2 * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 SecItem defines CoreFoundation-based constants and functions for
27 access to Security items (certificates, keys, identities, and
31 #ifndef _SECURITY_SECITEM_H_
32 #define _SECURITY_SECITEM_H_
34 #include <Security/SecBase.h>
35 #include <CoreFoundation/CFArray.h>
36 #include <CoreFoundation/CFDictionary.h>
41 @enum Class Key Constant
42 @discussion Predefined key constant used to get or set item class values in
43 a dictionary. Its value is one of the constants defined in the Value
44 Constants for kSecClass.
45 @constant kSecClass Specifies a dictionary key whose value is the item's
46 class code. You use this key to get or set a value of type CFTypeRef
47 that contains the item class code.
49 extern CFTypeRef kSecClass
50 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
53 @enum Class Value Constants
54 @discussion Predefined item class constants used to get or set values in
55 a dictionary. The kSecClass constant is the key and its value is one
56 of the constants defined here.
57 @constant kSecClassGenericPassword Specifies generic password items.
58 @constant kSecClassInternetPassword Specifies Internet password items.
59 @constant kSecClassCertificate Specifies certificate items.
60 @constant kSecClassKey Specifies key items.
61 @constant kSecClassIdentity Specifies identity items.
63 extern CFTypeRef kSecClassGenericPassword
64 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
65 extern CFTypeRef kSecClassInternetPassword
66 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
67 extern CFTypeRef kSecClassCertificate
68 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
69 extern CFTypeRef kSecClassKey
70 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
71 extern CFTypeRef kSecClassIdentity
72 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
76 @enum Attribute Key Constants
77 @discussion Predefined item attribute keys used to get or set values in a
78 dictionary. Not all attributes apply to each item class. The table
79 below lists the currently defined attributes for each item class:
81 kSecClassGenericPassword item attributes:
85 kSecAttrModificationDate
97 kSecClassInternetPassword item attributes:
101 kSecAttrModificationDate
110 kSecAttrSecurityDomain
113 kSecAttrAuthenticationType
117 kSecClassCertificate item attributes:
120 kSecAttrCertificateType
121 kSecAttrCertificateEncoding
127 kSecAttrPublicKeyHash
129 kSecClassKey item attributes:
134 kSecAttrApplicationLabel
136 kSecAttrApplicationTag
138 kSecAttrKeySizeInBits
139 kSecAttrEffectiveKeySize
148 kSecClassIdentity item attributes:
149 Since an identity is the combination of a private key and a
150 certificate, this class shares attributes of both kSecClassKey and
151 kSecClassCertificate.
153 @constant kSecAttrAccessible Specifies a dictionary key whose value
154 indicates when your application needs access to an item's data. You
155 should choose the most restrictive option that meets your application's
156 needs to allow the system to protect that item in the best way possible.
157 See the "kSecAttrAccessible Value Constants" section for a list of
158 values which can be specified.
159 IMPORTANT: This attribute is currently not supported for OS X keychain
160 items, unless the kSecAttrSynchronizable attribute is also present. If
161 both attributes are specified on either OS X or iOS, the value for the
162 kSecAttrAccessible key may only be one whose name does not end with
163 "ThisDeviceOnly", as those cannot sync to another device.
165 @constant kSecAttrAccessGroup Specifies a dictionary key whose value is
166 a CFStringRef indicating which access group a item is in. The access
167 groups that a particular application has membership in are determined by
168 two entitlements for that application. The application-identifier
169 entitlement contains the application's single access group, unless
170 there is a keychain-access-groups entitlement present. The latter
171 has as its value a list of access groups; the first item in this list
172 is the default access group. Unless a specific access group is provided
173 as the value of kSecAttrAccessGroup when SecItemAdd is called, new items
174 are created in the application's default access group. Specifying this
175 attribute in SecItemCopyMatching, SecItemUpdate, or SecItemDelete calls
176 limits the search to the specified access group (of which the calling
177 application must be a member to obtain matching results.) To share
178 keychain items between multiple applications, each application must have
179 a common group listed in its keychain-access-groups entitlement, and each
180 must specify this shared access group name as the value for the
181 kSecAttrAccessGroup key in the dictionary passed to SecItem functions.
183 @constant kSecAttrSynchronizable Specifies a dictionary key whose value is
184 a CFBooleanRef indicating whether the item in question can be synchronized.
185 To add a new item which can be synced to other devices, or to obtain
186 synchronizable results from a query, supply this key with a value of
187 kCFBooleanTrue. If the key is not supplied, or has a value of
188 kCFBooleanFalse, then no synchronizable items will be added or returned.
189 A predefined value, kSecAttrSynchronizableAny, may be provided instead of
190 kCFBooleanTrue if both synchronizable and non-synchronizable results are
193 IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats:
195 - Updating or deleting items using the kSecAttrSynchronizable key will
196 affect all copies of the item, not just the one on your local device.
197 Be sure that it makes sense to use the same password on all devices
198 before deciding to make a password synchronizable.
199 - Only password items can currently be synchronized. Keychain syncing
200 is not supported for certificates or cryptographic keys.
201 - Items stored or obtained using the kSecAttrSynchronizable key cannot
202 specify SecAccessRef-based access control with kSecAttrAccess. If a
203 password is intended to be shared between multiple applications, the
204 kSecAttrAccessGroup key must be specified, and each application
205 using this password must have a 'keychain-access-groups' entitlement
206 with the specified access group value.
207 - Items stored or obtained using the kSecAttrSynchronizable key may
208 not also specify a kSecAttrAccessible value which is incompatible
209 with syncing (namely, those whose names end with "ThisDeviceOnly".)
210 - Items stored or obtained using the kSecAttrSynchronizable key cannot
211 be specified by reference. You must pass kSecReturnAttributes and/or
212 kSecReturnData to retrieve results; kSecReturnRef is currently not
213 supported for synchronizable items.
214 - Persistent references to synchronizable items should be avoided;
215 while they may work locally, they cannot be moved between devices,
216 and may not resolve if the item is modified on some other device.
217 - When specifying a query that uses the kSecAttrSynchronizable key,
218 search keys are limited to the item's class and attributes.
219 The only search constant which may be used is kSecMatchLimit; other
220 constants using the kSecMatch prefix are not supported at this time.
222 @constant kSecAttrSynchronizableAny Specifies that both synchronizable and
223 non-synchronizable results should be returned from this query. This may be
224 used as a value for the kSecAttrSynchronizable dictionary key in a call to
225 SecItemCopyMatching, SecItemUpdate, or SecItemDelete.
227 @constant kSecAttrCreationDate (read-only) Specifies a dictionary key whose
228 value is the item's creation date. You use this key to get a value
229 of type CFDateRef that represents the date the item was created.
230 @constant kSecAttrModificationDate (read-only) Specifies a dictionary key
231 whose value is the item's modification date. You use this key to get
232 a value of type CFDateRef that represents the last time the item was
234 @constant kSecAttrDescription Specifies a dictionary key whose value is
235 the item's description attribute. You use this key to set or get a
236 value of type CFStringRef that represents a user-visible string
237 describing this particular kind of item (e.g., "disk image password").
238 @constant kSecAttrComment Specifies a dictionary key whose value is the
239 item's comment attribute. You use this key to set or get a value of
240 type CFStringRef containing the user-editable comment for this item.
241 @constant kSecAttrCreator Specifies a dictionary key whose value is the
242 item's creator attribute. You use this key to set or get a value of
243 type CFNumberRef that represents the item's creator. This number is
244 the unsigned integer representation of a four-character code (e.g.,
246 @constant kSecAttrType Specifies a dictionary key whose value is the item's
247 type attribute. You use this key to set or get a value of type
248 CFNumberRef that represents the item's type. This number is the
249 unsigned integer representation of a four-character code (e.g.,
251 @constant kSecAttrLabel Specifies a dictionary key whose value is the
252 item's label attribute. You use this key to set or get a value of
253 type CFStringRef containing the user-visible label for this item.
254 @constant kSecAttrIsInvisible Specifies a dictionary key whose value is the
255 item's invisible attribute. You use this key to set or get a value
256 of type CFBooleanRef that indicates whether the item is invisible
257 (i.e., should not be displayed.)
258 @constant kSecAttrIsNegative Specifies a dictionary key whose value is the
259 item's negative attribute. You use this key to set or get a value of
260 type CFBooleanRef that indicates whether there is a valid password
261 associated with this keychain item. This is useful if your application
262 doesn't want a password for some particular service to be stored in
263 the keychain, but prefers that it always be entered by the user.
264 @constant kSecAttrAccount Specifies a dictionary key whose value is the
265 item's account attribute. You use this key to set or get a CFStringRef
266 that contains an account name. (Items of class
267 kSecClassGenericPassword, kSecClassInternetPassword have this
269 @constant kSecAttrService Specifies a dictionary key whose value is the
270 item's service attribute. You use this key to set or get a CFStringRef
271 that represents the service associated with this item. (Items of class
272 kSecClassGenericPassword have this attribute.)
273 @constant kSecAttrGeneric Specifies a dictionary key whose value is the
274 item's generic attribute. You use this key to set or get a value of
275 CFDataRef that contains a user-defined attribute. (Items of class
276 kSecClassGenericPassword have this attribute.)
277 @constant kSecAttrSecurityDomain Specifies a dictionary key whose value
278 is the item's security domain attribute. You use this key to set or
279 get a CFStringRef value that represents the Internet security domain.
280 (Items of class kSecClassInternetPassword have this attribute.)
281 @constant kSecAttrServer Specifies a dictionary key whose value is the
282 item's server attribute. You use this key to set or get a value of
283 type CFStringRef that contains the server's domain name or IP address.
284 (Items of class kSecClassInternetPassword have this attribute.)
285 @constant kSecAttrProtocol Specifies a dictionary key whose value is the
286 item's protocol attribute. You use this key to set or get a value of
287 type CFNumberRef that denotes the protocol for this item (see the
288 SecProtocolType enum in SecKeychainItem.h). (Items of class
289 kSecClassInternetPassword have this attribute.)
290 @constant kSecAttrAuthenticationType Specifies a dictionary key whose value
291 is the item's authentication type attribute. You use this key to set
292 or get a value of type CFNumberRef that denotes the authentication
293 scheme for this item (see the kSecAttrAuthenticationType value
295 @constant kSecAttrPort Specifies a dictionary key whose value is the item's
296 port attribute. You use this key to set or get a CFNumberRef value
297 that represents an Internet port number. (Items of class
298 kSecClassInternetPassword have this attribute.)
299 @constant kSecAttrPath Specifies a dictionary key whose value is the item's
300 path attribute, typically this is the path component of the URL. You use
301 this key to set or get a CFStringRef value that represents a path. (Items
302 of class kSecClassInternetPassword have this attribute.)
303 @constant kSecAttrSubject (read-only) Specifies a dictionary key whose
304 value is the item's subject. You use this key to get a value of type
305 CFDataRef that contains the X.500 subject name of a certificate.
306 (Items of class kSecClassCertificate have this attribute.)
307 @constant kSecAttrIssuer (read-only) Specifies a dictionary key whose value
308 is the item's issuer. You use this key to get a value of type
309 CFDataRef that contains the X.500 issuer name of a certificate. (Items
310 of class kSecClassCertificate have this attribute.)
311 @constant kSecAttrSerialNumber (read-only) Specifies a dictionary key whose
312 value is the item's serial number. You use this key to get a value
313 of type CFDataRef that contains the serial number data of a
314 certificate. (Items of class kSecClassCertificate have this
316 @constant kSecAttrSubjectKeyID (read-only) Specifies a dictionary key whose
317 value is the item's subject key ID. You use this key to get a value
318 of type CFDataRef that contains the subject key ID of a certificate.
319 (Items of class kSecClassCertificate have this attribute.)
320 @constant kSecAttrPublicKeyHash (read-only) Specifies a dictionary key
321 whose value is the item's public key hash. You use this key to get a
322 value of type CFDataRef that contains the hash of a certificate's
323 public key. (Items of class kSecClassCertificate have this attribute.)
324 @constant kSecAttrCertificateType (read-only) Specifies a dictionary key
325 whose value is the item's certificate type. You use this key to get
326 a value of type CFNumberRef that denotes the certificate type
327 (Currently only the value of this attribute must be equal to the
328 version of the X509 certificate. So 1 for v1 2 for v2 and 3 for v3
329 certificates). Only items of class kSecClassCertificate have this
331 @constant kSecAttrCertificateEncoding (read-only) Specifies a dictionary
332 key whose value is the item's certificate encoding. You use this key
333 to get a value of type CFNumberRef that denotes the certificate
334 encoding (Currently only the value 3 meaning
335 kSecAttrCertificateEncodingDER is supported). Only items of class
336 kSecClassCertificate have this attribute.
337 @constant kSecAttrKeyClass (read only) Specifies a dictionary key whose
338 value is one of kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate or
339 kSecAttrKeyClassSymmetric.
340 @constant kSecAttrApplicationLabel Specifies a dictionary key whose value
341 is the key's application label attribute. This is different from the
342 kSecAttrLabel (which is intended to be human-readable). This attribute
343 is used to look up a key programmatically; in particular, for keys of
344 class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of
345 this attribute is the hash of the public key.
346 @constant kSecAttrIsPermanent Specifies a dictionary key whose value is a
347 CFBooleanRef indicating whether the key in question will be stored
349 @constant kSecAttrApplicationTag Specifies a dictionary key whose value is a
350 CFDataRef containing private tag data.
351 @constant kSecAttrKeyType Specifies a dictionary key whose value is a
352 CFNumberRef indicating the algorithm associated with this key
353 (Currently only the value 42 is supported, alternatively you can use
355 @constant kSecAttrKeySizeInBits Specifies a dictionary key whose value
356 is a CFNumberRef indicating the number of bits in this key.
357 @constant kSecAttrEffectiveKeySize Specifies a dictionary key whose value
358 is a CFNumberRef indicating the effective number of bits in this key.
359 For example, a DES key has a kSecAttrKeySizeInBits of 64, but a
360 kSecAttrEffectiveKeySize of 56 bits.
361 @constant kSecAttrCanEncrypt Specifies a dictionary key whole value is a
362 CFBooleanRef indicating whether the key in question can be used to
364 @constant kSecAttrCanDecrypt Specifies a dictionary key whose value is a
365 CFBooleanRef indicating whether the key in question can be used to
367 @constant kSecAttrCanDerive Specifies a dictionary key whole value is a
368 CFBooleanRef indicating whether the key in question can be used to
370 @constant kSecAttrCanSign Specifies a dictionary key whole value is a
371 CFBooleanRef indicating whether the key in question can be used to
372 create a digital signature.
373 @constant kSecAttrCanVerify Specifies a dictionary key whole value is a
374 CFBooleanRef indicating whether the key in question can be used to
375 verify a digital signature.
376 @constant kSecAttrCanWrap Specifies a dictionary key whole value is a
377 CFBooleanRef indicating whether the key in question can be used to
379 @constant kSecAttrCanUnwrap Specifies a dictionary key whole value is a
380 CFBooleanRef indicating whether the key in question can be used to
383 extern CFTypeRef kSecAttrAccessible
384 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
385 extern CFTypeRef kSecAttrAccessGroup
386 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_3_0
);
387 extern CFTypeRef kSecAttrSynchronizable
388 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_7_0
);
389 extern CFTypeRef kSecAttrSynchronizableAny
390 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_7_0
);
391 extern CFTypeRef kSecAttrCreationDate
392 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
393 extern CFTypeRef kSecAttrModificationDate
394 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
395 extern CFTypeRef kSecAttrDescription
396 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
397 extern CFTypeRef kSecAttrComment
398 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
399 extern CFTypeRef kSecAttrCreator
400 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
401 extern CFTypeRef kSecAttrType
402 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
403 extern CFTypeRef kSecAttrLabel
404 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
405 extern CFTypeRef kSecAttrIsInvisible
406 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
407 extern CFTypeRef kSecAttrIsNegative
408 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
409 extern CFTypeRef kSecAttrAccount
410 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
411 extern CFTypeRef kSecAttrService
412 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
413 extern CFTypeRef kSecAttrGeneric
414 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
415 extern CFTypeRef kSecAttrSecurityDomain
416 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
417 extern CFTypeRef kSecAttrServer
418 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
419 extern CFTypeRef kSecAttrProtocol
420 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
421 extern CFTypeRef kSecAttrAuthenticationType
422 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
423 extern CFTypeRef kSecAttrPort
424 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
425 extern CFTypeRef kSecAttrPath
426 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
427 extern CFTypeRef kSecAttrSubject
428 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
429 extern CFTypeRef kSecAttrIssuer
430 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
431 extern CFTypeRef kSecAttrSerialNumber
432 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
433 extern CFTypeRef kSecAttrSubjectKeyID
434 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
435 extern CFTypeRef kSecAttrPublicKeyHash
436 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
437 extern CFTypeRef kSecAttrCertificateType
438 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
439 extern CFTypeRef kSecAttrCertificateEncoding
440 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
441 extern CFTypeRef kSecAttrKeyClass
442 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
443 extern CFTypeRef kSecAttrApplicationLabel
444 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
445 extern CFTypeRef kSecAttrIsPermanent
446 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
447 extern CFTypeRef kSecAttrApplicationTag
448 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
449 extern CFTypeRef kSecAttrKeyType
450 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
451 extern CFTypeRef kSecAttrKeySizeInBits
452 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
453 extern CFTypeRef kSecAttrEffectiveKeySize
454 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
455 extern CFTypeRef kSecAttrCanEncrypt
456 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
457 extern CFTypeRef kSecAttrCanDecrypt
458 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
459 extern CFTypeRef kSecAttrCanDerive
460 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
461 extern CFTypeRef kSecAttrCanSign
462 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
463 extern CFTypeRef kSecAttrCanVerify
464 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
465 extern CFTypeRef kSecAttrCanWrap
466 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
467 extern CFTypeRef kSecAttrCanUnwrap
468 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
471 @enum kSecAttrAccessible Value Constants
472 @discussion Predefined item attribute constants used to get or set values
473 in a dictionary. The kSecAttrAccessible constant is the key and its
474 value is one of the constants defined here.
475 When asking SecItemCopyMatching to return the item's data, the error
476 errSecInteractionNotAllowed will be returned if the item's data is not
477 available until a device unlock occurs.
478 @constant kSecAttrAccessibleWhenUnlocked Item data can only be accessed
479 while the device is unlocked. This is recommended for items that only
480 need be accesible while the application is in the foreground. Items
481 with this attribute will migrate to a new device when using encrypted
483 @constant kSecAttrAccessibleAfterFirstUnlock Item data can only be
484 accessed once the device has been unlocked after a restart. This is
485 recommended for items that need to be accesible by background
486 applications. Items with this attribute will migrate to a new device
487 when using encrypted backups.
488 @constant kSecAttrAccessibleAlways Item data can always be accessed
489 regardless of the lock state of the device. This is not recommended
490 for anything except system use. Items with this attribute will migrate
491 to a new device when using encrypted backups.
492 @constant kSecAttrAccessibleWhenUnlockedThisDeviceOnly Item data can only
493 be accessed while the device is unlocked. This is recommended for items
494 that only need be accesible while the application is in the foreground.
495 Items with this attribute will never migrate to a new device, so after
496 a backup is restored to a new device, these items will be missing.
497 @constant kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly Item data can
498 only be accessed once the device has been unlocked after a restart.
499 This is recommended for items that need to be accessible by background
500 applications. Items with this attribute will never migrate to a new
501 device, so after a backup is restored to a new device these items will
503 @constant kSecAttrAccessibleAlwaysThisDeviceOnly Item data can always
504 be accessed regardless of the lock state of the device. This option
505 is not recommended for anything except system use. Items with this
506 attribute will never migrate to a new device, so after a backup is
507 restored to a new device, these items will be missing.
509 extern CFTypeRef kSecAttrAccessibleWhenUnlocked
510 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
511 extern CFTypeRef kSecAttrAccessibleAfterFirstUnlock
512 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
513 extern CFTypeRef kSecAttrAccessibleAlways
514 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
515 extern CFTypeRef kSecAttrAccessibleWhenUnlockedThisDeviceOnly
516 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
517 extern CFTypeRef kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
518 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
519 extern CFTypeRef kSecAttrAccessibleAlwaysThisDeviceOnly
520 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
523 @enum kSecAttrProtocol Value Constants
524 @discussion Predefined item attribute constants used to get or set values
525 in a dictionary. The kSecAttrProtocol constant is the key and its
526 value is one of the constants defined here.
527 @constant kSecAttrProtocolFTP.
528 @constant kSecAttrProtocolFTPAccount.
529 @constant kSecAttrProtocolHTTP.
530 @constant kSecAttrProtocolIRC.
531 @constant kSecAttrProtocolNNTP.
532 @constant kSecAttrProtocolPOP3.
533 @constant kSecAttrProtocolSMTP.
534 @constant kSecAttrProtocolSOCKS.
535 @constant kSecAttrProtocolIMAP.
536 @constant kSecAttrProtocolLDAP.
537 @constant kSecAttrProtocolAppleTalk.
538 @constant kSecAttrProtocolAFP.
539 @constant kSecAttrProtocolTelnet.
540 @constant kSecAttrProtocolSSH.
541 @constant kSecAttrProtocolFTPS.
542 @constant kSecAttrProtocolHTTPS.
543 @constant kSecAttrProtocolHTTPProxy.
544 @constant kSecAttrProtocolHTTPSProxy.
545 @constant kSecAttrProtocolFTPProxy.
546 @constant kSecAttrProtocolSMB.
547 @constant kSecAttrProtocolRTSP.
548 @constant kSecAttrProtocolRTSPProxy.
549 @constant kSecAttrProtocolDAAP.
550 @constant kSecAttrProtocolEPPC.
551 @constant kSecAttrProtocolIPP.
552 @constant kSecAttrProtocolNNTPS.
553 @constant kSecAttrProtocolLDAPS.
554 @constant kSecAttrProtocolTelnetS.
555 @constant kSecAttrProtocolIMAPS.
556 @constant kSecAttrProtocolIRCS.
557 @constant kSecAttrProtocolPOP3S.
559 extern CFTypeRef kSecAttrProtocolFTP
560 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
561 extern CFTypeRef kSecAttrProtocolFTPAccount
562 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
563 extern CFTypeRef kSecAttrProtocolHTTP
564 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
565 extern CFTypeRef kSecAttrProtocolIRC
566 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
567 extern CFTypeRef kSecAttrProtocolNNTP
568 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
569 extern CFTypeRef kSecAttrProtocolPOP3
570 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
571 extern CFTypeRef kSecAttrProtocolSMTP
572 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
573 extern CFTypeRef kSecAttrProtocolSOCKS
574 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
575 extern CFTypeRef kSecAttrProtocolIMAP
576 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
577 extern CFTypeRef kSecAttrProtocolLDAP
578 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
579 extern CFTypeRef kSecAttrProtocolAppleTalk
580 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
581 extern CFTypeRef kSecAttrProtocolAFP
582 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
583 extern CFTypeRef kSecAttrProtocolTelnet
584 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
585 extern CFTypeRef kSecAttrProtocolSSH
586 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
587 extern CFTypeRef kSecAttrProtocolFTPS
588 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
589 extern CFTypeRef kSecAttrProtocolHTTPS
590 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
591 extern CFTypeRef kSecAttrProtocolHTTPProxy
592 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
593 extern CFTypeRef kSecAttrProtocolHTTPSProxy
594 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
595 extern CFTypeRef kSecAttrProtocolFTPProxy
596 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
597 extern CFTypeRef kSecAttrProtocolSMB
598 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
599 extern CFTypeRef kSecAttrProtocolRTSP
600 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
601 extern CFTypeRef kSecAttrProtocolRTSPProxy
602 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
603 extern CFTypeRef kSecAttrProtocolDAAP
604 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
605 extern CFTypeRef kSecAttrProtocolEPPC
606 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
607 extern CFTypeRef kSecAttrProtocolIPP
608 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
609 extern CFTypeRef kSecAttrProtocolNNTPS
610 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
611 extern CFTypeRef kSecAttrProtocolLDAPS
612 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
613 extern CFTypeRef kSecAttrProtocolTelnetS
614 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
615 extern CFTypeRef kSecAttrProtocolIMAPS
616 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
617 extern CFTypeRef kSecAttrProtocolIRCS
618 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
619 extern CFTypeRef kSecAttrProtocolPOP3S
620 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
623 @enum kSecAttrAuthenticationType Value Constants
624 @discussion Predefined item attribute constants used to get or set values
625 in a dictionary. The kSecAttrAuthenticationType constant is the key
626 and its value is one of the constants defined here.
627 @constant kSecAttrAuthenticationTypeNTLM.
628 @constant kSecAttrAuthenticationTypeMSN.
629 @constant kSecAttrAuthenticationTypeDPA.
630 @constant kSecAttrAuthenticationTypeRPA.
631 @constant kSecAttrAuthenticationTypeHTTPBasic.
632 @constant kSecAttrAuthenticationTypeHTTPDigest.
633 @constant kSecAttrAuthenticationTypeHTMLForm.
634 @constant kSecAttrAuthenticationTypeDefault.
636 extern CFTypeRef kSecAttrAuthenticationTypeNTLM
637 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
638 extern CFTypeRef kSecAttrAuthenticationTypeMSN
639 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
640 extern CFTypeRef kSecAttrAuthenticationTypeDPA
641 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
642 extern CFTypeRef kSecAttrAuthenticationTypeRPA
643 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
644 extern CFTypeRef kSecAttrAuthenticationTypeHTTPBasic
645 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
646 extern CFTypeRef kSecAttrAuthenticationTypeHTTPDigest
647 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
648 extern CFTypeRef kSecAttrAuthenticationTypeHTMLForm
649 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
650 extern CFTypeRef kSecAttrAuthenticationTypeDefault
651 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
654 @enum kSecAttrKeyClass Value Constants
655 @discussion Predefined item attribute constants used to get or set values
656 in a dictionary. The kSecAttrKeyClass constant is the key
657 and its value is one of the constants defined here.
658 @constant kSecAttrKeyClassPublic.
659 @constant kSecAttrKeyClassPrivate.
660 @constant kSecAttrKeyClassSymmetric.
662 extern CFTypeRef kSecAttrKeyClassPublic
663 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
664 extern CFTypeRef kSecAttrKeyClassPrivate
665 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
666 extern CFTypeRef kSecAttrKeyClassSymmetric
667 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
670 @enum kSecAttrKeyType Value Constants
671 @discussion Predefined item attribute constants used to get or set values
672 in a dictionary. The kSecAttrKeyType constant is the key
673 and its value is one of the constants defined here.
674 @constant kSecAttrKeyTypeRSA.
675 @constant kSecAttrKeyTypeEC.
677 extern CFTypeRef kSecAttrKeyTypeRSA
678 __OSX_AVAILABLE_STARTING(__MAC_10_7
, __IPHONE_2_0
);
679 extern CFTypeRef kSecAttrKeyTypeEC
680 __OSX_AVAILABLE_STARTING(__MAC_10_9
, __IPHONE_4_0
);
683 @enum Search Constants
684 @discussion Predefined search constants used to set values in a query
685 dictionary. You can specify a combination of search attributes and
686 item attributes when looking for matching items with the
687 SecItemCopyMatching function.
688 @constant kSecMatchPolicy Specifies a dictionary key whose value is a
689 SecPolicyRef. If provided, returned certificates or identities must
690 verify with this policy.
691 @constant kSecMatchIssuers Specifies a dictionary key whose value is a
692 CFArray of X.500 names (of type CFDataRef). If provided, returned
693 certificates or identities will be limited to those whose
694 certificate chain contains one of the issuers provided in this list.
695 @constant kSecMatchEmailAddressIfPresent Specifies a dictionary key whose
696 value is a CFStringRef containing an RFC822 email address. If
697 provided, returned certificates or identities will be limited to those
698 that contain the address, or do not contain any email address.
699 @constant kSecMatchSubjectContains Specifies a dictionary key whose value
700 is a CFStringRef. If provided, returned certificates or identities
701 will be limited to those containing this string in the subject.
702 @constant kSecMatchCaseInsensitive Specifies a dictionary key whose value
703 is a CFBooleanRef. If this value is kCFBooleanFalse, or is not
704 provided, then case-sensitive string matching is performed.
705 @constant kSecMatchTrustedOnly Specifies a dictionary key whose value is
706 a CFBooleanRef. If provided with a value of kCFBooleanTrue, only
707 certificates which can be verified back to a trusted anchor will be
708 returned. If this value is kCFBooleanFalse, or is not provided, then
709 both trusted and untrusted certificates may be returned.
710 @constant kSecMatchValidOnDate Specifies a dictionary key whose value is
711 of type CFDateRef. If provided, returned keys, certificates or
712 identities will be limited to those which are valid for the given date.
713 Pass a value of kCFNull to indicate the current date.
714 @constant kSecMatchLimit Specifies a dictionary key whose value is a
715 CFNumberRef. If provided, this value specifies the maximum number of
716 results to return. If not provided, results are limited to the first
717 item found. Predefined values are provided for a single item
718 (kSecMatchLimitOne) and all matching items (kSecMatchLimitAll).
719 @constant kSecMatchLimitOne Specifies that results are limited to the first
720 item found; used as a value for the kSecMatchLimit dictionary key.
721 @constant kSecMatchLimitAll Specifies that an unlimited number of results
722 may be returned; used as a value for the kSecMatchLimit dictionary
725 extern CFTypeRef kSecMatchPolicy
726 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
727 extern CFTypeRef kSecMatchItemList
728 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
729 extern CFTypeRef kSecMatchSearchList
730 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
731 extern CFTypeRef kSecMatchIssuers
732 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
733 extern CFTypeRef kSecMatchEmailAddressIfPresent
734 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
735 extern CFTypeRef kSecMatchSubjectContains
736 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
737 extern CFTypeRef kSecMatchCaseInsensitive
738 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
739 extern CFTypeRef kSecMatchTrustedOnly
740 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
741 extern CFTypeRef kSecMatchValidOnDate
742 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
743 extern CFTypeRef kSecMatchLimit
744 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
745 extern CFTypeRef kSecMatchLimitOne
746 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
747 extern CFTypeRef kSecMatchLimitAll
748 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
752 @enum Return Type Key Constants
753 @discussion Predefined return type keys used to set values in a dictionary.
754 You use these keys to specify the type of results which should be
755 returned by the SecItemCopyMatching or SecItemAdd function. You can
756 specify zero or more of these return types. If more than one of these
757 result types is specified, the result is returned as a CFDictionaryRef
758 whose keys are the result types and values are the requested data.
759 @constant kSecReturnData Specifies a dictionary key whose value is of type
760 CFBooleanRef. A value of kCFBooleanTrue indicates that the data of
761 an item (CFDataRef) should be returned. For keys and password
762 items, data is secret (encrypted) and may require the user to enter
763 a password for access.
764 @constant kSecReturnAttributes Specifies a dictionary key whose value is
765 of type CFBooleanRef. A value of kCFBooleanTrue indicates that the
766 (non-encrypted) attributes of an item (CFDictionaryRef) should be
768 @constant kSecReturnRef Specifies a dictionary key whose value is a
769 CFBooleanRef. A value of kCFBooleanTrue indicates that a reference
770 should be returned. Depending on the item class requested, the
771 returned reference(s) may be of type SecKeychainItemRef, SecKeyRef,
772 SecCertificateRef, or SecIdentityRef.
773 @constant kSecReturnPersistentRef Specifies a dictionary key whose value
774 is of type CFBooleanRef. A value of kCFBooleanTrue indicates that a
775 persistent reference to an item (CFDataRef) should be returned.
777 extern CFTypeRef kSecReturnData
778 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
779 extern CFTypeRef kSecReturnAttributes
780 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
781 extern CFTypeRef kSecReturnRef
782 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
783 extern CFTypeRef kSecReturnPersistentRef
784 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
788 @enum Value Type Key Constants
789 @discussion Predefined value type keys used to pass values in a dictionary.
790 You can specify zero or more of these types depending on the function
791 you are calling. For SecItemCopyMatching or SecItemAdd these are
792 used as keys in the results dictionary.
793 @constant kSecValueData Specifies a dictionary key whose value is of type
794 CFDataRef. For keys and password items, data is secret (encrypted)
795 and may require the user to enter a password for access.
796 @constant kSecValueRef Specifies a dictionary key whose value, depending
797 on the item class requested, is of type SecKeychainItemRef, SecKeyRef,
798 SecCertificateRef, or SecIdentityRef.
799 @constant kSecValuePersistentRef Specifies a dictionary key whose value
800 is of type CFDataRef. The bytes in this CFDataRef can be stored by
801 the caller and used on a subsequent invocation of the application (or
802 even a different application) to retrieve the item referenced by it.
804 extern CFTypeRef kSecValueData
805 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
806 extern CFTypeRef kSecValueRef
807 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
808 extern CFTypeRef kSecValuePersistentRef
809 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
813 @enum Other Constants
814 @discussion Predefined constants used to set values in a dictionary.
815 @constant kSecUseItemList Specifies a dictionary key whose value is a
816 CFArray of items. If provided, this array is treated as the set of
817 all possible items to search, or add if the API being called is
818 SecItemAdd. The items in this array may be of type SecKeyRef,
819 SecCertificateRef, SecIdentityRef, or CFDataRef (for a persistent
820 item reference.) The items in the array must all be of the same
821 type. When this attribute is provided, no keychains are searched.
823 extern CFTypeRef kSecUseItemList
824 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
827 @function SecItemCopyMatching
828 @abstract Returns one or more items which match a search query.
829 @param query A dictionary containing an item class specification and
830 optional attributes for controlling the search. See the "Keychain
831 Search Attributes" section for a description of currently defined
833 @param result On return, a CFTypeRef reference to the found item(s). The
834 exact type of the result is based on the search attributes supplied
835 in the query, as discussed below.
836 @result A result code. See "Security Error Codes" (SecBase.h).
837 @discussion Attributes defining a search are specified by adding key/value
838 pairs to the query dictionary.
840 A typical query consists of:
842 * a kSecClass key, whose value is a constant from the Class
843 Constants section that specifies the class of item(s) to be searched
844 * one or more keys from the "Attribute Key Constants" section, whose value
845 is the attribute data to be matched
846 * one or more keys from the "Search Constants" section, whose value is
847 used to further refine the search
848 * a key from the "Return Type Key Constants" section, specifying the type of
851 Result types are specified as follows:
853 * To obtain the data of a matching item (CFDataRef), specify
854 kSecReturnData with a value of kCFBooleanTrue.
855 * To obtain the attributes of a matching item (CFDictionaryRef), specify
856 kSecReturnAttributes with a value of kCFBooleanTrue.
857 * To obtain a reference to a matching item (SecKeychainItemRef,
858 SecKeyRef, SecCertificateRef, or SecIdentityRef), specify kSecReturnRef
859 with a value of kCFBooleanTrue.
860 * To obtain a persistent reference to a matching item (CFDataRef),
861 specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note
862 that unlike normal references, a persistent reference may be stored
863 on disk or passed between processes.
864 * If more than one of these result types is specified, the result is
865 returned as a CFDictionaryRef containing all the requested data.
866 * If a result type is not specified, no results are returned.
868 By default, this function returns only the first match found. To obtain
869 more than one matching item at a time, specify kSecMatchLimit with a value
870 greater than 1. The result will be a CFArrayRef containing up to that
871 number of matching items; the items' types are described above.
873 To filter a provided list of items down to those matching the query,
874 specify a kSecMatchItemList whose value is a CFArray of SecKeychainItemRef,
875 SecKeyRef, SecCertificateRef, or SecIdentityRef items. The objects in the
876 provided array must be of the same type.
878 To convert from a persistent item reference to a normal item reference,
879 specify a kSecValuePersistentRef whose value a CFDataRef (the persistent
880 reference), and a kSecReturnRef whose value is kCFBooleanTrue.
882 OSStatus
SecItemCopyMatching(CFDictionaryRef query
, CFTypeRef
*result
)
883 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
887 @abstract Add one or more items to a keychain.
888 @param attributes A dictionary containing an item class specification and
889 optional entries specifying the item's attribute values. See the
890 "Attribute Key Constants" section for a description of currently defined
892 @param result On return, a CFTypeRef reference to the newly added item(s).
893 The exact type of the result is based on the values supplied
894 in attributes, as discussed below. Pass NULL if this result is not
896 @result A result code. See "Security Error Codes" (SecBase.h).
897 @discussion Attributes defining an item are specified by adding key/value
898 pairs to the attributes dictionary. To add multiple items to a keychain
899 at once use the kSecUseItemList key with an array of items as its value.
900 This is currently only supported for non password items.
902 Result types are specified as follows:
904 * To obtain the data of the added item (CFDataRef), specify
905 kSecReturnData with a value of kCFBooleanTrue.
906 * To obtain all the attributes of the added item (CFDictionaryRef),
907 specify kSecReturnAttributes with a value of kCFBooleanTrue.
908 * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef,
909 SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a
910 value of kCFBooleanTrue.
911 * To obtain a persistent reference to the added item (CFDataRef), specify
912 kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that
913 unlike normal references, a persistent reference may be stored on disk
914 or passed between processes.
915 * If more than one of these result types is specified, the result is
916 returned as a CFDictionaryRef containing all the requested data.
917 * If a result type is not specified, no results are returned.
919 OSStatus
SecItemAdd(CFDictionaryRef attributes
, CFTypeRef
*result
)
920 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
923 @function SecItemUpdate
924 @abstract Modify zero or more items which match a search query.
925 @param query A dictionary containing an item class specification and
926 optional attributes for controlling the search. See the "Attribute
927 Constants" and "Search Constants" sections for a description of
928 currently defined search attributes.
929 @param attributesToUpdate A dictionary containing one or more attributes
930 whose values should be set to the ones specified. Only real keychain
931 attributes are permitted in this dictionary (no "meta" attributes are
932 allowed.) See the "Attribute Key Constants" section for a description of
933 currently defined value attributes.
934 @result A result code. See "Security Error Codes" (SecBase.h).
935 @discussion Attributes defining a search are specified by adding key/value
936 pairs to the query dictionary.
938 OSStatus
SecItemUpdate(CFDictionaryRef query
,
939 CFDictionaryRef attributesToUpdate
)
940 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
943 @function SecItemDelete
944 @abstract Delete zero or more items which match a search query.
945 @param query A dictionary containing an item class specification and
946 optional attributes for controlling the search. See the "Attribute
947 Constants" and "Search Constants" sections for a description of
948 currently defined search attributes.
949 @result A result code. See "Security Error Codes" (SecBase.h).
950 @discussion Attributes defining a search are specified by adding key/value
951 pairs to the query dictionary.
953 By default, this function deletes all items matching the specified query.
954 You can change this behavior by specifying one of the follow keys:
956 * To delete an item identified by a transient reference, specify
957 kSecValueRef with a reference returned by using the kSecReturnRef
958 key in a previous call to SecItemCopyMatching or SecItemAdd.
959 * To delete an item identified by a persistent reference, specify
960 kSecValuePersistentRef with a persistent reference returned by
961 using the kSecReturnPersistentRef key to SecItemCopyMatching or
963 * To delete multiple items specify kSecMatchItemList with an array
965 * If more than one of these result keys is specified, the behavior is
968 OSStatus
SecItemDelete(CFDictionaryRef query
)
969 __OSX_AVAILABLE_STARTING(__MAC_10_6
, __IPHONE_2_0
);
973 #endif /* !_SECURITY_SECITEM_H_ */
projects / apple / security.git / blob