Keychain
public class Keychain
General class for interacting with the Keychain and Secure Enclave.
-
Accessibility of keychain item.
See moreDeclaration
Swift
public enum AccessibleProtection
-
The accessGroup allows multiple apps (including extensions) in the same team to share the same Keychain.
Declaration
Swift
public let accessGroup: String
-
Init with accessGroup. The accessGroup allows multiple apps (including extensions) in the same team to share the same Keychain.
Declaration
Swift
public init(accessGroup: String)
Parameters
accessGroup
The access group should be an
App Group
on the developer account. -
Save a value to the Keychain.
Declaration
Swift
public func saveValue(name: String, value: String, service: String, protection: AccessibleProtection = .afterFirstUnlockThisDeviceOnly, bioFactor: BioFactor = .none) -> Bool
Parameters
name
The name associated with this item.
value
The value to save as String.
service
The service associated with this item.
protection
The device status protection level associated with this item.
bioFactor
The biometric presence factor associated with this item.
Return Value
True if saved, otherwise false.
-
Save a value to the Keychain.
Declaration
Swift
public func saveValue(name: String, value: Data, service: String, protection: AccessibleProtection = .afterFirstUnlockThisDeviceOnly, bioFactor: BioFactor = .none) -> Bool
Parameters
name
The name associated with this item.
value
The value to save as Data.
service
The service associated with this item.
protection
The device status protection level associated with this item.
bioFactor
The biometric presence factor associated with this item.
Return Value
True if saved, otherwise false.
-
Update a value in the Keychain.
Declaration
Swift
public func updateValue(name: String, value: String, service: String) -> Bool
Parameters
name
The name associated with this item.
value
The updated value.
service
The service associated with this item.
Return Value
True if updated, otherwise false.
-
Update a value in the Keychain.
Declaration
Swift
public func updateValue(name: String, value: Data, service: String) -> Bool
Parameters
name
The name associated with this item.
value
The updated value.
service
The service associated with this item.
Return Value
True if updated, otherwise false.
-
Delete an item from the Keychain.
Declaration
Swift
public func delete(name: String, service: String)
Parameters
name
The name of the item to delete.
service
The service associated with this item.
-
Get a value from the Keychain.
Declaration
Swift
public func getValueAsData(name: String, service: String) -> Data?
Parameters
name
The name of the item.
service
The service associated with this item.
Return Value
The value for the specified item as Data.
-
Get a value from the Keychain.
Declaration
Swift
public func getValue(name: String, service: String) -> String?
Parameters
name
The name of the item.
service
The service associated with this item.
Return Value
The value for the specified item as String.
-
Get a dictionary of values from the Keychain for the specified service.
Declaration
Swift
public func getValuesAsData(service: String) -> [String : Data]?
Parameters
service
A service name.
Return Value
A dictionary of names and Data values for the specified service.
-
Get a dictionary of values from the Keychain for the specified service.
Declaration
Swift
public func getValues(service: String) -> [String : String]?
Parameters
service
A service name.
Return Value
A dictionary of names and String values for the specified service.
-
Delete key given the SecKey.
Declaration
Swift
public func deleteKey(secKey: SecKey)
Parameters
secKey
The SecKey to delete.
-
Delete key if public key exists.
Declaration
Swift
public func deleteKey(publicKey: Data)
Parameters
publicKey
The public key of the key to delete.
-
Update label.
Declaration
Swift
public func update(label: String, publicKey: Data)
Parameters
label
The new label value.
publicKey
The public key of the key to update.
-
Get elliptic curve key – getting the key from the Keychain given the key is used for testing.
Declaration
Swift
public func getSecKey(key: SecKey) -> SecKey?
-
Get an elliptic curve key given the public key. IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID
Declaration
Swift
public func getEllipticCurveKey(publicKey: Data) -> ECKey?
Parameters
publicKey
The public key.
Return Value
An ECKey corresponding to the public key.
-
Get all elliptic curve keys with option to filter by tag. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID
Throws
If there is an error in the key query.Declaration
Swift
public func getAllEllipticCurveKeys(tag: String? = nil, label: String? = nil) throws -> [ECKey]
Parameters
tag
The tag to filter by (defaults to
nil
).Return Value
An array of ECKeys.
-
Get all attributes for elliptic curve keys with option to filter by tag. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID
Throws
If there is an error in the key query.Declaration
Swift
public func getAttributesForAllEllipticCurveKeys(tag: String? = nil, label: String? = nil, matchLimitAll: Bool = true) throws -> [[String : Any]]
Parameters
tag
The tag to filter by (defaults to
nil
).Return Value
An array of ECKeys.
-
Get an elliptic curve keys for the provided application label (for ec keys this is the sha1 hash of the public key) IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID
Throws
If there is a error getting the keyDeclaration
Swift
public func getEllipticCurveKey(applicationLabel: Data) throws -> ECKey
Parameters
applicationLabel
The application label to search for
Return Value
An ECKey
-
Get an elliptic curve keys for the provided public key IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID
Throws
If there is a error getting the keyDeclaration
Swift
public func getEllipticCurveKey(publicKey: Data) throws -> ECKey
Parameters
publicKey
The publickey
Return Value
An ECKey
-
Get all elliptic curve private Sec Keys. For Secure Enclave private keys, the SecKey is a reference. It’s not posible to export the actual private key data.
Declaration
Swift
public func getAllEllipticCurvePrivateSecKeys(tag: String? = nil) -> [SecKey]?
Parameters
tag
The tag to filter by (defaults to
nil
).Return Value
An array of SecKeys.
-
Get all elliptic curve keys and return the public keys. IMPORTANT: If any of the keys returned by the search query require a biometric check for access, the system will prompt the user for FaceID/TouchID
Declaration
Swift
public func getAllEllipticCurvePublicSecKeys() -> [SecKey]?
Return Value
An array of public SecKeys.
-
Get the private SecKey for the public key if the key exists in the Keychain. Public key data can be in either compressed or uncompressed format. IMPORTANT: If the key requires a biometric check for access, the system will prompt the user for FaceID/TouchID
Declaration
Swift
public func getPrivateSecKey(publicKey: Data) -> SecKey?
Parameters
publicKey
A public key in either compressed or uncompressed format.
Return Value
A SecKey.
-
Create a NON-Secure-Enclave elliptic curve private key.
Declaration
Swift
public func createEllipticCurvePrivateKey(isPermanent: Bool = false) -> SecKey?
Parameters
isPermanent
Is the key stored permanently in the Keychain?
Return Value
A SecKey.
-
Declaration
Swift
public func importExternal(privateKey: Data, tag: String? = nil, label: String? = nil, // swiftlint:disable:this function_body_length protection: AccessibleProtection = .whenUnlockedThisDeviceOnly, accessFlag: SecAccessControlCreateFlags? = nil) throws -> ECKey
-
Create a new Secure Enclave key.
Throws
If a key cannot be created.Declaration
Swift
public func createSecureEnclaveSecKey(tag: String? = nil, label: String? = nil, accessFlag: SecAccessControlCreateFlags? = nil) throws -> SecKey
Parameters
tag
A tag to associate with this key.
label
A label to associate with this key.
accessFlag
accessFlag for this key.
Return Value
A Secure Enclave SecKey.
-
Create a new elliptic curve key.
Throws
If a key cannot be created.Declaration
Swift
public func createEllipticCurveSecKey(secureEnclave: Bool, tag: String? = nil, label: String? = nil, protection: AccessibleProtection = .whenUnlockedThisDeviceOnly, accessFlag: SecAccessControlCreateFlags? = nil) throws -> SecKey
Parameters
secureEnclave
Generate this key in Secure Enclave?
tag
A tag to associate with this key.
label
A label to associate with this key.
protection
Accessibility defaults to whenUnlockedThisDeviceOnly.
accessFlag
The accessFlag for this key.
Return Value
A SecKey.
-
Create a new elliptic curve key.
Throws
If a key cannot be created.Declaration
Swift
public func createEllipticCurveKey(secureEnclave: Bool, tag: String? = nil, label: String? = nil, protection: AccessibleProtection = .whenUnlockedThisDeviceOnly, accessFlag: SecAccessControlCreateFlags? = nil) throws -> ECKey
Parameters
secureEnclave
Generate this key in Secure Enclave?
tag
A tag to associate with this key.
label
A label to associate with this key.
protection
Accessibility defaults to whenUnlockedThisDeviceOnly.
accessFlag
The accessFlag for this key.
Return Value
An ECKey.
-
Sign if the key is in the Keychain.
Throws
If private key is not available.Declaration
Swift
public func sign(publicKey: Data, data: Data) throws -> Data
Parameters
publicKey
The public key corresponding to a private key to use for signing.
data
The data to sign.
Return Value
A signature.
-
Sign with Secure Enclave or Keychain.
Throws
If an error is encountered attempting to sign.Declaration
Swift
public func sign(privateKey: SecKey, data: Data) throws -> Data
Parameters
privateKey
The private key to use for signing.
data
The data to sign.
Return Value
A signature.
-
Decrypt data using
SecKeyAlgorithm.eciesEncryptionCofactorVariableIVX963SHA256AESGCM
.Throws
If the private key is not found or the message cannot be decrypted.Declaration
Swift
public func decrypt(publicKey: Data, message: Data) throws -> Data
Parameters
publicKey
The public key corresponding to a private key to use for decrypting.
message
The encrypted message.
Return Value
The decrypted message.
-
ECKey collects properties into a single object for an elliptic curve key.
See moreDeclaration
Swift
class ECKey