Cannot Get Private Key of Identity

[qbasicer]

If I enumerate the identities available like:

v = Keychain::Scope.new(Sec::Classes::IDENTITY)

v.all.each{|identity|
    if (this_is_the_cert) then
        identity.private_key.export("", :kSecFormatPEMSequence
    end
end

The export here generates:

[...]/ruby-keychain-0.1.2/lib/keychain/sec.rb:191:in `check_osstatus': The contents of this item cannot be retrieved. (-25316) (Keychain::Error)

Oddly, if I enumerate keys (Sec::Classes::KEY), then I can export it. In my Keychain Access, I see the certificate (under My Certificates), with an expand error that shows my key. That key has a label (I'm not sure where this comes from). In keys, there's an expand arrow that shows my certificate.

I cannot figure out how to get a private key from a given certificate (and vice versa). I could go through all the keys and export them and compare the public keys to the certificate's public key, but every time I export() a key, I have to input my password.

I also wish I could get the public key directly from the Key class, or that the private_key method on the Identity and Certificate classes worked.

[fcheung]

I'm not that familiar with how the underlying api for certificates / identities works. Any ideas @cifs?