User Profile

During the creation of several key items, I noticed that there are several 'label' or 'tag' options. I did some investigation and I found three different, interesting, values.kSecAttrApplicationTag - A key whose value indicates the item's private tag.kSecAttrApplicationLabel - A key whose value indicates the item's application label.kSecAttrLabel - A key whose value is a string indicating the item's label.I read that the kSecAttrLabel is "human readable data". But what exactly is meant with the description of the kSecAttrApplicationTag? What exactly is the private tag.Another question I have is, how can I uniquely identify a key. Say I want to have a single key to encrypt a specific file, how would I go about doing so? Theoretically, I could set the kSecAttrApplicationLabel, as this has to be a unique value, meaing if I were to set the value to "com.app.appname.someidentifier".data(using: .utf8)! an error would occur if the key would (accidentally) be created again (which is what I want to prevent). However the discussion says "in particular, for keys of class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of this attribute is the hash of the public key", and RSA keys do have the public/private class, so the value would no longer be the hash of the public key. Am I actually allowed to overwrite the kSecAttrApplicationLabel? If not, do I have to check if a key for kSecAttrApplicationTag/kSecAttrLabel already exists and delete it first, before adding a new 'unique' key?Thanks in advance!

I was wondering if there is a way to determine the curve of an ECC key when/after stored in the KeyChain. swift let ed25519 = Curve25519.Signing.PrivateKey().rawRepresentation let p256 = P256.Signing.PrivateKey().rawRepresentation As these keys have the same size (256 bits), it's very confusing. I would be able to differentiate between P256, P384 and P521 using the key size, but is there a way to tell the difference between the Curve25519 and P256 variant, or maybe an attribute providing the used curve when stored in the Keychain?

I'm creating a framework for iOS that needs to store files and keys (mostly symmetric keys). I was wondering if I can prevent the parent app from accessing: Keys/SecItems I create in Keychain Files I create/store on the device

I have recently used URLSession.shared.dataTask(with:completionHandler:), and it got me wondering:Why are status codes like 400/500 not presented in the Error? object of the completionHandler?Is there a list of errors that have the possibility of ending up in the Error? object of the completionHandler? The 'An error object indicating why the request failed' is quite broad and I am interested in a list of what actually ends up in there.Thanks!Craz1k0ek

I have a problem creating a checksum that matches for OpenSSL and iOS' CommonCrypto implementation. I currently have a .plist file that I want to validate using a checksum. What I have done is the following:openssl dgst -sha256 file.plist SHA256(file.plist)= a33184700a1f61f80d4a1d092e83457c9abdf794c20daa276bd3e1e8a4ceb55cAlternatively used the internal shasum functionshasum -a 256 file.plist a33184700a1f61f80d4a1d092e83457c9abdf794c20daa276bd3e1e8a4ceb55c file.plistSo I now have the sha256 hash of the file. I will create base64 data that can be used in Swiftecho -n 'a33184700a1f61f80d4a1d092e83457c9abdf794c20daa276bd3e1e8a4ceb55c' | xxd -r -p | base64 ozGEcAofYfgNSh0JLoNFfJq995TCDaona9Ph6KTOtVw=So right now, I have the hash and I can use that in iOS. Note that I hashed the exact file that is in Xcode's file inspector.let calculatedHash = Data(base64Encoded: "ozGEcAofYfgNSh0JLoNFfJq995TCDaona9Ph6KTOtVw=")! let fileURL = Bundle.main.url(forResource: "file", withExtension: "plist")! let fileData = try! Data(contentsOf: fileURL) var hash = Data(count: Int(CC_SHA256_DIGEST_LENGTH)) hash.withUnsafeMutableBytes { hashBuffer in fileData.withUnsafeBytes { buffer in _ = CC_SHA256(buffer.baseAddress!, CC_LONG(buffer.count), hashBuffer.bindMemory(UInt8.self).baseAddress) } } print(caluclatedHash as NSData) print(hash as NSData) // <a3318470 0a1f61f8 0d4a1d09 2e83457c 9abdf794 c20daa27 6bd3e1e8 a4ceb55c> // <96d172a8 48235f59 66ff2af3 dae8220d df33f0aa 3be78c46 9d5a18e4 9c73aecd>As you can see, the output is different for the iOS hash. Why is that and how do I solve it?Thanks in advance!Craz1k0ek

I have read the main article about notifications and the more elaborate documentation but I'm left with some questions.When the user is prompted to opt in for notifications, the didRegisterForRemoteNotificationsWithDeviceToken will be triggered, correct? I receive some kind of device token in this function that I can send to my server, so I can notify this device through that token, correct?So what happens when the user opts out of notifications through the settings menu? Does my app receive a function call I can handle? How can I notify my server that the device token is no longer used or that the notifications are disabled?Now the user has no notifications, but feels he/she should opt back in and does so via the settings again. Do I get a call in my app I can handle? Is the device token different from before? If I do not get a call I can handle, but the device does have a new device token, how do I notify this to my server?And last but not least, after uninstalling and reinstalling my app, does the app store the settings of the notifications (permissions and/or device token). Thanks in advance!Craz1k0ek

I was wondering what the correct way is to store an AES key to the KeyChain. I have read articles about people losing key data and also about people not having access to keys.I know there is an API available to do AES encryption for you, but I want to have direct access to the key data, I just have to. I have seen objective-C implementation using CSSM_ALGID_AES, but that variable is not available in Swift. Furthermore, the documentation says that the kSecAttrKeyTypeAES is not available (or at least no longer) available on iOS.I managed to create a key dictionary that will create a key as if it is an AES key, as the CSSM_ALGID_AES value equals 2147483649, meaning, I am able to create a key with that type and it is added correctly (read more, correctly might not be correctly).let aesKey: [String: Any] = [ String(kSecClass): kSecClassKey, String(kSecAttrKeyType): 2147483649, String(kSecAttrKeySizeInBits): 128, String(kSecAttrEffectiveKeySize): 128, String(kSecAttrCanEncrypt): true, String(kSecAttrCanDecrypt): true, String(kSecAttrCanDerive): false, String(kSecAttrCanSign): false, String(kSecAttrCanVerify): false, String(kSecAttrCanWrap): false, String(kSecAttrCanUnwrap): false, String(kSecValueData): "1234567887654321".data(using: .utf8)! ] var result: CFTypeRef? = nil let status = SecItemAdd(aesKey as CFDictionary, &result) if status != errSecSuccess { print("Error occured during key add: \(status)") } else { print("Created key!") print(result ?? "Still no result though") }It is interesting to see that this is one working way to store an AES key, however, I am never able to retrieve the SecKeyRef (it also appears it's not created when calling SecItemAdd).So, is this the correct way to store a key like this, or am I better of creating a kSecClassGenericPassword (as it appears to have the same effect).Is it also correct to create a key with the kSecAttrKeyType value set to 2147483649, or am I really only allowed to create it with the predefined kSecAttrKeyTypes (EC, ECSECPrimeRandom, RSA). Are there any other consequences to creating and storing a key like this, like losing access or key data?