Keychain Services provides secure storage of passwords, keys, certificates, and notes for one or more users. A user can unlock a keychain with a single password, and any Keychain Services–aware application can then use that keychain to store and retrieve passwords. Keychain Services Programming Guide contains an overview of Keychain Services, discusses the functions and data structures that are most commonly used by developers, and provides examples of how to use Keychain Services in your own applications.
This document concentrates on the use of Keychain Services to store and retrieve passwords. You should read this document if your application needs to handle passwords for:
Multiple users—for example, an email or scheduling server that has to authenticate many users
Multiple servers—for example, a banking or insurance application, which might have to exchange information with more than one secure database server
A user who needs to enter passwords—for example, a web browser, which can use a keychain to store the passwords a user needs for multiple secure web sites
You do not need any special knowledge of authentication schemes to use this document, but you should be familiar with the use and storage of passwords.
Organization of This Document
This document contains the following chapters:
“Keychain Services Concepts” provides an overview of Keychain Services and explains what keychains are and how they are used.
“OS X Keychain Services Tasks” contains sample code and detailed explanations of the most commonly-used Keychain Services functions.
“Glossary” defines new terms introduced in this book.
The following documents provide references to Apple’s keychain-related APIs.
Keychain Services Reference documents all the functions and structures provided in the Keychain Services API. These include the functions and structures used in this document, plus others used primarily by keychain administrative applications such as the Keychain Access application.
For more information about storing and retrieving certificates and keys, see Certificate, Key, and Trust Services Reference.
Keychain services and other OS X security APIs are built on the open source Common Data Security Architecture (CDSA) and its programming interface, Common Security Services Manager (CSSM). For more information about the CSSM API, see the following document:
Common Security: CDSA and CSSM, version 2 (with corrigenda) from The Open Group (http://www.opengroup.org/security/cdsa.htm).