Enumeration

Keychain Item Attribute Constants For Keys

Specifies the attributes for a key item in a keychain.

Declaration

enum : int {
    ...
};

Overview

For attributes for items other than keys, see SecItemAttr.

Topics

Constants

kSecKeyKeyClass

Type uint32 (CSSM_KEYCLASS); value is one of CSSM_KEYCLASS_PUBLIC_KEY, CSSM_KEYCLASS_PRIVATE_KEY or CSSM_KEYCLASS_SESSION_KEY.

kSecKeyPrintName

Type blob; human readable name of the key. Same as kSecLabelItemAttr for typical keychain items.

kSecKeyAlias

Type blob; currently unused.

kSecKeyPermanent

Type uint32; value is nonzero. This key is permanent (stored in some keychain) and is always 1.

kSecKeyPrivate

Type uint32; value is nonzero. This key is protected by a user login, a password, or both.

kSecKeyModifiable

Type uint32; value is nonzero. Attributes of this key can be modified.

kSecKeyApplicationTag

Type blob; currently unused.

kSecKeyKeyCreator

Type data. The data points to a CSSM_GUID structure representing the module ID of the CSP owning this key.

kSecKeyKeyType

Type uint32; value is a CSSM algorithm (CSSM_ALGORITHMS) representing the algorithm associated with this key.

kSecKeyKeySizeInBits

Type uint32; value is the number of bits in this key.

kSecKeyEffectiveKeySize

Type uint32; value is the effective number of bits in this key. For example, a DES key has a key size in bits (kSecKeyKeySizeInBits) of 64 but a value for kSecKeyEffectiveKeySize of 56.

kSecKeyStartDate

Type CSSM_DATE. Earliest date at which this key may be used. If the value is all zeros or not present, no restriction applies.

kSecKeyEndDate

Type CSSM_DATE. Latest date at which this key may be used. If the value is all zeros or not present, no restriction applies.

kSecKeySensitive

Type uint32; value is nonzero. This key cannot be wrapped with CSSM_ALGID_NONE.

kSecKeyAlwaysSensitive

Type uint32; value is nonzero. This key has always been marked sensitive.

kSecKeyExtractable

Type uint32; value is nonzero. This key can be wrapped.

kSecKeyNeverExtractable

Type uint32; value is nonzero. This key was never marked extractable.

kSecKeyEncrypt

Type uint32; value is nonzero. This key can be used in an encrypt operation.

kSecKeyDecrypt

Type uint32; value is nonzero. This key can be used in a decrypt operation.

kSecKeyDerive

Type uint32; value is nonzero. This key can be used in a key derivation operation.

kSecKeySign

Type uint32, value is nonzero. This key can be used in a sign operation.

kSecKeyVerify

Type uint32, value is nonzero. This key can be used in a verify operation.

kSecKeySignRecover

Type uint32.

kSecKeyVerifyRecover

Type uint32. This key can unwrap other keys.

kSecKeyWrap

Type uint32; value is nonzero. This key can wrap other keys.

kSecKeyUnwrap

Type uint32; value is nonzero. This key can unwrap other keys.

See Also

Legacy Attribute Info

SecKeychainAttributeInfoForItemID

Obtains tags for all possible attributes of a given item class.

SecKeychainFreeAttributeInfo

Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function.

SecKeychainAttributeInfo

A structure that represents an attribute.

SecItemAttr

Specifies a keychain item’s attributes.

SecAFPServerSignature

Represents a 16-byte Apple File Protocol server signature block.