ACL Authorization Keys

The operations an access control list entry applies to.

Topics

Constants

kSecACLAuthorizationAny

No restrictions. This ACL entry applies to all operations available to the caller.

kSecACLAuthorizationLogin

Use for a CSP (smart card) login.

kSecACLAuthorizationExportWrapped

Export a wrapped (that is, encrypted) key. This tag is checked on the key being exported; in addition, the CSSM_ACL_AUTHORIZATION_ENCRYPT tag is checked for any key used in the wrapping operation.

kSecACLAuthorizationExportClear

Export an unencrypted key.

kSecACLAuthorizationImportWrapped

Import an encrypted key. This tag is checked on the key being imported; in addition, the CSSM_ACL_AUTHORIZATION_DECRYPT tag is checked for any key used in the unwrapping operation.

kSecACLAuthorizationImportClear

Import an unencrypted key.

kSecACLAuthorizationSign

Digitally sign data.

kSecACLAuthorizationMAC

Create or verify a message authentication code.

kSecACLAuthorizationDerive

Derive a new key from another key.

kSecACLAuthorizationKeychainItemRead

Read an item from a keychain.

kSecACLAuthorizationKeychainItemInsert

Insert an item into a keychain.

kSecACLAuthorizationKeychainItemModify

Modify an item in a keychain.

kSecACLAuthorizationKeychainItemDelete

Delete an item from a keychain.

kSecACLAuthorizationChangeACL

Change an access control list entry.

kSecACLAuthorizationChangeOwner

For internal system use only. Use the CSSM_ACL_AUTHORIZATION_CHANGE_ACL tag for changes to owner ACL entries.

See Also

Access Control List Entries

SecACLCreateWithSimpleContents

Creates a new ACL entry with the given characteristics, and adds it to an access instance.

SecACLRemove

Removes the specified ACL entry from the access instance that contains it.

SecKeychainPromptSelector

Bits that define when a keychain should require a passphrase.

SecACLRef

An opaque type that represents information about an ACL entry.

SecACLGetTypeID

Returns the unique identifier of the opaque type to which an ACL entry belongs.