Hello,
We have a kSecClassKey object and on MacOS, we have been setting the key non-extractable in the following manner, but many of the attributes seem to be deprecated.
Is there a better/recommended way of doing this on MacOS for private keys on login keychain using newer keychain attributes?
Thanks, Peter
(ex: kSecKeyExtractable)
Current legacy code on MacOS:
int attributeListSize = 1;
int attributeIndex = 0;
unsigned int falseValue = 0;
SecKeychainAttributeList privateKeyAttrList;
SecKeychainAttribute privateKeyKeyChainAttributes[attributeListSize];
privateKeyKeyChainAttributes[attributeIndex].tag = kSecKeyExtractable;
privateKeyKeyChainAttributes[attributeIndex].data = &falseValue;
privateKeyKeyChainAttributes[attributeIndex].length = sizeof(falseValue);
privateKeyAttrList.count = attributeListSize;
privateKeyAttrList.attr = privateKeyKeyChainAttributes;
OSStatus status = SecKeychainItemModifyAttributesAndData((SecKeychainItemRef) keyRef, &privateKeyAttrList, 0, NULL);
if (status != errSecSuccess)
{
NSString *errMessage = [NSString stringWithFormat: @"Failed to modify kSecKeyExtractable attribute for key, status: %d", status];
*error = [self buildNSErrorForDomain:errorDomain
errorCode:keychainFailure
errorMessage: errMessage
underlyingError:[NSError errorWithDomain:keychainErrorDomain code:status userInfo:nil]
shouldRetry:false];
}