Function

SecKeyDeriveFromPassword

Returns a key object in which the key data is derived from a password.

Declaration

SecKeyRef SecKeyDeriveFromPassword(CFStringRef password, CFDictionaryRef parameters, CFErrorRef  _Nullable *error);

Parameters

password

The password from which the key should be derived.

parameters

A set of parameters for deriving the password.

error

A pointer to a CFErrorRef variable where an error object is stored upon failure. If not NULL, the caller is responsible for checking this variable and releasing the resulting object if it exists.

Return Value

The derived key object, or NULL on error. Call the CFRelease function to free the key's memory when you are done with it.

Discussion

The parameters dictionary must contain at least the following keys:

  • kSecKeyKeyType—the type of symmetric key to generate.

  • kSecAttrSalt—a CFDataRef object containing the salt value that is mixed into the pseudorandom rounds.

The parameters dictionary may contain the following optional keys:

  • kSecAttrPRF - the algorithm to use for the pseudorandom-function.

    If zero, this defaults to kSecAttrPRFHmacAlgSHA1. For a list of possible values, see kSecAttrPRF Value Constants.

  • kSecAttrRounds—the number of times to call the pseudorandom function. If zero, the count is computed so that computation will take 1/10 of a second (on average).

  • kSecAttrKeySizeInBits—a CFNumberRef value containing the requested key size in bits. The key size must be valid for the key type. Defaults to 128 if not provided.

See Also

Legacy macOS Key Operations

SecKeyGeneratePairAsync

Generates a public/private key pair.

SecKeyGenerateSymmetric

Generates a random symmetric key.

SecKeyCreateFromData

Constructs a SecKeyRef object for a symmetric key.

SecKeyWrapSymmetric

Wraps a symmetric key with another key.

SecKeyUnwrapSymmetric

Unwraps a wrapped symmetric key.

SecKeyGetCredentials

Returns an access credential for a key.

Deprecated
SecKeyGetCSPHandle

Returns the CSSM CSP handle for a key.

Deprecated
SecKeyGetCSSMKey

Retrieves a pointer to the CSSM_KEY structure containing the key stored in a keychain item.

Deprecated
SecKeySizes

The supported sizes for keys of various common types.

SecKeyUsage

The flags that indicate key usage in the KeyUsage extension of a certificate.

SecPublicKeyHash

A container for a 20-byte public key hash.

SecKeyCreatePair

Creates an asymmetric key pair and stores it in a keychain.

Deprecated
SecKeyGenerate

Creates a symmetric key and optionally stores it in a keychain.

Deprecated
SecKeyGeneratePairBlock

A block called with the results of a call to SecKeyGeneratePairAsync.

SecCredentialType

The credential type to be returned by SecKeyGetCredentials.