Keychain

public class Keychain

General class for interacting with the Keychain and Secure Enclave.

  • Accessibility of keychain item.

    See more

    Declaration

    Swift

    public enum AccessibleProtection
  • The accessGroup allows multiple apps (including extensions) in the same team to share the same Keychain.

    Declaration

    Swift

    public let accessGroup: String
  • Init with accessGroup. The accessGroup allows multiple apps (including extensions) in the same team to share the same Keychain.

    Declaration

    Swift

    public init(accessGroup: String)

    Parameters

    accessGroup

    The access group should be an App Group on the developer account.

  • Save a value to the Keychain.

    Declaration

    Swift

    public func saveValue(name: String,
                          value: String,
                          service: String,
                          protection: AccessibleProtection = .afterFirstUnlockThisDeviceOnly,
                          bioFactor: BioFactor = .none) -> Bool

    Parameters

    name

    The name associated with this item.

    value

    The value to save as String.

    service

    The service associated with this item.

    protection

    The device status protection level associated with this item.

    bioFactor

    The biometric presence factor associated with this item.

    Return Value

    True if saved, otherwise false.

  • Save a value to the Keychain.

    Declaration

    Swift

    public func saveValue(name: String,
                          value: Data,
                          service: String,
                          protection: AccessibleProtection = .afterFirstUnlockThisDeviceOnly,
                          bioFactor: BioFactor = .none) -> Bool

    Parameters

    name

    The name associated with this item.

    value

    The value to save as Data.

    service

    The service associated with this item.

    protection

    The device status protection level associated with this item.

    bioFactor

    The biometric presence factor associated with this item.

    Return Value

    True if saved, otherwise false.

  • Update a value in the Keychain.

    Declaration

    Swift

    public func updateValue(name: String, value: String, service: String) -> Bool

    Parameters

    name

    The name associated with this item.

    value

    The updated value.

    service

    The service associated with this item.

    Return Value

    True if updated, otherwise false.

  • Update a value in the Keychain.

    Declaration

    Swift

    public func updateValue(name: String, value: Data, service: String) -> Bool

    Parameters

    name

    The name associated with this item.

    value

    The updated value.

    service

    The service associated with this item.

    Return Value

    True if updated, otherwise false.

  • Delete an item from the Keychain.

    Declaration

    Swift

    public func delete(name: String, service: String)

    Parameters

    name

    The name of the item to delete.

    service

    The service associated with this item.

  • Get a value from the Keychain.

    Declaration

    Swift

    public func getValueAsData(name: String, service: String) -> Data?

    Parameters

    name

    The name of the item.

    service

    The service associated with this item.

    Return Value

    The value for the specified item as Data.

  • Get a value from the Keychain.

    Declaration

    Swift

    public func getValue(name: String, service: String) -> String?

    Parameters

    name

    The name of the item.

    service

    The service associated with this item.

    Return Value

    The value for the specified item as String.

  • Get a dictionary of values from the Keychain for the specified service.

    Declaration

    Swift

    public func getValuesAsData(service: String) -> [String : Data]?

    Parameters

    service

    A service name.

    Return Value

    A dictionary of names and Data values for the specified service.

  • Get a dictionary of values from the Keychain for the specified service.

    Declaration

    Swift

    public func getValues(service: String) -> [String : String]?

    Parameters

    service

    A service name.

    Return Value

    A dictionary of names and String values for the specified service.

  • Delete key given the SecKey.

    Declaration

    Swift

    public func deleteKey(secKey: SecKey)

    Parameters

    secKey

    The SecKey to delete.

  • Delete key if public key exists.

    Declaration

    Swift

    public func deleteKey(publicKey: Data)

    Parameters

    publicKey

    The public key of the key to delete.

  • Update label.

    Declaration

    Swift

    public func update(label: String, publicKey: Data)

    Parameters

    label

    The new label value.

    publicKey

    The public key of the key to update.

  • Get elliptic curve key – getting the key from the Keychain given the key is used for testing.

    Declaration

    Swift

    public func getSecKey(key: SecKey) -> SecKey?
  • Get an elliptic curve key given the public key. IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Declaration

    Swift

    public func getEllipticCurveKey(publicKey: Data) -> ECKey?

    Parameters

    publicKey

    The public key.

    Return Value

    An ECKey corresponding to the public key.

  • Get all elliptic curve keys with option to filter by tag. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is an error in the key query.

    Declaration

    Swift

    public func getAllEllipticCurveKeys(tag: String? = nil, label: String? = nil) throws -> [ECKey]

    Parameters

    tag

    The tag to filter by (defaults to nil).

    Return Value

    An array of ECKeys.

  • Get all attributes for elliptic curve keys with option to filter by tag. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is an error in the key query.

    Declaration

    Swift

    public func getAttributesForAllEllipticCurveKeys(tag: String? = nil, label: String? = nil, matchLimitAll: Bool = true) throws -> [[String : Any]]

    Parameters

    tag

    The tag to filter by (defaults to nil).

    Return Value

    An array of ECKeys.

  • Get an elliptic curve keys for the provided application label (for ec keys this is the sha1 hash of the public key) IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is a error getting the key

    Declaration

    Swift

    public func getEllipticCurveKey(applicationLabel: Data) throws -> ECKey

    Parameters

    applicationLabel

    The application label to search for

    Return Value

    An ECKey

  • Get an elliptic curve keys for the provided public key IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is a error getting the key

    Declaration

    Swift

    public func getEllipticCurveKey(publicKey: Data) throws -> ECKey

    Parameters

    publicKey

    The publickey

    Return Value

    An ECKey

  • Get all elliptic curve private Sec Keys. For Secure Enclave private keys, the SecKey is a reference. It’s not posible to export the actual private key data.

    Declaration

    Swift

    public func getAllEllipticCurvePrivateSecKeys(tag: String? = nil) -> [SecKey]?

    Parameters

    tag

    The tag to filter by (defaults to nil).

    Return Value

    An array of SecKeys.

  • Get all elliptic curve keys and return the public keys. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID

    Declaration

    Swift

    public func getAllEllipticCurvePublicSecKeys() -> [SecKey]?

    Return Value

    An array of public SecKeys.

  • Get the private SecKey for the public key if the key exists in the Keychain. Public key data can be in either compressed or uncompressed format. IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Declaration

    Swift

    public func getPrivateSecKey(publicKey: Data) -> SecKey?

    Parameters

    publicKey

    A public key in either compressed or uncompressed format.

    Return Value

    A SecKey.

  • Create a NON-Secure-Enclave elliptic curve private key.

    Declaration

    Swift

    public func createEllipticCurvePrivateKey(isPermanent: Bool = false) -> SecKey?

    Parameters

    isPermanent

    Is the key stored permanently in the Keychain?

    Return Value

    A SecKey.

  • Declaration

    Swift

    public func importExternal(privateKey: Data, tag: String? = nil, label: String?  = nil, // swiftlint:disable:this function_body_length
                               protection: AccessibleProtection = .whenUnlockedThisDeviceOnly,
                               accessFlag: SecAccessControlCreateFlags? = nil) throws -> ECKey
  • Create a new Secure Enclave key.

    Throws

    If a key cannot be created.

    Declaration

    Swift

    public func createSecureEnclaveSecKey(tag: String? = nil, label: String? = nil, accessFlag: SecAccessControlCreateFlags? = nil) throws -> SecKey

    Parameters

    tag

    A tag to associate with this key.

    label

    A label to associate with this key.

    accessFlag

    accessFlag for this key.

    Return Value

    A Secure Enclave SecKey.

  • Create a new elliptic curve key.

    Throws

    If a key cannot be created.

    Declaration

    Swift

    public func createEllipticCurveSecKey(secureEnclave: Bool, tag: String? = nil, label: String? = nil,
                                          protection: AccessibleProtection = .whenUnlockedThisDeviceOnly,
                                          accessFlag: SecAccessControlCreateFlags? = nil) throws -> SecKey

    Parameters

    secureEnclave

    Generate this key in Secure Enclave?

    tag

    A tag to associate with this key.

    label

    A label to associate with this key.

    protection

    Accessibility defaults to whenUnlockedThisDeviceOnly.

    accessFlag

    The accessFlag for this key.

    Return Value

    A SecKey.

  • Create a new elliptic curve key.

    Throws

    If a key cannot be created.

    Declaration

    Swift

    public func createEllipticCurveKey(secureEnclave: Bool, tag: String? = nil, label: String? = nil,
                                       protection: AccessibleProtection = .whenUnlockedThisDeviceOnly,
                                       accessFlag: SecAccessControlCreateFlags? = nil) throws -> ECKey

    Parameters

    secureEnclave

    Generate this key in Secure Enclave?

    tag

    A tag to associate with this key.

    label

    A label to associate with this key.

    protection

    Accessibility defaults to whenUnlockedThisDeviceOnly.

    accessFlag

    The accessFlag for this key.

    Return Value

    An ECKey.

  • Sign if the key is in the Keychain.

    Throws

    If private key is not available.

    Declaration

    Swift

    public func sign(publicKey: Data, data: Data) throws -> Data

    Parameters

    publicKey

    The public key corresponding to a private key to use for signing.

    data

    The data to sign.

    Return Value

    A signature.

  • Sign with Secure Enclave or Keychain.

    Throws

    If an error is encountered attempting to sign.

    Declaration

    Swift

    public func sign(privateKey: SecKey, data: Data) throws -> Data

    Parameters

    privateKey

    The private key to use for signing.

    data

    The data to sign.

    Return Value

    A signature.

  • Decrypt data using SecKeyAlgorithm.eciesEncryptionCofactorVariableIVX963SHA256AESGCM.

    Throws

    If the private key is not found or the message cannot be decrypted.

    Declaration

    Swift

    public func decrypt(publicKey: Data, message: Data) throws -> Data

    Parameters

    publicKey

    The public key corresponding to a private key to use for decrypting.

    message

    The encrypted message.

    Return Value

    The decrypted message.

  • ECKey collects properties into a single object for an elliptic curve key.

    See more

    Declaration

    Swift

    class ECKey