Keychain Services

Keychain Services is a programming interface that enables you to find, add, modify, and delete keychain items.

Overview

If you want to look at some code that uses this API, you can find the source code for the security command-line tool in the SecurityTool project on http://opensource.apple.com/.

Symbols

Using Keychain Item Search Dictionaries

For this interface, keychain items are found or defined by a CFDictionary of key-value pairs. Each key in the dictionary identifies one attribute of the keychain item, or a search option. For example, you can use the kSecClass key to specify that the keychain item is an Internet password, that it has a specific creation date, that it is for the HTTPS protocol, and that only the first match found should be returned. The keys that can be used for this purpose and the possible values for each key are listed in the Keychain Services section.

See the discussion section of the SecItemCopyMatching(_:_:) function for information about how to construct a keychain-item search dictionary.

func SecItemCopyMatching(CFDictionary, UnsafeMutablePointer<CFTypeRef?>?)

Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.

func SecItemUpdate(CFDictionary, CFDictionary)

Modifies items that match a search query.

func SecItemDelete(CFDictionary)

Deletes items that match a search query.

Getting Information About Security Result Codes

func SecCopyErrorMessageString(OSStatus, UnsafeMutableRawPointer?)

Returns a string explaining the meaning of a security result code.

Getting Information About Keychain Services and Types

func SecKeychainGetVersion(UnsafeMutablePointer<UInt32>)

Determines the version of Keychain Services installed on the user’s system.

func SecKeychainGetTypeID()

Returns the unique identifier of the opaque type to which a SecKeychainRef object belongs.

func SecKeychainItemGetTypeID()

Returns the unique identifier of the opaque type to which a SecKeychainItemRef object belongs.

func SecAccessGetTypeID()

Returns the unique identifier of the opaque type to which a SecAccessRef object belongs.

func SecACLGetTypeID()

Returns the unique identifier of the opaque type to which a SecACLRef object belongs.

func SecTrustedApplicationGetTypeID()

Returns the unique identifier of the opaque type to which a SecTrustedApplication object belongs.

Creating and Deleting a Keychain

func SecKeychainDelete(SecKeychain?)

Deletes one or more keychains from the default keychain search list, and removes the keychain itself if it is a file.

Locking and Unlocking Keychains

func SecKeychainLockAll()

Locks all keychains belonging to the current user.

Managing User Interaction

func SecKeychainSetUserInteractionAllowed(Bool)

Enables or disables the user interface for Keychain Services functions that automatically display a user interface.

func SecKeychainGetUserInteractionAllowed(UnsafeMutablePointer<DarwinBoolean>)

Indicates whether Keychain Services functions that normally display a user interaction are allowed to do so.

Managing Keychain Access

func SecKeychainSetAccess(SecKeychain?, SecAccess)

Sets the application access for a keychain.

Searching for Keychain Items

func SecKeychainSetSearchList(CFArray)

Specifies the list of keychains to use in the default keychain search list.

Managing Keychain Items

func SecKeychainItemFreeAttributesAndData(UnsafeMutablePointer<SecKeychainAttributeList>?, UnsafeMutableRawPointer?)

Releases the memory used by the keychain attribute list and/or the keychain data retrieved in a call to SecKeychainItemCopyAttributesAndData.

func SecKeychainItemFreeContent(UnsafeMutablePointer<SecKeychainAttributeList>?, UnsafeMutableRawPointer?)

Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to the SecKeychainItemCopyContent(_:_:_:_:_:) function.

func SecKeychainFreeAttributeInfo(UnsafeMutablePointer<SecKeychainAttributeInfo>)

Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function.

func SecKeychainItemSetAccess(SecKeychainItem, SecAccess)

Sets the access of a given keychain item.

Creating an Access Object

Managing Access Objects

func SecAccessCopyACLList(SecAccess, UnsafeMutablePointer<CFArray?>)

Retrieves all the access control list entries of a given access object.

func SecAccessCopyMatchingACLList(SecAccess, CFTypeRef)

Retrieves selected access control lists from a given access object.

Creating Access Control Objects

Managing Access Control List Objects

func SecACLCreateWithSimpleContents(SecAccess, CFArray?, CFString, SecKeychainPromptSelector, UnsafeMutablePointer<SecACL?>)

Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item’s access object.

func SecACLRemove(SecACL)

Removes the specified access control list entry.

func SecACLCopyContents(SecACL, UnsafeMutablePointer<CFArray?>, UnsafeMutablePointer<CFString?>, UnsafeMutablePointer<SecKeychainPromptSelector>)

Returns the application list, description, and prompt selector for a given access control list entry.

func SecACLSetContents(SecACL, CFArray?, CFString, SecKeychainPromptSelector)

Sets the application list, description, and prompt selector for a given access control list entry.

func SecACLCopyAuthorizations(SecACL)

Retrieves the authorization tags of a given access control list entry.

func SecACLUpdateAuthorizations(SecACL, CFArray)

Sets the authorization tags for a given access control list entry.

Managing Trusted Applications

func SecTrustedApplicationCreateFromPath(UnsafePointer<Int8>?, UnsafeMutablePointer<SecTrustedApplication?>)

Creates a trusted application object based on the application specified by path.

func SecTrustedApplicationSetData(SecTrustedApplication, CFData)

Sets the data of a given trusted application object.

Managing Preference Domains

func SecKeychainCopyDomainDefault(SecPreferencesDomain, UnsafeMutablePointer<SecKeychain?>)

Retrieves the default keychain from a specified preference domain.

func SecKeychainSetDomainDefault(SecPreferencesDomain, SecKeychain?)

Sets the default keychain for a specified preference domain.

func SecKeychainCopyDomainSearchList(SecPreferencesDomain, UnsafeMutablePointer<CFArray?>)

Retrieves the keychain search list for a specified preference domain.

func SecKeychainSetDomainSearchList(SecPreferencesDomain, CFArray)

Sets the keychain search list for a specified preference domain.

Adding and Removing Callbacks

Callbacks

SecKeychainCallback

Defines a pointer to a customized callback function that Keychain Services calls when a keychain event has occurred.

Data Types

SecAccess

Identifies a keychain or keychain item’s access information.

SecACL

Represents information about an access control list entry.

SecAFPServerSignature

Represents a 16-byte Apple File Protocol server signature block.

SecKeychainAttribute

Contains keychain attributes.

SecKeychainAttributePtr

Represents a pointer to a keychain attribute structure.

SecKeychainAttributeInfo

Represents an attribute.

SecKeychainAttributeList

Represents a list of keychain attributes.

SecKeychainAttrType

Represents a keychain attribute type.

SecKeychainCallbackInfo

Contains information about a keychain event.

SecKeychainItem

Contains information about a keychain item.

SecKeychain

Contains information about a keychain.

SecKeychainSearch

Contains information about a keychain search.

SecKeychainSettings

Contains information about keychain settings.

SecKeyImportExportParameters

Contains input parameters for import and export functions.

SecTrustedApplication

Contains information about a trusted application.

SecPassword

Contains information about a password.

Keychain Services API Constants

Import/Export Parameters Version

Defines the version of an import/export parameters structure.

SecAuthenticationType

Defines constants you can use to identify the type of authentication to use for an Internet password.

SecKeychainEvent

Defines the keychain-related event.

SecKeychainEventMask

Defines bit masks for keychain event constants

SecItemAttr

Specifies a keychain item’s attributes.

Keychain Item Attribute Constants For Keys

Specifies the attributes for a key item in a keychain.

SecItemClass

Specifies a keychain item’s class code.

SecItemImportExportFlags

Defines values for import and export flags.

SecKeyImportExportFlags

Defines values for the flags field of the import/export parameters.

SecExternalFormat

Specifies the format of an item after export from or before import to the keychain.

SecExternalItemType

Specifies the type of keychain item being imported.

Keychain Import/Export Options

Predefined key constants used when passing dictionary-based arguments to import/export functions.

SecPreferencesDomain

Defines constants for the keychain preference domains.

SecProtocolType

Defines the protocol type associated with an AppleShare or Internet password.

Keychain Settings Version

Defines the keychain settings version.

SecKeychainStatus

Defines the current status of a keychain.

SecKeychainPromptSelector

Bits that define when using a keychain should require a passphrase.

SecAccessOwnerType

Flags used when creating an access control list entry.

Keychain Item Class Keys and Values

Constants used in a search dictionary to specify the class of items in the keychain. See SecItemCopyMatching(_:_:) for a description of a search dictionary.

Item Class Key Constant

Key constant used to set the item class value in a search dictionary.

Item Class Value Constants

Values used with the kSecClass key in a search dictionary.

Attribute Item Keys and Values

You use keys in a search dictionary to specify the keychain items for which to search. You can specify a combination of item attributes and search attributes (see Search Keys) when looking for matching items with the SecItemCopyMatching(_:_:) function. This section lists all the keys that specify keychain item attributes. The description of each item indicates what the possible values are for that key. In a few cases, the programming interface provides a set of constants that you can use as values for a specific key. Those value constants are also in this section, following the descriptions of the keys.

Attribute Item Keys

Each type of keychain item can have a number of attributes describing that item. For the possible types of keychain item and the attributes that can be specified for each, see Keychain Item Class Keys and Values.

Protocol Values

Values that can be used with the kSecAttrProtocol attribute key.

Authentication Type Values

Values that can be used with the kSecAttrAuthenticationType attribute key.

Key Class Values

Values that can be used with the kSecAttrKeyClass attribute key.

Key Type Values

Values that can be used with the kSecAttrKeyType attribute key.

Synchronizable Values

Values that can be used with the kSecAttrSynchronizable attribute key.

Token ID Values

Values that can be used with the kSecAttrTokenID attribute key.

Keychain Item Accessibility Constants

These constants are legal values for kSecAttrAccessible used for determining when a keychain item should be readable.

kSecAttrPRF Value Constants

Constants used for the kSecAttrPRF key in the parameters dictionary passed to SecKeyDeriveFromPassword(_:_:_:).

Search Keys

Search Attribute Keys

Keys used to set search attributes in a keychain search dictionary. You can specify a combination of search attributes and item attributes (see Attribute Item Keys and Values) when looking for matching items with the SecItemCopyMatching(_:_:) function.

Item List Key

Keys used to control user interaction during a search.

UI Authentication Values

Values that can be used with the kSecUseAuthenticationUI key.

Search Results Constants

Return Type Keys

Keys used to specify the type of results that should be returned by the SecItemCopyMatching(_:_:) or SecItemAdd(_:_:) function.

Value Type Keys

Keys used in the results dictionary for SecItemCopyMatching(_:_:) or SecItemAdd(_:_:), indicating the type of values returned. You can specify zero or more of these types depending on the function you are calling.

Authorization Keys

Core-Foundation-based ACL Authorization Keys

Defines constants that specify which operations an access control list entry applies to.

Access Control Create Flags

SecAccessControlCreateFlags

Defines constants to be used with the SecAccessControlCreateWithFlags(_:_:_:_:) function.

Result Codes

The most common result codes returned by Keychain Services are listed in the table below. The assigned error space for Keychain Services is discontinuous: –25240 through –25279 and –25290 through –25329. Keychain Item Services may also return noErr (0) or paramErr (–50), or CSSM result codes (see Common Security: CDSA and CSSM, version 2 (with corrigenda) from The Open Group (http://www.opengroup.org/security/cdsa.htm)).

var errSecUnimplemented: OSStatus

Function or operation not implemented.

var errSecParam: OSStatus

One or more parameters passed to the function were not valid.

var errSecAllocate: OSStatus

Failed to allocate memory.

var errSecNotAvailable: OSStatus

No trust results are available.

var errSecAuthFailed: OSStatus

Authorization/Authentication failed.

var errSecNoSuchKeychain: OSStatus

The keychain does not exist.

var errSecInvalidKeychain: OSStatus

The keychain is not valid.

var errSecDuplicateKeychain: OSStatus

A keychain with the same name already exists.

var errSecDuplicateCallback: OSStatus

More than one callback of the same name exists.

var errSecInvalidCallback: OSStatus

The callback is not valid.

var errSecDuplicateItem: OSStatus

The item already exists.

var errSecItemNotFound: OSStatus

The item cannot be found.

var errSecBufferTooSmall: OSStatus

The buffer is too small.

var errSecDataTooLarge: OSStatus

The data is too large for the particular data type.

var errSecNoSuchAttr: OSStatus

The attribute does not exist.

var errSecInvalidItemRef: OSStatus

The item reference is invalid.

var errSecInvalidSearchRef: OSStatus

The search reference is invalid.

var errSecNoSuchClass: OSStatus

The keychain item class does not exist.

var errSecNoDefaultKeychain: OSStatus

A default keychain does not exist.

var errSecInteractionNotAllowed: OSStatus

Interaction with the Security Server is not allowed.

var errSecReadOnlyAttr: OSStatus

The attribute is read only.

var errSecWrongSecVersion: OSStatus

The version is incorrect.

var errSecKeySizeNotAllowed: OSStatus

The key size is not allowed.

var errSecNoStorageModule: OSStatus

There is no storage module available.

var errSecNoCertificateModule: OSStatus

There is no certificate module available.

var errSecNoPolicyModule: OSStatus

There is no policy module available.

var errSecInteractionRequired: OSStatus

User interaction is required.

var errSecDataNotAvailable: OSStatus

The data is not available.

var errSecDataNotModifiable: OSStatus

The data is not modifiable.

var errSecCreateChainFailed: OSStatus

The attempt to create a certificate chain failed.

var errSecInvalidPrefsDomain: OSStatus

The preference domain specified is invalid. This error is available in macOS 10.3 and later.

var errSecInDarkWake: OSStatus

The user interface could not be displayed because the system is in a dark wake state.

var errSecACLNotSimple: OSStatus

The access control list is not in standard simple form.

var errSecPolicyNotFound: OSStatus

The policy specified cannot be found.

var errSecInvalidTrustSetting: OSStatus

The trust setting is invalid.

var errSecNoAccessForItem: OSStatus

The specified item has no access control.

var errSecInvalidOwnerEdit: OSStatus

An invalid attempt to change the owner of an item.

var errSecTrustNotAvailable: OSStatus

No trust results are available.

var errSecUnsupportedFormat: OSStatus

The specified import or export format is not supported.

var errSecUnknownFormat: OSStatus

The item you are trying to import has an unknown format.

var errSecKeyIsSensitive: OSStatus

The key must be wrapped to be exported.

var errSecMultiplePrivKeys: OSStatus

An attempt was made to import multiple private keys.

var errSecPassphraseRequired: OSStatus

A password is required for import or export.

var errSecInvalidPasswordRef: OSStatus

The password reference was invalid.

var errSecInvalidTrustSettings: OSStatus

The trust settings record was corrupted.

var errSecNoTrustSettings: OSStatus

No trust settings were found.

var errSecPkcs12VerifyFailure: OSStatus

MAC verification failed during PKCS12 Import.

var errSecNotSigner: OSStatus

The certificate was not signed by its proposed parent.

var errSecDecode: OSStatus

Unable to decode the provided data.

var errSecServiceNotAvailable: OSStatus

The required service is not available.

var errSecInsufficientClientID: OSStatus

The client ID is not correct.

var errSecDeviceReset: OSStatus

A device reset has occurred.

var errSecDeviceFailed: OSStatus

A device failure has occurred.

var errSecAppleAddAppACLSubject: OSStatus

Adding an application ACL subject failed.

var errSecAppleSignatureMismatch: OSStatus

A signature mismatch has occurred.

var errSecAppleInvalidKeyStartDate: OSStatus

The specified key has an invalid start date.

var errSecAppleInvalidKeyEndDate: OSStatus

The specified key has an invalid end date.

var errSecConversionError: OSStatus

A conversion error has occurred.

var errSecAppleSSLv2Rollback: OSStatus

A SSLv2 rollback error has occurred.

var errSecQuotaExceeded: OSStatus

The quota was exceeded.

var errSecFileTooBig: OSStatus

The file is too big.

var errSecInvalidDatabaseBlob: OSStatus

The specified database has an invalid blob.

var errSecInvalidKeyBlob: OSStatus

The specified database has an invalid key blob.

var errSecIncompatibleDatabaseBlob: OSStatus

The specified database has an incompatible blob.

var errSecIncompatibleKeyBlob: OSStatus

The specified database has an incompatible key blob.

var errSecHostNameMismatch: OSStatus

A host name mismatch has occurred.

var errSecUnknownCriticalExtensionFlag: OSStatus

There is an unknown critical extension flag.

var errSecNoBasicConstraints: OSStatus

No basic constraints were found.

var errSecNoBasicConstraintsCA: OSStatus

No basic CA constraints were found.

var errSecInvalidAuthorityKeyID: OSStatus

The authority key ID is not valid.

var errSecInvalidSubjectKeyID: OSStatus

The subject key ID is not valid.

var errSecInvalidKeyUsageForPolicy: OSStatus

The key usage is not valid for the specified policy.

var errSecInvalidExtendedKeyUsage: OSStatus

The extended key usage is not valid.

var errSecInvalidIDLinkage: OSStatus

The ID linkage is not valid.

var errSecPathLengthConstraintExceeded: OSStatus

The path length constraint was exceeded.

var errSecInvalidRoot: OSStatus

The root or anchor certificate is not valid.

var errSecCRLExpired: OSStatus

The CRL has expired.

var errSecCRLNotValidYet: OSStatus

The CRL is not yet valid.

var errSecCRLNotFound: OSStatus

The CRL was not found.

var errSecCRLServerDown: OSStatus

The CRL server is down.

var errSecCRLBadURI: OSStatus

The CRL has a bad Uniform Resource Identifier.

var errSecUnknownCertExtension: OSStatus

An unknown certificate extension was encountered.

var errSecUnknownCRLExtension: OSStatus

An unknown CRL extension was encountered.

var errSecCRLNotTrusted: OSStatus

The CRL is not trusted.

var errSecIDPFailure: OSStatus

The issuing distribution point was not valid.

var errSecSMIMEEmailAddressesNotFound: OSStatus

An email address mismatch was encountered.

var errSecSMIMEBadExtendedKeyUsage: OSStatus

The appropriate extended key usage for SMIME was not found.

var errSecSMIMEBadKeyUsage: OSStatus

The key usage is not compatible with SMIME.

var errSecSMIMEKeyUsageNotCritical: OSStatus

The key usage extension is not marked as critical.

var errSecSMIMENoEmailAddress: OSStatus

No email address was found in the certificate.

var errSecSMIMESubjAltNameNotCritical: OSStatus

The subject alternative name extension is not marked as critical.

var errSecSSLBadExtendedKeyUsage: OSStatus

The appropriate extended key usage for SSL was not found.

var errSecOCSPBadResponse: OSStatus

The OCSP response was incorrect or could not be parsed.

var errSecOCSPBadRequest: OSStatus

The OCSP request was incorrect or could not be parsed.

var errSecOCSPUnavailable: OSStatus

OCSP service is unavailable.

var errSecOCSPStatusUnrecognized: OSStatus

The OCSP server did not recognize this certificate.

var errSecEndOfData: OSStatus

An end-of-data was detected.

var errSecIncompleteCertRevocationCheck: OSStatus

An incomplete certificate revocation check occurred.

var errSecNetworkFailure: OSStatus

A network failure occurred.

var errSecOCSPNotTrustedToAnchor: OSStatus

The OCSP response was not trusted to a root or anchor certificate.

var errSecRecordModified: OSStatus

The record was modified.

var errSecOCSPSignatureError: OSStatus

The OCSP response had an invalid signature.

var errSecOCSPNoSigner: OSStatus

The OCSP response had no signer.

var errSecOCSPResponderMalformedReq: OSStatus

The OCSP responder was given a malformed request.

var errSecOCSPResponderInternalError: OSStatus

The OCSP responder encountered an internal error.

var errSecOCSPResponderTryLater: OSStatus

The OCSP responder is busy, try again later.

var errSecOCSPResponderSignatureRequired: OSStatus

The OCSP responder requires a signature.

var errSecOCSPResponderUnauthorized: OSStatus

The OCSP responder rejected this request as unauthorized.

var errSecOCSPResponseNonceMismatch: OSStatus

The OCSP response nonce did not match the request.

var errSecCodeSigningBadCertChainLength: OSStatus

Code signing encountered an incorrect certificate chain length.

var errSecCodeSigningNoBasicConstraints: OSStatus

Code signing found no basic constraints.

var errSecCodeSigningBadPathLengthConstraint: OSStatus

Code signing encountered an incorrect path length constraint.

var errSecCodeSigningNoExtendedKeyUsage: OSStatus

Code signing found no extended key usage.

var errSecCodeSigningDevelopment: OSStatus

Code signing indicated use of a development-only certificate.

var errSecResourceSignBadCertChainLength: OSStatus

Resource signing has encountered an incorrect certificate chain length.

var errSecResourceSignBadExtKeyUsage: OSStatus

Resource signing has encountered an error in the extended key usage.

var errSecTrustSettingDeny: OSStatus

The trust setting for this policy was set to Deny.

var errSecInvalidSubjectName: OSStatus

An invalid certificate subject name was encountered.

var errSecUnknownQualifiedCertStatement: OSStatus

An unknown qualified certificate statement was encountered.

var errSecMobileMeRequestQueued: OSStatus

The MobileMe request will be sent during the next connection.

var errSecMobileMeRequestRedirected: OSStatus

The MobileMe request was redirected.

var errSecMobileMeServerError: OSStatus

A MobileMe server error occurred.

var errSecMobileMeServerNotAvailable: OSStatus

The MobileMe server is not available.

var errSecMobileMeServerAlreadyExists: OSStatus

The MobileMe server reported that the item already exists.

var errSecMobileMeServerServiceErr: OSStatus

A MobileMe service error has occurred.

var errSecMobileMeRequestAlreadyPending: OSStatus

A MobileMe request is already pending.

var errSecMobileMeNoRequestPending: OSStatus

MobileMe has no request pending.

var errSecMobileMeCSRVerifyFailure: OSStatus

A MobileMe CSR verification failure has occurred.

var errSecMobileMeFailedConsistencyCheck: OSStatus

MobileMe has found a failed consistency check.

var errSecNotInitialized: OSStatus

A function was called without initializing CSSM.

var errSecInvalidHandleUsage: OSStatus

The CSSM handle does not match with the service type.

var errSecPVCReferentNotFound: OSStatus

A reference to the calling module was not found in the list of authorized callers.

var errSecFunctionIntegrityFail: OSStatus

A function address was not within the verified module.

var errSecInternalError: OSStatus

An internal error has occurred.

var errSecMemoryError: OSStatus

A memory error has occurred.

var errSecInvalidData: OSStatus

Invalid data was encountered.

var errSecMDSError: OSStatus

A Module Directory Service error has occurred.

var errSecInvalidPointer: OSStatus

An invalid pointer was encountered.

var errSecModuleManifestVerifyFailed: OSStatus

A module manifest verification failure has occurred.

var errSecInvalidGUID: OSStatus

An invalid GUID was encountered.

var errSecInvalidHandle: OSStatus

An invalid handle was encountered.

var errSecInvalidDBList: OSStatus

An invalid DB list was encountered.

var errSecInvalidPassthroughID: OSStatus

An invalid passthrough ID was encountered.

var errSecInvalidNetworkAddress: OSStatus

An invalid network address was encountered.

var errSecCRLAlreadySigned: OSStatus

The certificate revocation list is already signed.

var errSecInvalidNumberOfFields: OSStatus

An invalid number of fields were encountered.

var errSecVerificationFailure: OSStatus

A verification failure occurred.

var errSecUnknownTag: OSStatus

An unknown tag was encountered.

var errSecInvalidSignature: OSStatus

An invalid signature was encountered.

var errSecInvalidName: OSStatus

An invalid name was encountered.

var errSecInvalidCertificateRef: OSStatus

An invalid certificate reference was encountered.

var errSecInvalidCertificateGroup: OSStatus

An invalid certificate group was encountered.

var errSecTagNotFound: OSStatus

The specified tag was not found.

var errSecInvalidQuery: OSStatus

The specified query was not valid.

var errSecInvalidValue: OSStatus

An invalid value was detected.

var errSecACLDeleteFailed: OSStatus

An ACL delete operation has failed.

var errSecACLReplaceFailed: OSStatus

An ACL replace operation has failed.

var errSecACLAddFailed: OSStatus

An ACL add operation has failed.

var errSecACLChangeFailed: OSStatus

An ACL change operation has failed.

var errSecInvalidAccessCredentials: OSStatus

Invalid access credentials were encountered.

var errSecInvalidRecord: OSStatus

An invalid record was encountered.

var errSecInvalidACL: OSStatus

An invalid ACL was encountered.

var errSecInvalidSampleValue: OSStatus

An invalid sample value was encountered.

var errSecIncompatibleVersion: OSStatus

An incompatible version was encountered.

var errSecPrivilegeNotGranted: OSStatus

The privilege was not granted.

var errSecInvalidScope: OSStatus

An invalid scope was encountered.

var errSecPVCAlreadyConfigured: OSStatus

The PVC is already configured.

var errSecInvalidPVC: OSStatus

An invalid PVC was encountered.

var errSecEMMLoadFailed: OSStatus

The EMM load has failed.

var errSecEMMUnloadFailed: OSStatus

The EMM unload has failed.

var errSecAddinLoadFailed: OSStatus

The add-in load operation has failed.

var errSecInvalidKeyRef: OSStatus

An invalid key was encountered.

var errSecInvalidKeyHierarchy: OSStatus

An invalid key hierarchy was encountered.

var errSecAddinUnloadFailed: OSStatus

The add-in unload operation has failed.

var errSecLibraryReferenceNotFound: OSStatus

A library reference was not found.

var errSecInvalidAddinFunctionTable: OSStatus

An invalid add-in function table was encountered.

var errSecInvalidServiceMask: OSStatus

An invalid service mask was encountered.

var errSecModuleNotLoaded: OSStatus

A module was not loaded.

var errSecInvalidSubServiceID: OSStatus

An invalid sub-service ID was encountered.

var errSecAttributeNotInContext: OSStatus

An attribute was not in the context.

var errSecEventNotificationCallbackNotFound: OSStatus

An event notification callback was not found.

var errSecInputLengthError: OSStatus

An input length error was encountered.

var errSecOutputLengthError: OSStatus

An output length error was encountered.

var errSecPrivilegeNotSupported: OSStatus

The privilege is not supported.

var errSecDeviceError: OSStatus

A device error was encountered.

var errSecAttachHandleBusy: OSStatus

The CSP handle was busy.

var errSecNotLoggedIn: OSStatus

You are not logged in.

var errSecAlgorithmMismatch: OSStatus

An algorithm mismatch was encountered.

var errSecKeyUsageIncorrect: OSStatus

The key usage is incorrect.

var errSecKeyBlobTypeIncorrect: OSStatus

The key blob type is incorrect.

var errSecKeyHeaderInconsistent: OSStatus

The key header is inconsistent.

var errSecUnsupportedKeyFormat: OSStatus

The key header format is not supported.

var errSecUnsupportedKeySize: OSStatus

The key size is not supported.

var errSecInvalidKeyUsageMask: OSStatus

The key usage mask is not valid.

var errSecUnsupportedKeyUsageMask: OSStatus

The key usage mask is not supported.

var errSecInvalidKeyAttributeMask: OSStatus

The key attribute mask is not valid.

var errSecUnsupportedKeyAttributeMask: OSStatus

The key attribute mask is not supported.

var errSecInvalidKeyLabel: OSStatus

The key label is not valid.

var errSecUnsupportedKeyLabel: OSStatus

The key label is not supported.

var errSecInvalidKeyFormat: OSStatus

The key format is not valid.

var errSecUnsupportedVectorOfBuffers: OSStatus

The vector of buffers is not supported.

var errSecInvalidInputVector: OSStatus

The input vector is not valid.

var errSecInvalidOutputVector: OSStatus

The output vector is not valid.

var errSecInvalidContext: OSStatus

An invalid context was encountered.

var errSecInvalidAlgorithm: OSStatus

An invalid algorithm was encountered.

var errSecInvalidAttributeKey: OSStatus

A key attribute was not valid.

var errSecMissingAttributeKey: OSStatus

A key attribute was missing.

var errSecInvalidAttributeInitVector: OSStatus

An init vector attribute was not valid.

var errSecMissingAttributeInitVector: OSStatus

An init vector attribute was missing.

var errSecInvalidAttributeSalt: OSStatus

A salt attribute was not valid.

var errSecMissingAttributeSalt: OSStatus

A salt attribute was missing.

var errSecInvalidAttributePadding: OSStatus

A padding attribute was not valid.

var errSecMissingAttributePadding: OSStatus

A padding attribute was missing.

var errSecInvalidAttributeRandom: OSStatus

A random number attribute was not valid.

var errSecMissingAttributeRandom: OSStatus

A random number attribute was missing.

var errSecInvalidAttributeSeed: OSStatus

A seed attribute was not valid.

var errSecMissingAttributeSeed: OSStatus

A seed attribute was missing.

var errSecInvalidAttributePassphrase: OSStatus

A passphrase attribute was not valid.

var errSecMissingAttributePassphrase: OSStatus

A passphrase attribute was missing.

var errSecInvalidAttributeKeyLength: OSStatus

A key length attribute was not valid.

var errSecMissingAttributeKeyLength: OSStatus

A key length attribute was missing.

var errSecInvalidAttributeBlockSize: OSStatus

A block size attribute was not valid.

var errSecMissingAttributeBlockSize: OSStatus

A block size attribute was missing.

var errSecInvalidAttributeOutputSize: OSStatus

An output size attribute was not valid.

var errSecMissingAttributeOutputSize: OSStatus

An output size attribute was missing.

var errSecInvalidAttributeRounds: OSStatus

The number of rounds attribute was not valid.

var errSecMissingAttributeRounds: OSStatus

The number of rounds attribute was missing.

var errSecInvalidAlgorithmParms: OSStatus

An algorithm parameters attribute was not valid.

var errSecMissingAlgorithmParms: OSStatus

An algorithm parameters attribute was missing.

var errSecInvalidAttributeLabel: OSStatus

A label attribute was not valid.

var errSecMissingAttributeLabel: OSStatus

A label attribute was missing.

var errSecInvalidAttributeKeyType: OSStatus

A key type attribute was not valid.

var errSecMissingAttributeKeyType: OSStatus

A key type attribute was missing.

var errSecInvalidAttributeMode: OSStatus

A mode attribute was not valid.

var errSecMissingAttributeMode: OSStatus

A mode attribute was missing.

var errSecInvalidAttributeEffectiveBits: OSStatus

An effective bits attribute was not valid.

var errSecMissingAttributeEffectiveBits: OSStatus

An effective bits attribute was missing.

var errSecInvalidAttributeStartDate: OSStatus

A start date attribute was not valid.

var errSecMissingAttributeStartDate: OSStatus

A start date attribute was missing.

var errSecInvalidAttributeEndDate: OSStatus

An end date attribute was not valid.

var errSecMissingAttributeEndDate: OSStatus

An end date attribute was missing.

var errSecInvalidAttributeVersion: OSStatus

A version attribute was not valid.

var errSecMissingAttributeVersion: OSStatus

A version attribute was missing.

var errSecInvalidAttributePrime: OSStatus

A prime attribute was not valid.

var errSecMissingAttributePrime: OSStatus

A prime attribute was missing.

var errSecInvalidAttributeBase: OSStatus

A base attribute was not valid.

var errSecMissingAttributeBase: OSStatus

A base attribute was missing.

var errSecInvalidAttributeSubprime: OSStatus

A subprime attribute was not valid.

var errSecMissingAttributeSubprime: OSStatus

A subprime attribute was missing.

var errSecInvalidAttributeIterationCount: OSStatus

An iteration count attribute was not valid.

var errSecMissingAttributeIterationCount: OSStatus

An iteration count attribute was missing.

var errSecInvalidAttributeDLDBHandle: OSStatus

A database handle attribute was not valid.

var errSecMissingAttributeDLDBHandle: OSStatus

A database handle attribute was missing.

var errSecInvalidAttributeAccessCredentials: OSStatus

An access credentials attribute was not valid.

var errSecMissingAttributeAccessCredentials: OSStatus

An access credentials attribute was missing.

var errSecInvalidAttributePublicKeyFormat: OSStatus

A public key format attribute was not valid.

var errSecMissingAttributePublicKeyFormat: OSStatus

A public key format attribute was missing.

var errSecInvalidAttributePrivateKeyFormat: OSStatus

A private key format attribute was not valid.

var errSecMissingAttributePrivateKeyFormat: OSStatus

A private key format attribute was missing.

var errSecInvalidAttributeSymmetricKeyFormat: OSStatus

A symmetric key format attribute was not valid.

var errSecMissingAttributeSymmetricKeyFormat: OSStatus

A symmetric key format attribute was missing.

var errSecInvalidAttributeWrappedKeyFormat: OSStatus

A wrapped key format attribute was not valid.

var errSecMissingAttributeWrappedKeyFormat: OSStatus

A wrapped key format attribute was missing.

var errSecStagedOperationInProgress: OSStatus

A staged operation is in progress.

var errSecStagedOperationNotStarted: OSStatus

A staged operation was not started.

var errSecVerifyFailed: OSStatus

A cryptographic verification failure has occurred.

var errSecQuerySizeUnknown: OSStatus

The query size is unknown.

var errSecBlockSizeMismatch: OSStatus

A block size mismatch occurred.

var errSecPublicKeyInconsistent: OSStatus

The public key was inconsistent.

var errSecDeviceVerifyFailed: OSStatus

A device verification failure has occurred.

var errSecInvalidLoginName: OSStatus

An invalid login name was detected.

var errSecAlreadyLoggedIn: OSStatus

The user is already logged in.

var errSecInvalidDigestAlgorithm: OSStatus

An invalid digest algorithm was detected.

var errSecInvalidCRLGroup: OSStatus

An invalid CRL group was detected.

var errSecCertificateCannotOperate: OSStatus

The certificate cannot operate.

var errSecCertificateExpired: OSStatus

An expired certificate was detected.

var errSecCertificateNotValidYet: OSStatus

The certificate is not yet valid.

var errSecCertificateRevoked: OSStatus

The certificate was revoked.

var errSecCertificateSuspended: OSStatus

The certificate was suspended.

var errSecInsufficientCredentials: OSStatus

Insufficient credentials were detected.

var errSecInvalidAction: OSStatus

The action was not valid.

var errSecInvalidAuthority: OSStatus

The authority was not valid.

var errSecVerifyActionFailed: OSStatus

A verify action has failed.

var errSecInvalidCertAuthority: OSStatus

The certificate authority was not valid.

var errSecInvaldCRLAuthority: OSStatus

The CRL authority was not valid.

var errSecInvalidCRLEncoding: OSStatus

The CRL encoding was not valid.

var errSecInvalidCRLType: OSStatus

The CRL type was not valid.

var errSecInvalidCRL: OSStatus

The CRL was not valid.

var errSecInvalidFormType: OSStatus

The form type was not valid.

var errSecInvalidID: OSStatus

The ID was not valid.

var errSecInvalidIdentifier: OSStatus

The identifier was not valid.

var errSecInvalidIndex: OSStatus

The index was not valid.

var errSecInvalidPolicyIdentifiers: OSStatus

The policy identifiers are not valid.

var errSecInvalidTimeString: OSStatus

The time specified was not valid.

var errSecInvalidReason: OSStatus

The trust policy reason was not valid.

var errSecInvalidRequestInputs: OSStatus

The request inputs are not valid.

var errSecInvalidResponseVector: OSStatus

The response vector was not valid.

var errSecInvalidStopOnPolicy: OSStatus

The stop-on policy was not valid.

var errSecInvalidTuple: OSStatus

The tuple was not valid.

var errSecMultipleValuesUnsupported: OSStatus

Multiple values are not supported.

var errSecNotTrusted: OSStatus

The trust policy was not trusted.

var errSecNoDefaultAuthority: OSStatus

No default authority was detected.

var errSecRejectedForm: OSStatus

The trust policy had a rejected form.

var errSecRequestLost: OSStatus

The request was lost.

var errSecRequestRejected: OSStatus

The request was rejected.

var errSecUnsupportedAddressType: OSStatus

The address type is not supported.

var errSecUnsupportedService: OSStatus

The service is not supported.

var errSecInvalidTupleGroup: OSStatus

The tuple group was not valid.

var errSecInvalidBaseACLs: OSStatus

The base ACLs are not valid.

var errSecInvalidTupleCredendtials: OSStatus

The tuple credentials are not valid.

var errSecInvalidEncoding: OSStatus

The encoding was not valid.

var errSecInvalidValidityPeriod: OSStatus

The validity period was not valid.

var errSecInvalidRequestor: OSStatus

The requestor was not valid.

var errSecRequestDescriptor: OSStatus

The request descriptor was not valid.

var errSecInvalidBundleInfo: OSStatus

The bundle information was not valid.

var errSecInvalidCRLIndex: OSStatus

The CRL index was not valid.

var errSecNoFieldValues: OSStatus

No field values were detected.

var errSecUnsupportedFieldFormat: OSStatus

The field format is not supported.

var errSecUnsupportedIndexInfo: OSStatus

The index information is not supported.

var errSecUnsupportedLocality: OSStatus

The locality is not supported.

var errSecUnsupportedNumAttributes: OSStatus

The number of attributes is not supported.

var errSecUnsupportedNumIndexes: OSStatus

The number of indexes is not supported.

var errSecUnsupportedNumRecordTypes: OSStatus

The number of record types is not supported.

var errSecFieldSpecifiedMultiple: OSStatus

Too many fields were specified.

var errSecIncompatibleFieldFormat: OSStatus

The field format was incompatible.

var errSecInvalidParsingModule: OSStatus

The parsing module was not valid.

var errSecDatabaseLocked: OSStatus

The database is locked.

var errSecMissingValue: OSStatus

A missing value was detected.

var errSecUnsupportedQueryLimits: OSStatus

The query limits are not supported.

var errSecUnsupportedNumSelectionPreds: OSStatus

The number of selection predicates is not supported.

var errSecUnsupportedOperator: OSStatus

The operator is not supported.

var errSecInvalidDBLocation: OSStatus

The database location is not valid.

var errSecInvalidAccessRequest: OSStatus

The access request is not valid.

var errSecInvalidIndexInfo: OSStatus

The index information is not valid.

var errSecInvalidNewOwner: OSStatus

The new owner is not valid.

var errSecInvalidModifyMode: OSStatus

The modify mode is not valid.

var errSecMissingRequiredExtension: OSStatus

A required certificate extension is missing.

var errSecExtendedKeyUsageNotCritical: OSStatus

The extended key usage extension was not marked critical.

var errSecTimestampMissing: OSStatus

A timestamp was expected but was not found.

var errSecTimestampInvalid: OSStatus

The timestamp was not valid.

var errSecTimestampNotTrusted: OSStatus

The timestamp was not trusted.

var errSecTimestampServiceNotAvailable: OSStatus

The timestamp service is not available.

var errSecTimestampBadAlg: OSStatus

Found an unrecognized or unsupported algorithm identifier (AI) in timestamp.

var errSecTimestampBadRequest: OSStatus

The timestamp transaction is not permitted or supported.

var errSecTimestampBadDataFormat: OSStatus

The timestamp data submitted has the wrong format.

var errSecTimestampTimeNotAvailable: OSStatus

The time source for the timestamp authority is not available.

var errSecTimestampUnacceptedPolicy: OSStatus

The requested policy is not supported by the timestamp authority.

var errSecTimestampUnacceptedExtension: OSStatus

The requested extension is not supported by the timestamp authority.

var errSecTimestampAddInfoNotAvailable: OSStatus

The additional information requested is not available.

var errSecTimestampSystemFailure: OSStatus

The timestamp request cannot be handled due to a system failure .

var errSecSigningTimeMissing: OSStatus

A signing time was expected but was not found.

var errSecTimestampRejection: OSStatus

A timestamp transaction was rejected.

var errSecTimestampWaiting: OSStatus

A timestamp transaction is waiting.

var errSecTimestampRevocationWarning: OSStatus

A timestamp authority revocation warning was issued.

var errSecTimestampRevocationNotification: OSStatus

A timestamp authority revocation notification was issued.