Item Attribute Keys and Values

Specify the attributes of keychain items.

Overview

In addition to the data that you want to store, keychain items also have attributes that allow you to find them later and that allow you to control how the data is used or shared.

You specify attributes as the keys and values of a dictionary. The available attribute keys are listed below. Typically, the corresponding value is a string, a number, or some other basic type, as given in each key description. In a few cases, the value comes instead from a list of a known constants. These predefined attribute values are also listed below, grouped according to the key that they serve.

Topics

General Item Attribute Keys

let kSecAttrAccess: CFString

A key whose value in an access instance indicating access control list settings for this item.

let kSecAttrAccessControl: CFString

A key whose value in an access control instance indicating access control settings for the item.

let kSecAttrAccessible: CFString

A key whose value indicates when a keychain item is accessible.

let kSecAttrAccessGroup: CFString

A key whose value is a string indicating the access group an item is in.

let kSecAttrSynchronizable: CFString

A key whose value is a string indicating whether the item is synchronized through iCloud.

let kSecAttrCreationDate: CFString

A key whose value indicates the item's creation date.

let kSecAttrModificationDate: CFString

A key whose value indicates the item's last modification date.

let kSecAttrDescription: CFString

A key whose value is a string indicating the item's description.

let kSecAttrComment: CFString

A key whose value is a string indicating a comment associated with the item.

let kSecAttrCreator: CFString

A key whose value indicates the item's creator.

let kSecAttrType: CFString

A key whose value indicates the item's type.

let kSecAttrLabel: CFString

A key whose value is a string indicating the item's label.

let kSecAttrIsInvisible: CFString

A key whose value is a Boolean indicating the item's visibility.

let kSecAttrIsNegative: CFString

A key whose value is a Boolean indicating whether the item has a valid password.

let kSecAttrSyncViewHint: CFString

A key whose value is a string that provides a sync view hint.

Password Attribute Keys

let kSecAttrAccount: CFString

A key whose value is a string indicating the item's account name.

let kSecAttrService: CFString

A key whose value is a string indicating the item's service.

let kSecAttrGeneric: CFString

A key whose value indicates the item's user-defined attributes.

let kSecAttrSecurityDomain: CFString

A key whose value is a string indicating the item's security domain.

let kSecAttrServer: CFString

A key whose value is a string indicating the item's server.

let kSecAttrProtocol: CFString

A key whose value indicates the item's protocol.

let kSecAttrAuthenticationType: CFString

A key whose value indicates the item's authentication scheme.

let kSecAttrPort: CFString

A key whose value indicates the item's port.

let kSecAttrPath: CFString

A key whose value is a string indicating the item's path attribute.

Certificate Attribute Keys

let kSecAttrSubject: CFString

A key whose value indicates the item's subject name.

let kSecAttrIssuer: CFString

A key whose value indicates the item's issuer.

let kSecAttrSerialNumber: CFString

A key whose value indicates the item's serial number.

let kSecAttrSubjectKeyID: CFString

A key whose value indicates the item's subject key ID.

let kSecAttrPublicKeyHash: CFString

A key whose value indicates the item's public key hash.

let kSecAttrCertificateType: CFString

A key whose value indicates the item's certificate type.

let kSecAttrCertificateEncoding: CFString

A key whose value indicates the item's certificate encoding.

Cryptographic Key Attribute Keys

let kSecAttrKeyClass: CFString

A key whose value indicates the item's cryptographic key class.

let kSecAttrApplicationLabel: CFString

A key whose value indicates the item's application label.

let kSecAttrApplicationTag: CFString

A key whose value indicates the item's private tag.

let kSecAttrKeyType: CFString

A key whose value indicates the item's algorithm.

let kSecAttrPRF: CFString

A key whose value indicates the item's pseudorandom function.

let kSecAttrSalt: CFString

A key whose value indicates the salt to use for this item.

let kSecAttrRounds: CFString

A key whose value indicates the number of rounds to run the pseudorandom function.

let kSecAttrKeySizeInBits: CFString

A key whose value indicates the number of bits in a cryptographic key.

let kSecAttrEffectiveKeySize: CFString

A key whose value indicates the effective number of bits in a cryptographic key.

let kSecAttrTokenID: CFString

A key whose value indicates that a cryptographic key is in an external store.

Cryptographic Key Usage Attribute Keys

let kSecAttrIsPermanent: CFString

A key whose value indicates the item's permanence.

let kSecAttrIsSensitive: CFString

A key whose value indicates the item's sensitivity.

let kSecAttrIsExtractable: CFString

A key whose value indicates the item's extractability.

let kSecAttrCanEncrypt: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for encryption.

let kSecAttrCanDecrypt: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for decryption.

let kSecAttrCanDerive: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for derivation.

let kSecAttrCanSign: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for digital signing.

let kSecAttrCanVerify: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for signature verification.

let kSecAttrCanWrap: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for wrapping.

let kSecAttrCanUnwrap: CFString

A key whose value is a Boolean that indicates whether the cryptographic key can be used for unwrapping.

Protocol Values

Values you use with the kSecAttrProtocol attribute key.

let kSecAttrProtocolFTPAccount: CFString

A client side FTP account.

Authentication Type Values

Values you use with the kSecAttrAuthenticationType attribute key.

let kSecAttrAuthenticationTypeNTLM: CFString

Windows NT LAN Manager authentication.

let kSecAttrAuthenticationTypeMSN: CFString

Microsoft Network default authentication.

let kSecAttrAuthenticationTypeDPA: CFString

Distributed Password authentication.

let kSecAttrAuthenticationTypeRPA: CFString

Remote Password authentication.

let kSecAttrAuthenticationTypeHTTPDigest: CFString

HTTP Digest Access authentication.

let kSecAttrAuthenticationTypeDefault: CFString

The default authentication type.

Key Class Values

Values you use with the kSecAttrKeyClass attribute key.

let kSecAttrKeyClassPublic: CFString

A public key of a public-private pair.

let kSecAttrKeyClassPrivate: CFString

A private key of a public-private pair.

let kSecAttrKeyClassSymmetric: CFString

A private key used for symmetric-key encryption and decryption.

Synchronizability Values

Values you use with the kSecAttrSynchronizable attribute key.

let kSecAttrSynchronizableAny: CFString

Specifies that both synchronizable and non-synchronizable results should be returned from a query.

Token ID Values

Values you use with the kSecAttrTokenID attribute key.

let kSecAttrTokenIDSecureEnclave: CFString

Specifies an item should be stored in the device's Secure Enclave.

Accessibility Values

Values you use with the kSecAttrAccessible attribute key, listed from most to least restrictive.

let kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly: CFString

The data in the keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.

let kSecAttrAccessibleWhenUnlockedThisDeviceOnly: CFString

The data in the keychain item can be accessed only while the device is unlocked by the user.

let kSecAttrAccessibleWhenUnlocked: CFString

The data in the keychain item can be accessed only while the device is unlocked by the user.

let kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly: CFString

The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user.

let kSecAttrAccessibleAfterFirstUnlock: CFString

The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user.

let kSecAttrAccessibleAlwaysThisDeviceOnly: CFString

The data in the keychain item can always be accessed regardless of whether the device is locked.

let kSecAttrAccessibleAlways: CFString

The data in the keychain item can always be accessed regardless of whether the device is locked.

Pseudorandom Function Values

Values you use with the kSecAttrPRF attribute key to indicate the item's pseudorandom function.

Access Group Values

Values you use with the kSecAttrAccessGroup attribute key.

let kSecAttrAccessGroupToken: CFString

The access group containing items provided by external tokens (typically a smart card).

See Also

Adding Keychain Items

Adding a Password to the Keychain

Add network credentials to the keychain on behalf of the user.

Item Class Keys and Values

Specify the class of a keychain item.