| | 1 | Starting in 4.0 the keychain will be using content protection |
| | 2 | |
| | 3 | We will define 4 new classes for the keychain: |
| | 4 | |
| | 5 | Ak = non_exportable, uid_protection|pin_protection |
| | 6 | Ck = wrap_on_lock|unwrap_on_lock|non_exportable, uid_protection|pin_protection |
| | 7 | Dk = non_exportable, uid_protection |
| | 8 | Ek = wrap_on_lock|unwrap_on_lock|non_exportable, uid_protection|pin_protection |
| | 9 | |
| | 10 | A new attribute will be added to all keychain items allowing a caller |
| | 11 | to specify the content protection level. |
| | 12 | Caller will have a choice or class Ak, Ck, Dk or Ek protection for the |
| | 13 | items data. |
| | 14 | |
| | 15 | Consider whether or not to allow SecItemUpdate to change the protection class. |
| | 16 | |
| | 17 | Backup will no longer directly backup the keychain file, instead a new |
| | 18 | SecKeychainMigrate() SPI will be added which takes a keybag and a password and |
| | 19 | returns a keychain blob in which class A and C items are protected by the |
| | 20 | provided keybags A and C keys, and the class E key protected items will not |
| | 21 | migrate. |
| | 22 | |
| | 23 | Restore will pass the keychain file from an old backup or keychain blob |
| | 24 | returned by the new SPI and the backup keybag and password to securityd so |
| | 25 | items can be migrated back into the system keychain db. Class E items in the |
| | 26 | backup set will only get restored if they are decryptable (restore is to same |
| | 27 | device) otherwise they are discarded during the restore. |
| | 28 | |
| | 29 | |
| | 30 | Implementors notes: |
| | 31 | Migrate will take a db file needing to be upgraded or a keychain blob |
| | 32 | needing to be migrated into the system security domain. |
projects / apple / security.git / blame_incremental