Keychain items

Overview

When you want to store a secret such as a password or cryptographic key, you package it as a keychain item. Along with the data itself, you provide a set of publicly visible attributes both to control the item’s accessibility and to make it searchable. As shown in Figure 1, keychain services handles data encryption and storage (including data attributes) in a keychain, which is an encrypted database stored on disk. Later, authorized processes use keychain services to find the item and decrypt its data.

[Image]

Topics

Essentials

• Using the keychain to manage user secrets
• TN3137: On Mac keychain APIs and implementations
• SecKeychainItem
• SecKeychainItemGetTypeID()

Adding keychain items

• Adding a password to the keychain
• SecItemAdd(_:_:)
• Item class keys and values
• Item attribute keys and values

Keychain item search

• Searching for keychain items
• SecItemCopyMatching(_:_:)
• Search attribute keys and values
• Item return result keys

Keychain item modification

• Updating and deleting keychain items
• SecItemUpdate(_:_:)
• SecItemDelete(_:)

Keychain item access

• Sharing access to keychain items among a collection of apps
• Keychain Access Groups Entitlement
• Restricting keychain item accessibility
• SecAccessControlCreateWithFlags(_:_:_:_:)
• SecAccessControlCreateFlags
• SecAccessControl
• SecAccessControlGetTypeID()

Import and export

• SecItemImport(_:_:_:_:_:_:_:_:)
• SecItemExport(_:_:_:_:_:)
• SecExternalFormat
• SecExternalItemType
• SecItemImportExportFlags
• SecItemImportExportKeyParameters
• SecKeyImportExportFlags
• SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION
• SecKeyImportExportParameters

Legacy keychain item creation

• SecKeychainItemCreateFromContent(_:_:_:_:_:_:_:)
• SecKeychainItemCreateCopy(_:_:_:_:)
• SecKeychainItemCreatePersistentReference(_:_:)
• SecKeychainItemCopyFromPersistentReference(_:_:)
• SecItemClass

Legacy keychain item management

• SecKeychainItemCopyAttributesAndData(_:_:_:_:_:_:)
• SecKeychainItemModifyAttributesAndData(_:_:_:_:)
• SecKeychainItemFreeAttributesAndData(_:_:)
• SecKeychainItemCopyContent(_:_:_:_:_:)
• SecKeychainItemModifyContent(_:_:_:_:)
• SecKeychainItemFreeContent(_:_:)
• SecKeychainItemCopyKeychain(_:_:)
• SecKeychainItemDelete(_:)
• SecKeychainAttrType
• SecKeychainAttribute
• SecKeychainAttributePtr
• SecKeychainAttributeList

Legacy attribute info

• SecKeychainAttributeInfoForItemID(_:_:_:)
• SecKeychainFreeAttributeInfo(_:)
• SecKeychainAttributeInfo
• SecItemAttr
• Keychain Item Attribute Constants For Keys
• SecAFPServerSignature

Legacy password storage

• SecKeychainAddInternetPassword(_:_:_:_:_:_:_:_:_:_:_:_:_:_:_:)
• SecKeychainFindInternetPassword(_:_:_:_:_:_:_:_:_:_:_:_:_:_:_:)
• SecKeychainAddGenericPassword(_:_:_:_:_:_:_:_:)
• SecKeychainFindGenericPassword(_:_:_:_:_:_:_:_:)
• SecProtocolType
• SecAuthenticationType
• SecPassword