Keychain

public class Keychain

General class for interacting with the Keychain and Secure Enclave.

Show on GitHub

  • Accessibility of keychain item.

    See more

    Declaration

    Swift

    public enum AccessibleProtection
    Show on GitHub

  • The accessGroup allows multiple apps (including extensions) in the same team to share the same Keychain.

    Declaration

    Swift

    public let accessGroup: String
    Show on GitHub

  • Init with accessGroup. The accessGroup allows multiple apps (including extensions) in the same team to share the same Keychain.

    Declaration

    Swift

    public init(accessGroup: String)

    Parameters

    accessGroup

    The access group should be an App Group on the developer account.
    Show on GitHub

  • Save a value to the Keychain.

    Declaration

    Swift

    public func saveValue(name: String,
                      value: String,
                      service: String,
                      protection: AccessibleProtection = .afterFirstUnlockThisDeviceOnly,
                      bioFactor: BioFactor = .none) -> Bool

    Parameters

    name

    The name associated with this item.
    value

    The value to save as String.
    service

    The service associated with this item.
    protection

    The device status protection level associated with this item.
    bioFactor

    The biometric presence factor associated with this item.

    Return Value

    True if saved, otherwise false.

    Show on GitHub

  • Save a value to the Keychain.

    Declaration

    Swift

    public func saveValue(name: String,
                      value: Data,
                      service: String,
                      protection: AccessibleProtection = .afterFirstUnlockThisDeviceOnly,
                      bioFactor: BioFactor = .none) -> Bool

    Parameters

    name

    The name associated with this item.
    value

    The value to save as Data.
    service

    The service associated with this item.
    protection

    The device status protection level associated with this item.
    bioFactor

    The biometric presence factor associated with this item.

    Return Value

    True if saved, otherwise false.

    Show on GitHub

  • Update a value in the Keychain.

    Declaration

    Swift

    public func updateValue(name: String, value: String, service: String) -> Bool

    Parameters

    name

    The name associated with this item.
    value

    The updated value.
    service

    The service associated with this item.

    Return Value

    True if updated, otherwise false.

    Show on GitHub

  • Update a value in the Keychain.

    Declaration

    Swift

    public func updateValue(name: String, value: Data, service: String) -> Bool

    Parameters

    name

    The name associated with this item.
    value

    The updated value.
    service

    The service associated with this item.

    Return Value

    True if updated, otherwise false.

    Show on GitHub

  • Delete an item from the Keychain.

    Declaration

    Swift

    public func delete(name: String, service: String)

    Parameters

    name

    The name of the item to delete.
    service

    The service associated with this item.
    Show on GitHub

  • Get a value from the Keychain.

    Declaration

    Swift

    public func getValueAsData(name: String, service: String) -> Data?

    Parameters

    name

    The name of the item.
    service

    The service associated with this item.

    Return Value

    The value for the specified item as Data.

    Show on GitHub

  • Get a value from the Keychain.

    Declaration

    Swift

    public func getValue(name: String, service: String) -> String?

    Parameters

    name

    The name of the item.
    service

    The service associated with this item.

    Return Value

    The value for the specified item as String.

    Show on GitHub

  • Get a dictionary of values from the Keychain for the specified service.

    Declaration

    Swift

    public func getValuesAsData(service: String) -> [String : Data]?

    Parameters

    service

    A service name.

    Return Value

    A dictionary of names and Data values for the specified service.

    Show on GitHub

  • Get a dictionary of values from the Keychain for the specified service.

    Declaration

    Swift

    public func getValues(service: String) -> [String : String]?

    Parameters

    service

    A service name.

    Return Value

    A dictionary of names and String values for the specified service.

    Show on GitHub

  • Delete key given the SecKey.

    Declaration

    Swift

    public func deleteKey(secKey: SecKey)

    Parameters

    secKey

    The SecKey to delete.
    Show on GitHub

  • Delete key if public key exists.

    Declaration

    Swift

    public func deleteKey(publicKey: Data)

    Parameters

    publicKey

    The public key of the key to delete.
    Show on GitHub

  • Update label.

    Declaration

    Swift

    public func update(label: String, publicKey: Data)

    Parameters

    label

    The new label value.
    publicKey

    The public key of the key to update.
    Show on GitHub

  • Get elliptic curve key – getting the key from the Keychain given the key is used for testing.

    Declaration

    Swift

    public func getSecKey(key: SecKey) -> SecKey?
    Show on GitHub

  • Get an elliptic curve key given the public key. IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Declaration

    Swift

    public func getEllipticCurveKey(publicKey: Data) -> ECKey?

    Parameters

    publicKey

    The public key.

    Return Value

    An ECKey corresponding to the public key.

    Show on GitHub

  • Get all elliptic curve keys with option to filter by tag. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is an error in the key query.

    Declaration

    Swift

    public func getAllEllipticCurveKeys(tag: String? = nil, label: String? = nil) throws -> [ECKey]

    Parameters

    tag

    The tag to filter by (defaults to nil).

    Return Value

    An array of ECKeys.

    Show on GitHub

  • Get all attributes for elliptic curve keys with option to filter by tag. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is an error in the key query.

    Declaration

    Swift

    public func getAttributesForAllEllipticCurveKeys(tag: String? = nil, label: String? = nil, matchLimitAll: Bool = true) throws -> [[String : Any]]

    Parameters

    tag

    The tag to filter by (defaults to nil).

    Return Value

    An array of ECKeys.

    Show on GitHub

  • Get an elliptic curve keys for the provided application label (for ec keys this is the sha1 hash of the public key) IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is a error getting the key

    Declaration

    Swift

    public func getEllipticCurveKey(applicationLabel: Data) throws -> ECKey

    Parameters

    applicationLabel

    The application label to search for

    Return Value

    An ECKey

    Show on GitHub

  • Get an elliptic curve keys for the provided public key IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Throws

    If there is a error getting the key

    Declaration

    Swift

    public func getEllipticCurveKey(publicKey: Data) throws -> ECKey

    Parameters

    publicKey

    The publickey

    Return Value

    An ECKey

    Show on GitHub

  • Get all elliptic curve private Sec Keys. For Secure Enclave private keys, the SecKey is a reference. It’s not posible to export the actual private key data.

    Declaration

    Swift

    public func getAllEllipticCurvePrivateSecKeys(tag: String? = nil) -> [SecKey]?

    Parameters

    tag

    The tag to filter by (defaults to nil).

    Return Value

    An array of SecKeys.

    Show on GitHub

  • Get all elliptic curve keys and return the public keys. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID

    Declaration

    Swift

    public func getAllEllipticCurvePublicSecKeys() -> [SecKey]?

    Return Value

    An array of public SecKeys.

    Show on GitHub

  • Get the private SecKey for the public key if the key exists in the Keychain. Public key data can be in either compressed or uncompressed format. IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID

    Declaration

    Swift

    public func getPrivateSecKey(publicKey: Data) -> SecKey?

    Parameters

    publicKey

    A public key in either compressed or uncompressed format.

    Return Value

    A SecKey.

    Show on GitHub

  • Create a NON-Secure-Enclave elliptic curve private key.

    Declaration

    Swift

    public func createEllipticCurvePrivateKey(isPermanent: Bool = false) -> SecKey?

    Parameters

    isPermanent

    Is the key stored permanently in the Keychain?

    Return Value

    A SecKey.

    Show on GitHub

  • Declaration

    Swift

    public func importExternal(privateKey: Data, tag: String? = nil, label: String?  = nil, // swiftlint:disable:this function_body_length
                           protection: AccessibleProtection = .whenUnlockedThisDeviceOnly,
                           accessFlag: SecAccessControlCreateFlags? = nil) throws -> ECKey
    Show on GitHub

  • Create a new Secure Enclave key.

    Throws

    If a key cannot be created.

    Declaration

    Swift

    public func createSecureEnclaveSecKey(tag: String? = nil, label: String? = nil, accessFlag: SecAccessControlCreateFlags? = nil) throws -> SecKey

    Parameters

    tag

    A tag to associate with this key.
    label

    A label to associate with this key.
    accessFlag

    accessFlag for this key.

    Return Value

    A Secure Enclave SecKey.

    Show on GitHub

  • Create a new elliptic curve key.

    Throws

    If a key cannot be created.

    Declaration

    Swift

    public func createEllipticCurveSecKey(secureEnclave: Bool, tag: String? = nil, label: String? = nil,
                                      protection: AccessibleProtection = .whenUnlockedThisDeviceOnly,
                                      accessFlag: SecAccessControlCreateFlags? = nil) throws -> SecKey

    Parameters

    secureEnclave

    Generate this key in Secure Enclave?
    tag

    A tag to associate with this key.
    label

    A label to associate with this key.
    protection

    Accessibility defaults to whenUnlockedThisDeviceOnly.
    accessFlag

    The accessFlag for this key.

    Return Value

    A SecKey.

    Show on GitHub

  • Create a new elliptic curve key.

    Throws

    If a key cannot be created.

    Declaration

    Swift

    public func createEllipticCurveKey(secureEnclave: Bool, tag: String? = nil, label: String? = nil,
                                   protection: AccessibleProtection = .whenUnlockedThisDeviceOnly,
                                   accessFlag: SecAccessControlCreateFlags? = nil) throws -> ECKey

    Parameters

    secureEnclave

    Generate this key in Secure Enclave?
    tag

    A tag to associate with this key.
    label

    A label to associate with this key.
    protection

    Accessibility defaults to whenUnlockedThisDeviceOnly.
    accessFlag

    The accessFlag for this key.

    Return Value

    An ECKey.

    Show on GitHub

  • Sign if the key is in the Keychain.

    Throws

    If private key is not available.

    Declaration

    Swift

    public func sign(publicKey: Data, data: Data) throws -> Data

    Parameters

    publicKey

    The public key corresponding to a private key to use for signing.
    data

    The data to sign.

    Return Value

    A signature.

    Show on GitHub

  • Sign with Secure Enclave or Keychain.

    Throws

    If an error is encountered attempting to sign.

    Declaration

    Swift

    public func sign(privateKey: SecKey, data: Data) throws -> Data

    Parameters

    privateKey

    The private key to use for signing.
    data

    The data to sign.

    Return Value

    A signature.

    Show on GitHub

  • Decrypt data using SecKeyAlgorithm.eciesEncryptionCofactorVariableIVX963SHA256AESGCM.

    Throws

    If the private key is not found or the message cannot be decrypted.

    Declaration

    Swift

    public func decrypt(publicKey: Data, message: Data) throws -> Data

    Parameters

    publicKey

    The public key corresponding to a private key to use for decrypting.
    message

    The encrypted message.

    Return Value

    The decrypted message.

    Show on GitHub

  • ECKey collects properties into a single object for an elliptic curve key.

    See more

    Declaration

    Swift

    class ECKey
    Show on GitHub