5/15/2019 - 12:50 PM

Useful resources for working with iOS/ macOS Keychain API

Keychain API

Protection Domain (pdmn)	Keychain Accessibility Values
`ck`	`kSecAttrAccessibleAfterFirstUnlock`
`cku`	`kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly`
`dk`	`kSecAttrAccessibleAlways`
`akpu`	`kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly`
`dku`	`kSecAttrAccessibleAlwaysThisDeviceOnly`
`ak`	`kSecAttrAccessibleWhenUnlocked`
`aku`	`kSecAttrAccessibleWhenUnlockedThisDeviceOnly`

Source(s):

In the iOS keychain, all the keychain items are stored in 4 tables

Table	kSecClass
`genp`	`kSecClassGenericPassword`
`inet`	`kSecClassInternetPassword`
`cert`	`kSecClassCertificate`
`key`	`kSecClassKey`

kSecClassIdentity = kSecClassCertificate + kSecClassKey

Keychain tables column names mapped to the corresponding keychain item class attributes

Column	Attribute	Description
`cdat`	`kSecAttrCreationDate`	Item creation date in Unix epoch time format
`mdat`	`kSecAttrModificationDate`	Item modification date in Unix epoch time format
`desc`	`kSecAttrDescription`	User visible string that describes the item
`icmt`	`kSecAttrComment`	User editable comment for the item
`crtr`	`kSecAttrCreator`	Application created (4 char) code
`type`	`kSecAttrType`	Item type
`scrp`	`kSecAttrScriptCode`	String script code (such as encoding type)
`labl`	`kSecAttrLabel`	Label to be displayed to the user (print name)
`alis`	`kSecAttrAlias`	Item alias
`invi`	`kSecAttrIsInvisible`	Invisible
`nega`	`kSecAttrIsNegative`	Invalid item
`cusi`	`kSecAttrHasCustomIcon`	Existence of application specific icon (Boolean)
`prot`	`kSecProtectedDataItemAttr`	? Item’s data is protected (Boolean)
`acct`	`kSecAttrAccount`	Account key (such as user id)
`svce`	`kSecAttrService`	Service name (such as Application identifier)
`gena`	`kSecAttrGeneric`	User defined attribute
`data`	`kSecValueData`	Actual data (such as password, crypto key…)
`agrp`	`kSecAttrAccessGroup`	Keychain access group
`pdmn`	`kSecAttrAccessible`	Access restrictions (Data protection classes)

Source(s):