Search Attribute Keys and Values

Filter a keychain item search.

Overview

When looking for items using any of the SecItemCopyMatching(_:_:), SecItemUpdate(_:_:), or SecItemDelete(_:) functions, you specify a query dictionary containing both the item attributes to look for (see Item Attribute Keys and Values) and additional search attributes that condition the search. For example, you can use the matching key kSecMatchLimit with value kSecMatchLimitOne to restrict the output to include only the first result even when more than one item matches.

Topics

Item Search Matching Keys

Keys used to condition a keychain item search.

let kSecMatchPolicy: CFString

A key whose value indicates a policy with which a matching certificate or identity must verify.

let kSecMatchItemList: CFString

A key whose value indicates a list of items to search.

let kSecMatchSearchList: CFString

A key whose value indicates a list of items to search.

let kSecMatchIssuers: CFString

A key whose value is a string to match against a certificate or identity's issuers.

let kSecMatchEmailAddressIfPresent: CFString

A key whose value is a string to match against a certificate or identity's email address.

let kSecMatchSubjectContains: CFString

A key whose value is a string to look for in a certificate or identity's subject.

let kSecMatchSubjectStartsWith: CFString

A key whose value is a string to match against the beginning of a certificate or identity's subject.

let kSecMatchSubjectEndsWith: CFString

A key whose value is a string to match against the end of a certificate or identity's subject.

let kSecMatchSubjectWholeString: CFString

A key whose value is a string to exactly match a certificate or identity's subject.

let kSecMatchCaseInsensitive: CFString

A key whose value is a Boolean indicating whether case-insensitive matching is performed.

let kSecMatchDiacriticInsensitive: CFString

A key whose value is a Boolean indicating whether diacritic-insensitive matching is performed.

let kSecMatchWidthInsensitive: CFString

A key whose value is a Boolean indicating whether width-insensitive matching is performed.

let kSecMatchTrustedOnly: CFString

A key whose value is a Boolean indicating whether untrusted certificates should be returned.

let kSecMatchValidOnDate: CFString

A key whose value indicates the validity date.

let kSecMatchLimit: CFString

A key whose value indicates the match limit.

Match Limit Values

Use these values with the kSecMatchLimit key.

let kSecMatchLimitOne: CFString

A value that corresponds to matching exactly one item.

let kSecMatchLimitAll: CFString

A value that corresponds to matching an unlimited number of items.

Additional Item Search Keys

Keys used to specify additional keychain item search options.

let kSecUseItemList: CFString

A key whose value is an array of items to search.

let kSecUseKeychain: CFString

A key whose value is a keychain to operate on.

let kSecUseOperationPrompt: CFString

A key whose value is an operation prompt.

let kSecUseNoAuthenticationUI: CFString

A key whose value is a Boolean indicating whether to disallow UI authentication.

Deprecated
let kSecUseAuthenticationUI: CFString

A key whose value indicates whether the user may be prompted for authentication.

let kSecUseAuthenticationContext: CFString

A key whose value indicates a local authentication context to use.

let kSecUseDataProtectionKeychain: CFString

A key whose value indicates whether to treat macOS keychain items like iOS keychain items.

UI Authentication Values

Values you use with the kSecUseAuthenticationUI key.

let kSecUseAuthenticationUIAllow: CFString

A value that indicates user authentication is allowed.

let kSecUseAuthenticationUIFail: CFString

A value that indicates user authentication is disallowed.

let kSecUseAuthenticationUISkip: CFString

A value that indicates items requiring user authentication should be skipped.

See Also

Keychain Item Search

Searching for Keychain Items

Find keychain items based on search criteria that you specify.

func SecItemCopyMatching(CFDictionary, UnsafeMutablePointer<CFTypeRef?>?) -> OSStatus

Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.

Item Return Result Keys

Specify how you want returned keychain item data formatted.