635An incomplete certificate revocation check occurred.
-67636A network failure occurred.
-67637The OCSP response was not trusted to a root or anchor certificate.
-67638The record was modified.
-67639The OCSP response had an invalid signature.
-67640The OCSP response had no signer.
-67641The OCSP responder was given a malformed request.
-67642The OCSP responder encountered an internal error.
-67643The OCSP responder is busy, try again later.
-67644The OCSP responder requires a signature.
-67645The OCSP responder rejected this request as unauthorized.
-67646The OCSP response nonce did not match the request.
-67647Code signing encountered an incorrect certificate chain length.
-67648Code signing found no basic constraints.
-67649Code signing encountered an incorrect path length constraint.
-67650Code signing found no extended key usage.
-67651Code signing indicated use of a development-only certificate.
-67652Resource signing has encountered an incorrect certificate chain length.
-67653Resource signing has encountered an error in the extended key usage.
-67654The trust setting for this policy was set to Deny.
-67655An invalid certificate subject name was encountered.
-67656An unknown qualified certificate statement was encountered.
-67657errSecMobileMeRequestQueued
-67658errSecMobileMeRequestRedirected
-67659errSecMobileMeServerError
-67660errSecMobileMeServerNotAvailable
-67661errSecMobileMeServerAlreadyExists
-67662errSecMobileMeServerServiceErr
-67663errSecMobileMeRequestAlreadyPending
-67664errSecMobileMeNoRequestPending
-67665errSecMobileMeCSRVerifyFailure
-67666errSecMobileMeFailedConsistencyCheck
-67667A function was called without initializing CSSM.
-67668The CSSM handle does not match with the service type.
-67669A reference to the calling module was not found in the list of authorized callers.
-67670A function address was not within the verified module.
-67671An internal error has occurred.
-67672A memory error has occurred.
-67673Invalid data was encountered.
-67674A Module Directory Service error has occurred.
-67675An invalid pointer was encountered.
-67676Self-check has failed.
-67677A function has failed.
-67678A module manifest verification failure has occurred.
-67679An invalid GUID was encountered.
-67680An invalid handle was encountered.
-67681An invalid DB list was encountered.
-67682An invalid passthrough ID was encountered.
-67683An invalid network address was encountered.
-67684The certificate revocation list is already signed.
-67685An invalid number of fields were encountered.
-67686A verification failure occurred.
-67687An unknown tag was encountered.
-67688An invalid signature was encountered.
-67689An invalid name was encountered.
-67690An invalid certificate reference was encountered.
-67691An invalid certificate group was encountered.
-67692The specified tag was not found.
-67693The specified query was not valid.
-67694An invalid value was detected.
-67695A callback has failed.
-67696An ACL delete operation has failed.
-67697An ACL replace operation has failed.
-67698An ACL add operation has failed.
-67699An ACL change operation has failed.
-67700Invalid access credentials were encountered.
-67701An invalid record was encountered.
-67702An invalid ACL was encountered.
-67703An invalid sample value was encountered.
-67704An incompatible version was encountered.
-67705The privilege was not granted.
-67706An invalid scope was encountered.
-67707The PVC is already configured.
-67708An invalid PVC was encountered.
-67709The EMM load has failed.
-67710The EMM unload has failed.
-67711The add-in load operation has failed.
-67712An invalid key was encountered.
-67713An invalid key hierarchy was encountered.
-67714The add-in unload operation has failed.
-67715A library reference was not found.
-67716An invalid add-in function table was encountered.
-67717An invalid service mask was encountered.
-67718A module was not loaded.
-67719An invalid subservice ID was encountered.
-67720An attribute was not in the context.
-67721A module failed to initialize.
-67722A module was not found.
-67723An event notification callback was not found.
-67724An input length error was encountered.
-67725An output length error was encountered.
-67726The privilege is not supported.
-67727A device error was encountered.
-67728The CSP handle was busy.
-67729You are not logged in.
-67730An algorithm mismatch was encountered.
-67731The key usage is incorrect.
-67732The key blob type is incorrect.
-67733The key header is inconsistent.
-67734The key header format is not supported.
-67735The key size is not supported.
-67736The key usage mask is not valid.
-67737The key usage mask is not supported.
-67738The key attribute mask is not valid.
-67739The key attribute mask is not supported.
-67740The key label is not valid.
-67741The key label is not supported.
-67742The key format is not valid.
-67743The vector of buffers is not supported.
-67744The input vector is not valid.
-67745The output vector is not valid.
-67746An invalid context was encountered.
-67747An invalid algorithm was encountered.
-67748A key attribute was not valid.
-67749A key attribute was missing.
-67750An init vector attribute was not valid.
-67751An init vector attribute was missing.
-67752A salt attribute was not valid.
-67753A salt attribute was missing.
-67754A padding attribute was not valid.
-67755A padding attribute was missing.
-67756A random number attribute was not valid.
-67757A random number attribute was missing.
-67758A seed attribute was not valid.
-67759A seed attribute was missing.
-67760A passphrase attribute was not valid.
-67761A passphrase attribute was missing.
-67762A key length attribute was not valid.
-67763A key length attribute was missing.
-67764A block size attribute was not valid.
-67765A block size attribute was missing.
-67766An output size attribute was not valid.
-67767An output size attribute was missing.
-67768The number of rounds attribute was not valid.
-67769The number of rounds attribute was missing.
-67770An algorithm parameters attribute was not valid.
-67771An algorithm parameters attribute was missing.
-67772A label attribute was not valid.
-67773A label attribute was missing.
-67774A key type attribute was not valid.
-67775A key type attribute was missing.
-67776A mode attribute was not valid.
-67777A mode attribute was missing.
-67778An effective bits attribute was not valid.
-67779An effective bits attribute was missing.
-67780A start date attribute was not valid.
-67781A start date attribute was missing.
-67782An end date attribute was not valid.
-67783An end date attribute was missing.
-67784A version attribute was not valid.
-67785A version attribute was missing.
-67786A prime attribute was not valid.
-67787A prime attribute was missing.
-67788A base attribute was not valid.
-67789A base attribute was missing.
-67790A subprime attribute was not valid.
-67791A subprime attribute was missing.
-67792An iteration count attribute was not valid.
-67793An iteration count attribute was missing.
-67794A database handle attribute was not valid.
-67795A database handle attribute was missing.
-67796An access credentials attribute was not valid.
-67797An access credentials attribute was missing.
-67798A public key format attribute was not valid.
-67799A public key format attribute was missing.
-67800A private key format attribute was not valid.
-67801A private key format attribute was missing.
-67802A symmetric key format attribute was not valid.
-67803A symmetric key format attribute was missing.
-67804A wrapped key format attribute was not valid.
-67805A wrapped key format attribute was missing.
-67806A staged operation is in progress.
-67807A staged operation was not started.
-67808A cryptographic verification failure has occurred.
-67809The query size is unknown.
-67810A block size mismatch occurred.
-67811The public key was inconsistent.
-67812A device verification failure has occurred.
-67813An invalid login name was detected.
-67814The user is already logged in.
-67815An invalid digest algorithm was detected.
-67816An invalid CRL group was detected.
-67817The certificate cannot operate.
-67818An expired certificate was detected.
-67819The certificate is not yet valid.
-67820The certificate was revoked.
-67821The certificate was suspended.
-67822Insufficient credentials were detected.
-67823The action was not valid.
-67824The authority was not valid.
-67825A verify action has failed.
-67826The certificate authority was not valid.
-67827The CRL authority was not valid.
-67828The CRL encoding was not valid.
-67829The CRL type was not valid.
-67830The CRL was not valid.
-67831The form type was not valid.
-67832The ID was not valid.
-67833The identifier was not valid.
-67834The index was not valid.
-67835The policy identifiers are not valid.
-67836The time specified was not valid.
-67837The trust policy reason was not valid.
-67838The request inputs are not valid.
-67839The response vector was not valid.
-67840The stop-on policy was not valid.
-67841The tuple was not valid.
-67842Multiple values are not supported.
-67843The certificate was not trusted.
-67844No default authority was detected.
-67845The trust policy had a rejected form.
-67846The request was lost.
-67847The request was rejected.
-67848The address type is not supported.
-67849The service is not supported.
-67850The tuple group was not valid.
-67851The base ACLs are not valid.
-67852The tuple credentials are not valid.
-67853The encoding was not valid.
-67854The validity period was not valid.
-67855The requestor was not valid.
-67856The request descriptor was not valid.
-67857The bundle information was not valid.
-67858The CRL index was not valid.
-67859No field values were detected.
-67860The field format is not supported.
-67861The index information is not supported.
-67862The locality is not supported.
-67863The number of attributes is not supported.
-67864The number of indexes is not supported.
-67865The number of record types is not supported.
-67866Too many fields were specified.
-67867The field format was incompatible.
-67868The parsing module was not valid.
-67869The database is locked.
-67870The data store is open.
-67871A missing value was detected.
-67872The query limits are not supported.
-67873The number of selection predicates is not supported.
-67874The operator is not supported.
-67875The database location is not valid.
-67876The access request is not valid.
-67877The index information is not valid.
-67878The new owner is not valid.
-67879The modify mode is not valid.
-67880A required certificate extension is missing.
-67881The extended key usage extension was not marked critical.
-67882A timestamp was expected but was not found.
-67883The timestamp was not valid.
-67884The timestamp was not trusted.
-67885The timestamp service is not available.
-67886An unrecognized or unsupported Algorithm Identifier in timestamp.
-67887The timestamp transaction is not permitted or supported.
-67888The timestamp data submitted has the wrong format.
-67889The time source for the Timestamp Authority is not available.
-67890The requested policy is not supported by the Timestamp Authority.
-67891The requested extension is not supported by the Timestamp Authority.
-67892The additional information requested is not available.
-67893The timestamp request cannot be handled due to system failure.
-67894A signing time was expected but was not found.
-67895A timestamp transaction was rejected.
-67896A timestamp transaction is waiting.
-67897A timestamp authority revocation warning was issued.
-67898A timestamp authority revocation notification was issued.
-67899The requested policy is not allowed for this certificate.
-67900The requested name is not allowed for this certificate.
-67901The validity period in the certificate exceeds the maximum allowed.

Leave a Reply

No comments