Keychain Services is a programming interface that enables you to find, add, modify, and delete keychain items.
Language
If you want to look at some code that uses this API, you can find the source code for the security command-line tool in the SecurityTool project on http://opensource.apple.com/.
For this interface, keychain items are found or defined by a CFDictionary of key-value pairs. Each key in the dictionary identifies one attribute of the keychain item, or a search option. For example, you can use the kSecClass key to specify that the keychain item is an Internet password, that it has a specific creation date, that it is for the HTTPS protocol, and that only the first match found should be returned. The keys that can be used for this purpose and the possible values for each key are listed in the Keychain Services section.
See the discussion section of the SecItemCopyMatching(_:_:) function for information about how to construct a keychain-item search dictionary.
func SecItemCopyMatching(CFDictionary, UnsafeMutablePointer<CFTypeRef?>?)Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.
func SecItemAdd(CFDictionary, UnsafeMutablePointer<CFTypeRef?>?)Adds one or more items to a keychain.
func SecItemUpdate(CFDictionary, CFDictionary)Modifies items that match a search query.
func SecItemDelete(CFDictionary)Deletes items that match a search query.
func SecCopyErrorMessageString(OSStatus, UnsafeMutableRawPointer?)Returns a string explaining the meaning of a security result code.
func SecKeychainGetVersion(UnsafeMutablePointer<UInt32>)Determines the version of Keychain Services installed on the user’s system.
func SecKeychainGetTypeID()Returns the unique identifier of the opaque type to which a SecKeychainRef object belongs.
func SecKeychainItemGetTypeID()Returns the unique identifier of the opaque type to which a SecKeychainItemRef object belongs.
func SecAccessGetTypeID()Returns the unique identifier of the opaque type to which a SecAccessRef object belongs.
func SecACLGetTypeID()Returns the unique identifier of the opaque type to which a SecACLRef object belongs.
func SecTrustedApplicationGetTypeID()Returns the unique identifier of the opaque type to which a SecTrustedApplication object belongs.
func SecKeychainCreate(UnsafePointer<Int8>, UInt32, UnsafeRawPointer?, Bool, SecAccess?, UnsafeMutablePointer<SecKeychain?>)Creates an empty keychain.
func SecKeychainDelete(SecKeychain?)Deletes one or more keychains from the default keychain search list, and removes the keychain itself if it is a file.
func SecKeychainSetDefault(SecKeychain?)Sets the default keychain.
func SecKeychainCopyDefault(UnsafeMutablePointer<SecKeychain?>)Retrieves a pointer to the default keychain.
func SecKeychainGetStatus(SecKeychain?, UnsafeMutablePointer<SecKeychainStatus>)Retrieves status information of a keychain.
func SecKeychainGetPath(SecKeychain?, UnsafeMutablePointer<UInt32>, UnsafeMutablePointer<Int8>)Determines the path of a keychain.
func SecKeychainSetSettings(SecKeychain?, UnsafePointer<SecKeychainSettings>)Changes the settings of a keychain.
func SecKeychainCopySettings(SecKeychain?, UnsafeMutablePointer<SecKeychainSettings>)Obtains a keychain’s settings.
func SecKeychainLock(SecKeychain?)Locks a keychain.
func SecKeychainLockAll()Locks all keychains belonging to the current user.
func SecKeychainUnlock(SecKeychain?, UInt32, UnsafeRawPointer?, Bool)Unlocks a keychain.
func SecKeychainSetUserInteractionAllowed(Bool)Enables or disables the user interface for Keychain Services functions that automatically display a user interface.
func SecKeychainGetUserInteractionAllowed(UnsafeMutablePointer<DarwinBoolean>)Indicates whether Keychain Services functions that normally display a user interaction are allowed to do so.
func SecKeychainSetAccess(SecKeychain?, SecAccess)Sets the application access for a keychain.
func SecKeychainCopyAccess(SecKeychain?, UnsafeMutablePointer<SecAccess?>)Retrieves the application access of a keychain.
func SecKeychainAddInternetPassword(SecKeychain?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt16, SecProtocolType, SecAuthenticationType, UInt32, UnsafeRawPointer, UnsafeMutablePointer<SecKeychainItem?>?)Adds a new Internet password to a keychain.
func SecKeychainFindInternetPassword(CFTypeRef?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt16, SecProtocolType, SecAuthenticationType, UnsafeMutablePointer<UInt32>?, UnsafeMutablePointer<UnsafeMutableRawPointer?>?, UnsafeMutablePointer<SecKeychainItem?>?)Finds the first Internet password based on the attributes passed.
func SecKeychainAddGenericPassword(SecKeychain?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafeRawPointer, UnsafeMutablePointer<SecKeychainItem?>?)Adds a new generic password to a keychain.
func SecKeychainFindGenericPassword(CFTypeRef?, UInt32, UnsafePointer<Int8>?, UInt32, UnsafePointer<Int8>?, UnsafeMutablePointer<UInt32>?, UnsafeMutablePointer<UnsafeMutableRawPointer?>?, UnsafeMutablePointer<SecKeychainItem?>?)Finds the first generic password based on the attributes passed.
func SecKeychainSetSearchList(CFArray)Specifies the list of keychains to use in the default keychain search list.
func SecKeychainCopySearchList(UnsafeMutablePointer<CFArray?>)Retrieves a keychain search list.
func SecKeychainItemCreateFromContent(SecItemClass, UnsafeMutablePointer<SecKeychainAttributeList>, UInt32, UnsafeRawPointer?, SecKeychain?, SecAccess?, UnsafeMutablePointer<SecKeychainItem?>?)Creates a new keychain item from the supplied parameters.
func SecKeychainItemCreateCopy(SecKeychainItem, SecKeychain?, SecAccess?, UnsafeMutablePointer<SecKeychainItem?>)Copies a keychain item from one keychain to another.
func SecKeychainItemCreatePersistentReference(SecKeychainItem, UnsafeMutablePointer<CFData?>)Creates a persistent reference for a keychain item.
func SecKeychainItemCopyFromPersistentReference(CFData, UnsafeMutablePointer<SecKeychainItem?>)Provides a keychain item reference, given a persistent reference.
func SecKeychainItemDelete(SecKeychainItem)Deletes a keychain item from the default keychain’s permanent data store.
func SecItemExport(CFTypeRef, SecExternalFormat, SecItemImportExportFlags, UnsafePointer<SecItemImportExportKeyParameters>?, UnsafeMutablePointer<CFData?>)Exports one or more certificates, keys, or identities.
func SecItemImport(CFData, CFString?, UnsafeMutablePointer<SecExternalFormat>?, UnsafeMutablePointer<SecExternalItemType>?, SecItemImportExportFlags, UnsafePointer<SecItemImportExportKeyParameters>?, SecKeychain?, UnsafeMutablePointer<CFArray?>?)Converts an external representation of a keychain item or items into SecKeychainItem objects and optionally imports them into a specified keychain.
func SecKeychainItemCopyAttributesAndData(SecKeychainItem, UnsafeMutablePointer<SecKeychainAttributeInfo>?, UnsafeMutablePointer<SecItemClass>?, UnsafeMutablePointer<UnsafeMutablePointer<SecKeychainAttributeList>?>?, UnsafeMutablePointer<UInt32>?, UnsafeMutablePointer<UnsafeMutableRawPointer?>?)Retrieves the data and/or attributes stored in the given keychain item.
func SecKeychainItemModifyAttributesAndData(SecKeychainItem, UnsafePointer<SecKeychainAttributeList>?, UInt32, UnsafeRawPointer?)Updates an existing keychain item after changing its attributes or data.
func SecKeychainItemFreeAttributesAndData(UnsafeMutablePointer<SecKeychainAttributeList>?, UnsafeMutableRawPointer?)Releases the memory used by the keychain attribute list and/or the keychain data retrieved in a call to SecKeychainItemCopyAttributesAndData.
func SecKeychainItemCopyContent(SecKeychainItem, UnsafeMutablePointer<SecItemClass>?, UnsafeMutablePointer<SecKeychainAttributeList>?, UnsafeMutablePointer<UInt32>?, UnsafeMutablePointer<UnsafeMutableRawPointer?>?)Copies the data and attributes stored in the given keychain item.
func SecKeychainItemModifyContent(SecKeychainItem, UnsafePointer<SecKeychainAttributeList>?, UInt32, UnsafeRawPointer?)Updates an existing keychain item after changing its attributes and/or data.
func SecKeychainItemFreeContent(UnsafeMutablePointer<SecKeychainAttributeList>?, UnsafeMutableRawPointer?)Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to the SecKeychainItemCopyContent(_:_:_:_:_:) function.
func SecKeychainAttributeInfoForItemID(SecKeychain?, UInt32, UnsafeMutablePointer<UnsafeMutablePointer<SecKeychainAttributeInfo>?>)Obtains tags for all possible attributes of a given item class.
func SecKeychainFreeAttributeInfo(UnsafeMutablePointer<SecKeychainAttributeInfo>)Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function.
func SecKeychainItemCopyKeychain(SecKeychainItem, UnsafeMutablePointer<SecKeychain?>)Returns the keychain object of a given keychain item.
func SecKeychainItemSetAccess(SecKeychainItem, SecAccess)Sets the access of a given keychain item.
func SecKeychainItemCopyAccess(SecKeychainItem, UnsafeMutablePointer<SecAccess?>)Copies the access of a given keychain item.
func SecAccessCreate(CFString, CFArray?, UnsafeMutablePointer<SecAccess?>)Creates a new access object.
func SecAccessCreateWithOwnerAndACL(uid_t, gid_t, SecAccessOwnerType, CFArray?, UnsafeMutablePointer<Unmanaged<CFError>?>?)Creates a new access object using the owner and access control list you provide.
func SecAccessCopyACLList(SecAccess, UnsafeMutablePointer<CFArray?>)Retrieves all the access control list entries of a given access object.
func SecAccessCopyMatchingACLList(SecAccess, CFTypeRef)Retrieves selected access control lists from a given access object.
func SecAccessCopyOwnerAndACL(SecAccess, UnsafeMutablePointer<uid_t>?, UnsafeMutablePointer<gid_t>?, UnsafeMutablePointer<SecAccessOwnerType>?, UnsafeMutablePointer<CFArray?>?)Retrieves the owner and the access control list of a given access object.
func SecAccessControlCreateWithFlags(CFAllocator?, CFTypeRef, SecAccessControlCreateFlags, UnsafeMutablePointer<Unmanaged<CFError>?>?)Creates a new access control object with the specified on protection type and flags.
func SecACLCreateWithSimpleContents(SecAccess, CFArray?, CFString, SecKeychainPromptSelector, UnsafeMutablePointer<SecACL?>)Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item’s access object.
func SecACLRemove(SecACL)Removes the specified access control list entry.
func SecACLCopyContents(SecACL, UnsafeMutablePointer<CFArray?>, UnsafeMutablePointer<CFString?>, UnsafeMutablePointer<SecKeychainPromptSelector>)Returns the application list, description, and prompt selector for a given access control list entry.
func SecACLSetContents(SecACL, CFArray?, CFString, SecKeychainPromptSelector)Sets the application list, description, and prompt selector for a given access control list entry.
func SecACLCopyAuthorizations(SecACL)Retrieves the authorization tags of a given access control list entry.
func SecACLUpdateAuthorizations(SecACL, CFArray)Sets the authorization tags for a given access control list entry.
func SecTrustedApplicationCopyData(SecTrustedApplication, UnsafeMutablePointer<CFData?>)Retrieves the data of a trusted application object.
func SecTrustedApplicationCreateFromPath(UnsafePointer<Int8>?, UnsafeMutablePointer<SecTrustedApplication?>)Creates a trusted application object based on the application specified by path.
func SecTrustedApplicationSetData(SecTrustedApplication, CFData)Sets the data of a given trusted application object.
func SecKeychainGetPreferenceDomain(UnsafeMutablePointer<SecPreferencesDomain>)Gets the current keychain preference domain.
func SecKeychainSetPreferenceDomain(SecPreferencesDomain)Sets the keychain preference domain.
func SecKeychainCopyDomainDefault(SecPreferencesDomain, UnsafeMutablePointer<SecKeychain?>)Retrieves the default keychain from a specified preference domain.
func SecKeychainSetDomainDefault(SecPreferencesDomain, SecKeychain?)Sets the default keychain for a specified preference domain.
func SecKeychainCopyDomainSearchList(SecPreferencesDomain, UnsafeMutablePointer<CFArray?>)Retrieves the keychain search list for a specified preference domain.
func SecKeychainSetDomainSearchList(SecPreferencesDomain, CFArray)Sets the keychain search list for a specified preference domain.
func SecKeychainAddCallback(: @escaping SecKeychainCallback, SecKeychainEventMask, UnsafeMutableRawPointer?)Registers your keychain event callback function
func SecKeychainRemoveCallback(: @escaping SecKeychainCallback)Unregisters your keychain event callback function.
SecKeychainCallbackDefines a pointer to a customized callback function that Keychain Services calls when a keychain event has occurred.
SecAccessIdentifies a keychain or keychain item’s access information.
SecACLRepresents information about an access control list entry.
SecAFPServerSignatureRepresents a 16-byte Apple File Protocol server signature block.
SecKeychainAttributeContains keychain attributes.
SecKeychainAttributePtrRepresents a pointer to a keychain attribute structure.
SecKeychainAttributeInfoRepresents an attribute.
SecKeychainAttributeListRepresents a list of keychain attributes.
SecKeychainAttrTypeRepresents a keychain attribute type.
SecKeychainCallbackInfoContains information about a keychain event.
SecKeychainItemContains information about a keychain item.
SecKeychainContains information about a keychain.
SecKeychainSearchContains information about a keychain search.
SecKeychainSettingsContains information about keychain settings.
SecKeyImportExportParametersContains input parameters for import and export functions.
SecItemImportExportKeyParametersA parameter block used for SecItemImport(_:_:_:_:_:_:_:_:) and SecItemExport(_:_:_:_:_:).
SecTrustedApplicationContains information about a trusted application.
SecPasswordContains information about a password.
Defines the version of an import/export parameters structure.
SecAuthenticationTypeDefines constants you can use to identify the type of authentication to use for an Internet password.
SecKeychainEventDefines the keychain-related event.
SecKeychainEventMaskDefines bit masks for keychain event constants
SecItemAttrSpecifies a keychain item’s attributes.
Specifies the attributes for a key item in a keychain.
SecItemClassSpecifies a keychain item’s class code.
SecItemImportExportFlagsDefines values for import and export flags.
SecKeyImportExportFlagsDefines values for the flags field of the import/export parameters.
SecExternalFormatSpecifies the format of an item after export from or before import to the keychain.
SecExternalItemTypeSpecifies the type of keychain item being imported.
Predefined key constants used when passing dictionary-based arguments to import/export functions.
SecPreferencesDomainDefines constants for the keychain preference domains.
SecProtocolTypeDefines the protocol type associated with an AppleShare or Internet password.
Defines the keychain settings version.
SecKeychainStatusDefines the current status of a keychain.
SecKeychainPromptSelectorBits that define when using a keychain should require a passphrase.
SecAccessOwnerTypeFlags used when creating an access control list entry.
Constants used in a search dictionary to specify the class of items in the keychain. See SecItemCopyMatching(_:_:) for a description of a search dictionary.
Key constant used to set the item class value in a search dictionary.
Values used with the kSecClass key in a search dictionary.
You use keys in a search dictionary to specify the keychain items for which to search. You can specify a combination of item attributes and search attributes (see Search Keys) when looking for matching items with the SecItemCopyMatching(_:_:) function. This section lists all the keys that specify keychain item attributes. The description of each item indicates what the possible values are for that key. In a few cases, the programming interface provides a set of constants that you can use as values for a specific key. Those value constants are also in this section, following the descriptions of the keys.
Each type of keychain item can have a number of attributes describing that item. For the possible types of keychain item and the attributes that can be specified for each, see Keychain Item Class Keys and Values.
Values that can be used with the kSecAttrProtocol attribute key.
Values that can be used with the kSecAttrAuthenticationType attribute key.
Values that can be used with the kSecAttrKeyClass attribute key.
Values that can be used with the kSecAttrKeyType attribute key.
Values that can be used with the kSecAttrSynchronizable attribute key.
Values that can be used with the kSecAttrTokenID attribute key.
These constants are legal values for kSecAttrAccessible used for determining when a keychain item should be readable.
Constants used for the kSecAttrPRF key in the parameters dictionary passed to SecKeyDeriveFromPassword(_:_:_:).
Keys used to set search attributes in a keychain search dictionary. You can specify a combination of search attributes and item attributes (see Attribute Item Keys and Values) when looking for matching items with the SecItemCopyMatching(_:_:) function.
Keys used to control user interaction during a search.
Values that can be used with the kSecUseAuthenticationUI key.
Keys used to specify the type of results that should be returned by the SecItemCopyMatching(_:_:) or SecItemAdd(_:_:) function.
Keys used in the results dictionary for SecItemCopyMatching(_:_:) or SecItemAdd(_:_:), indicating the type of values returned. You can specify zero or more of these types depending on the function you are calling.
Defines constants that specify which operations an access control list entry applies to.
SecAccessControlCreateFlagsDefines constants to be used with the SecAccessControlCreateWithFlags(_:_:_:_:) function.
The most common result codes returned by Keychain Services are listed in the table below. The assigned error space for Keychain Services is discontinuous: –25240 through –25279 and –25290 through –25329. Keychain Item Services may also return noErr (0) or paramErr (–50), or CSSM result codes (see Common Security: CDSA and CSSM, version 2 (with corrigenda) from The Open Group (http://www.opengroup.org/security/cdsa.htm)).
var errSecSuccess: OSStatusNo error.
var errSecUnimplemented: OSStatusFunction or operation not implemented.
var errSecParam: OSStatusOne or more parameters passed to the function were not valid.
var errSecAllocate: OSStatusFailed to allocate memory.
var errSecNotAvailable: OSStatusNo trust results are available.
var errSecReadOnly: OSStatusRead only error.
var errSecAuthFailed: OSStatusAuthorization/Authentication failed.
var errSecNoSuchKeychain: OSStatusThe keychain does not exist.
var errSecInvalidKeychain: OSStatusThe keychain is not valid.
var errSecDuplicateKeychain: OSStatusA keychain with the same name already exists.
var errSecDuplicateCallback: OSStatusMore than one callback of the same name exists.
var errSecInvalidCallback: OSStatusThe callback is not valid.
var errSecDuplicateItem: OSStatusThe item already exists.
var errSecItemNotFound: OSStatusThe item cannot be found.
var errSecBufferTooSmall: OSStatusThe buffer is too small.
var errSecDataTooLarge: OSStatusThe data is too large for the particular data type.
var errSecNoSuchAttr: OSStatusThe attribute does not exist.
var errSecInvalidItemRef: OSStatusThe item reference is invalid.
var errSecInvalidSearchRef: OSStatusThe search reference is invalid.
var errSecNoSuchClass: OSStatusThe keychain item class does not exist.
var errSecNoDefaultKeychain: OSStatusA default keychain does not exist.
var errSecInteractionNotAllowed: OSStatusInteraction with the Security Server is not allowed.
var errSecReadOnlyAttr: OSStatusThe attribute is read only.
var errSecWrongSecVersion: OSStatusThe version is incorrect.
var errSecKeySizeNotAllowed: OSStatusThe key size is not allowed.
var errSecNoStorageModule: OSStatusThere is no storage module available.
var errSecNoCertificateModule: OSStatusThere is no certificate module available.
var errSecNoPolicyModule: OSStatusThere is no policy module available.
var errSecInteractionRequired: OSStatusUser interaction is required.
var errSecDataNotAvailable: OSStatusThe data is not available.
var errSecDataNotModifiable: OSStatusThe data is not modifiable.
var errSecCreateChainFailed: OSStatusThe attempt to create a certificate chain failed.
var errSecInvalidPrefsDomain: OSStatusThe preference domain specified is invalid. This error is available in macOS 10.3 and later.
var errSecInDarkWake: OSStatusThe user interface could not be displayed because the system is in a dark wake state.
var errSecACLNotSimple: OSStatusThe access control list is not in standard simple form.
var errSecPolicyNotFound: OSStatusThe policy specified cannot be found.
var errSecInvalidTrustSetting: OSStatusThe trust setting is invalid.
var errSecNoAccessForItem: OSStatusThe specified item has no access control.
var errSecInvalidOwnerEdit: OSStatusAn invalid attempt to change the owner of an item.
var errSecTrustNotAvailable: OSStatusNo trust results are available.
var errSecUnsupportedFormat: OSStatusThe specified import or export format is not supported.
var errSecUnknownFormat: OSStatusThe item you are trying to import has an unknown format.
var errSecKeyIsSensitive: OSStatusThe key must be wrapped to be exported.
var errSecMultiplePrivKeys: OSStatusAn attempt was made to import multiple private keys.
var errSecPassphraseRequired: OSStatusA password is required for import or export.
var errSecInvalidPasswordRef: OSStatusThe password reference was invalid.
var errSecInvalidTrustSettings: OSStatusThe trust settings record was corrupted.
var errSecNoTrustSettings: OSStatusNo trust settings were found.
var errSecPkcs12VerifyFailure: OSStatusMAC verification failed during PKCS12 Import.
var errSecNotSigner: OSStatusThe certificate was not signed by its proposed parent.
var errSecDecode: OSStatusUnable to decode the provided data.
var errSecServiceNotAvailable: OSStatusThe required service is not available.
var errSecInsufficientClientID: OSStatusThe client ID is not correct.
var errSecDeviceReset: OSStatusA device reset has occurred.
var errSecDeviceFailed: OSStatusA device failure has occurred.
var errSecAppleAddAppACLSubject: OSStatusAdding an application ACL subject failed.
var errSecApplePublicKeyIncomplete: OSStatusThe public key is incomplete.
var errSecAppleSignatureMismatch: OSStatusA signature mismatch has occurred.
var errSecAppleInvalidKeyStartDate: OSStatusThe specified key has an invalid start date.
var errSecAppleInvalidKeyEndDate: OSStatusThe specified key has an invalid end date.
var errSecConversionError: OSStatusA conversion error has occurred.
var errSecAppleSSLv2Rollback: OSStatusA SSLv2 rollback error has occurred.
var errSecDiskFull: OSStatusThe disk is full.
var errSecQuotaExceeded: OSStatusThe quota was exceeded.
var errSecFileTooBig: OSStatusThe file is too big.
var errSecInvalidDatabaseBlob: OSStatusThe specified database has an invalid blob.
var errSecInvalidKeyBlob: OSStatusThe specified database has an invalid key blob.
var errSecIncompatibleDatabaseBlob: OSStatusThe specified database has an incompatible blob.
var errSecIncompatibleKeyBlob: OSStatusThe specified database has an incompatible key blob.
var errSecHostNameMismatch: OSStatusA host name mismatch has occurred.
var errSecUnknownCriticalExtensionFlag: OSStatusThere is an unknown critical extension flag.
var errSecNoBasicConstraints: OSStatusNo basic constraints were found.
var errSecNoBasicConstraintsCA: OSStatusNo basic CA constraints were found.
var errSecInvalidAuthorityKeyID: OSStatusThe authority key ID is not valid.
var errSecInvalidSubjectKeyID: OSStatusThe subject key ID is not valid.
var errSecInvalidKeyUsageForPolicy: OSStatusThe key usage is not valid for the specified policy.
var errSecInvalidExtendedKeyUsage: OSStatusThe extended key usage is not valid.
var errSecInvalidIDLinkage: OSStatusThe ID linkage is not valid.
var errSecPathLengthConstraintExceeded: OSStatusThe path length constraint was exceeded.
var errSecInvalidRoot: OSStatusThe root or anchor certificate is not valid.
var errSecCRLExpired: OSStatusThe CRL has expired.
var errSecCRLNotValidYet: OSStatusThe CRL is not yet valid.
var errSecCRLNotFound: OSStatusThe CRL was not found.
var errSecCRLServerDown: OSStatusThe CRL server is down.
var errSecCRLBadURI: OSStatusThe CRL has a bad Uniform Resource Identifier.
var errSecUnknownCertExtension: OSStatusAn unknown certificate extension was encountered.
var errSecUnknownCRLExtension: OSStatusAn unknown CRL extension was encountered.
var errSecCRLNotTrusted: OSStatusThe CRL is not trusted.
var errSecCRLPolicyFailed: OSStatusThe CRL policy failed.
var errSecIDPFailure: OSStatusThe issuing distribution point was not valid.
var errSecSMIMEEmailAddressesNotFound: OSStatusAn email address mismatch was encountered.
var errSecSMIMEBadExtendedKeyUsage: OSStatusThe appropriate extended key usage for SMIME was not found.
var errSecSMIMEBadKeyUsage: OSStatusThe key usage is not compatible with SMIME.
var errSecSMIMEKeyUsageNotCritical: OSStatusThe key usage extension is not marked as critical.
var errSecSMIMENoEmailAddress: OSStatusNo email address was found in the certificate.
var errSecSMIMESubjAltNameNotCritical: OSStatusThe subject alternative name extension is not marked as critical.
var errSecSSLBadExtendedKeyUsage: OSStatusThe appropriate extended key usage for SSL was not found.
var errSecOCSPBadResponse: OSStatusThe OCSP response was incorrect or could not be parsed.
var errSecOCSPBadRequest: OSStatusThe OCSP request was incorrect or could not be parsed.
var errSecOCSPUnavailable: OSStatusOCSP service is unavailable.
var errSecOCSPStatusUnrecognized: OSStatusThe OCSP server did not recognize this certificate.
var errSecEndOfData: OSStatusAn end-of-data was detected.
var errSecIncompleteCertRevocationCheck: OSStatusAn incomplete certificate revocation check occurred.
var errSecNetworkFailure: OSStatusA network failure occurred.
var errSecOCSPNotTrustedToAnchor: OSStatusThe OCSP response was not trusted to a root or anchor certificate.
var errSecRecordModified: OSStatusThe record was modified.
var errSecOCSPSignatureError: OSStatusThe OCSP response had an invalid signature.
var errSecOCSPNoSigner: OSStatusThe OCSP response had no signer.
var errSecOCSPResponderMalformedReq: OSStatusThe OCSP responder was given a malformed request.
var errSecOCSPResponderInternalError: OSStatusThe OCSP responder encountered an internal error.
var errSecOCSPResponderTryLater: OSStatusThe OCSP responder is busy, try again later.
var errSecOCSPResponderSignatureRequired: OSStatusThe OCSP responder requires a signature.
var errSecOCSPResponderUnauthorized: OSStatusThe OCSP responder rejected this request as unauthorized.
var errSecOCSPResponseNonceMismatch: OSStatusThe OCSP response nonce did not match the request.
var errSecCodeSigningBadCertChainLength: OSStatusCode signing encountered an incorrect certificate chain length.
var errSecCodeSigningNoBasicConstraints: OSStatusCode signing found no basic constraints.
var errSecCodeSigningBadPathLengthConstraint: OSStatusCode signing encountered an incorrect path length constraint.
var errSecCodeSigningNoExtendedKeyUsage: OSStatusCode signing found no extended key usage.
var errSecCodeSigningDevelopment: OSStatusCode signing indicated use of a development-only certificate.
var errSecResourceSignBadCertChainLength: OSStatusResource signing has encountered an incorrect certificate chain length.
var errSecResourceSignBadExtKeyUsage: OSStatusResource signing has encountered an error in the extended key usage.
var errSecTrustSettingDeny: OSStatusThe trust setting for this policy was set to Deny.
var errSecInvalidSubjectName: OSStatusAn invalid certificate subject name was encountered.
var errSecUnknownQualifiedCertStatement: OSStatusAn unknown qualified certificate statement was encountered.
var errSecMobileMeRequestQueued: OSStatusThe MobileMe request will be sent during the next connection.
var errSecMobileMeRequestRedirected: OSStatusThe MobileMe request was redirected.
var errSecMobileMeServerError: OSStatusA MobileMe server error occurred.
var errSecMobileMeServerNotAvailable: OSStatusThe MobileMe server is not available.
var errSecMobileMeServerAlreadyExists: OSStatusThe MobileMe server reported that the item already exists.
var errSecMobileMeServerServiceErr: OSStatusA MobileMe service error has occurred.
var errSecMobileMeRequestAlreadyPending: OSStatusA MobileMe request is already pending.
var errSecMobileMeNoRequestPending: OSStatusMobileMe has no request pending.
var errSecMobileMeCSRVerifyFailure: OSStatusA MobileMe CSR verification failure has occurred.
var errSecMobileMeFailedConsistencyCheck: OSStatusMobileMe has found a failed consistency check.
var errSecNotInitialized: OSStatusA function was called without initializing CSSM.
var errSecInvalidHandleUsage: OSStatusThe CSSM handle does not match with the service type.
var errSecPVCReferentNotFound: OSStatusA reference to the calling module was not found in the list of authorized callers.
var errSecFunctionIntegrityFail: OSStatusA function address was not within the verified module.
var errSecInternalError: OSStatusAn internal error has occurred.
var errSecMemoryError: OSStatusA memory error has occurred.
var errSecInvalidData: OSStatusInvalid data was encountered.
var errSecMDSError: OSStatusA Module Directory Service error has occurred.
var errSecInvalidPointer: OSStatusAn invalid pointer was encountered.
var errSecSelfCheckFailed: OSStatusSelf-check has failed.
var errSecFunctionFailed: OSStatusA function has failed.
var errSecModuleManifestVerifyFailed: OSStatusA module manifest verification failure has occurred.
var errSecInvalidGUID: OSStatusAn invalid GUID was encountered.
var errSecInvalidHandle: OSStatusAn invalid handle was encountered.
var errSecInvalidDBList: OSStatusAn invalid DB list was encountered.
var errSecInvalidPassthroughID: OSStatusAn invalid passthrough ID was encountered.
var errSecInvalidNetworkAddress: OSStatusAn invalid network address was encountered.
var errSecCRLAlreadySigned: OSStatusThe certificate revocation list is already signed.
var errSecInvalidNumberOfFields: OSStatusAn invalid number of fields were encountered.
var errSecVerificationFailure: OSStatusA verification failure occurred.
var errSecUnknownTag: OSStatusAn unknown tag was encountered.
var errSecInvalidSignature: OSStatusAn invalid signature was encountered.
var errSecInvalidName: OSStatusAn invalid name was encountered.
var errSecInvalidCertificateRef: OSStatusAn invalid certificate reference was encountered.
var errSecInvalidCertificateGroup: OSStatusAn invalid certificate group was encountered.
var errSecTagNotFound: OSStatusThe specified tag was not found.
var errSecInvalidQuery: OSStatusThe specified query was not valid.
var errSecInvalidValue: OSStatusAn invalid value was detected.
var errSecCallbackFailed: OSStatusA callback has failed.
var errSecACLDeleteFailed: OSStatusAn ACL delete operation has failed.
var errSecACLReplaceFailed: OSStatusAn ACL replace operation has failed.
var errSecACLAddFailed: OSStatusAn ACL add operation has failed.
var errSecACLChangeFailed: OSStatusAn ACL change operation has failed.
var errSecInvalidAccessCredentials: OSStatusInvalid access credentials were encountered.
var errSecInvalidRecord: OSStatusAn invalid record was encountered.
var errSecInvalidACL: OSStatusAn invalid ACL was encountered.
var errSecInvalidSampleValue: OSStatusAn invalid sample value was encountered.
var errSecIncompatibleVersion: OSStatusAn incompatible version was encountered.
var errSecPrivilegeNotGranted: OSStatusThe privilege was not granted.
var errSecInvalidScope: OSStatusAn invalid scope was encountered.
var errSecPVCAlreadyConfigured: OSStatusThe PVC is already configured.
var errSecInvalidPVC: OSStatusAn invalid PVC was encountered.
var errSecEMMLoadFailed: OSStatusThe EMM load has failed.
var errSecEMMUnloadFailed: OSStatusThe EMM unload has failed.
var errSecAddinLoadFailed: OSStatusThe add-in load operation has failed.
var errSecInvalidKeyRef: OSStatusAn invalid key was encountered.
var errSecInvalidKeyHierarchy: OSStatusAn invalid key hierarchy was encountered.
var errSecAddinUnloadFailed: OSStatusThe add-in unload operation has failed.
var errSecLibraryReferenceNotFound: OSStatusA library reference was not found.
var errSecInvalidAddinFunctionTable: OSStatusAn invalid add-in function table was encountered.
var errSecInvalidServiceMask: OSStatusAn invalid service mask was encountered.
var errSecModuleNotLoaded: OSStatusA module was not loaded.
var errSecInvalidSubServiceID: OSStatusAn invalid sub-service ID was encountered.
var errSecAttributeNotInContext: OSStatusAn attribute was not in the context.
var errSecModuleManagerInitializeFailed: OSStatusA module failed to initialize.
var errSecModuleManagerNotFound: OSStatusA module was not found.
var errSecEventNotificationCallbackNotFound: OSStatusAn event notification callback was not found.
var errSecInputLengthError: OSStatusAn input length error was encountered.
var errSecOutputLengthError: OSStatusAn output length error was encountered.
var errSecPrivilegeNotSupported: OSStatusThe privilege is not supported.
var errSecDeviceError: OSStatusA device error was encountered.
var errSecAttachHandleBusy: OSStatusThe CSP handle was busy.
var errSecNotLoggedIn: OSStatusYou are not logged in.
var errSecAlgorithmMismatch: OSStatusAn algorithm mismatch was encountered.
var errSecKeyUsageIncorrect: OSStatusThe key usage is incorrect.
var errSecKeyBlobTypeIncorrect: OSStatusThe key blob type is incorrect.
var errSecKeyHeaderInconsistent: OSStatusThe key header is inconsistent.
var errSecUnsupportedKeyFormat: OSStatusThe key header format is not supported.
var errSecUnsupportedKeySize: OSStatusThe key size is not supported.
var errSecInvalidKeyUsageMask: OSStatusThe key usage mask is not valid.
var errSecUnsupportedKeyUsageMask: OSStatusThe key usage mask is not supported.
var errSecInvalidKeyAttributeMask: OSStatusThe key attribute mask is not valid.
var errSecUnsupportedKeyAttributeMask: OSStatusThe key attribute mask is not supported.
var errSecInvalidKeyLabel: OSStatusThe key label is not valid.
var errSecUnsupportedKeyLabel: OSStatusThe key label is not supported.
var errSecInvalidKeyFormat: OSStatusThe key format is not valid.
var errSecUnsupportedVectorOfBuffers: OSStatusThe vector of buffers is not supported.
var errSecInvalidInputVector: OSStatusThe input vector is not valid.
var errSecInvalidOutputVector: OSStatusThe output vector is not valid.
var errSecInvalidContext: OSStatusAn invalid context was encountered.
var errSecInvalidAlgorithm: OSStatusAn invalid algorithm was encountered.
var errSecInvalidAttributeKey: OSStatusA key attribute was not valid.
var errSecMissingAttributeKey: OSStatusA key attribute was missing.
var errSecInvalidAttributeInitVector: OSStatusAn init vector attribute was not valid.
var errSecMissingAttributeInitVector: OSStatusAn init vector attribute was missing.
var errSecInvalidAttributeSalt: OSStatusA salt attribute was not valid.
var errSecMissingAttributeSalt: OSStatusA salt attribute was missing.
var errSecInvalidAttributePadding: OSStatusA padding attribute was not valid.
var errSecMissingAttributePadding: OSStatusA padding attribute was missing.
var errSecInvalidAttributeRandom: OSStatusA random number attribute was not valid.
var errSecMissingAttributeRandom: OSStatusA random number attribute was missing.
var errSecInvalidAttributeSeed: OSStatusA seed attribute was not valid.
var errSecMissingAttributeSeed: OSStatusA seed attribute was missing.
var errSecInvalidAttributePassphrase: OSStatusA passphrase attribute was not valid.
var errSecMissingAttributePassphrase: OSStatusA passphrase attribute was missing.
var errSecInvalidAttributeKeyLength: OSStatusA key length attribute was not valid.
var errSecMissingAttributeKeyLength: OSStatusA key length attribute was missing.
var errSecInvalidAttributeBlockSize: OSStatusA block size attribute was not valid.
var errSecMissingAttributeBlockSize: OSStatusA block size attribute was missing.
var errSecInvalidAttributeOutputSize: OSStatusAn output size attribute was not valid.
var errSecMissingAttributeOutputSize: OSStatusAn output size attribute was missing.
var errSecInvalidAttributeRounds: OSStatusThe number of rounds attribute was not valid.
var errSecMissingAttributeRounds: OSStatusThe number of rounds attribute was missing.
var errSecInvalidAlgorithmParms: OSStatusAn algorithm parameters attribute was not valid.
var errSecMissingAlgorithmParms: OSStatusAn algorithm parameters attribute was missing.
var errSecInvalidAttributeLabel: OSStatusA label attribute was not valid.
var errSecMissingAttributeLabel: OSStatusA label attribute was missing.
var errSecInvalidAttributeKeyType: OSStatusA key type attribute was not valid.
var errSecMissingAttributeKeyType: OSStatusA key type attribute was missing.
var errSecInvalidAttributeMode: OSStatusA mode attribute was not valid.
var errSecMissingAttributeMode: OSStatusA mode attribute was missing.
var errSecInvalidAttributeEffectiveBits: OSStatusAn effective bits attribute was not valid.
var errSecMissingAttributeEffectiveBits: OSStatusAn effective bits attribute was missing.
var errSecInvalidAttributeStartDate: OSStatusA start date attribute was not valid.
var errSecMissingAttributeStartDate: OSStatusA start date attribute was missing.
var errSecInvalidAttributeEndDate: OSStatusAn end date attribute was not valid.
var errSecMissingAttributeEndDate: OSStatusAn end date attribute was missing.
var errSecInvalidAttributeVersion: OSStatusA version attribute was not valid.
var errSecMissingAttributeVersion: OSStatusA version attribute was missing.
var errSecInvalidAttributePrime: OSStatusA prime attribute was not valid.
var errSecMissingAttributePrime: OSStatusA prime attribute was missing.
var errSecInvalidAttributeBase: OSStatusA base attribute was not valid.
var errSecMissingAttributeBase: OSStatusA base attribute was missing.
var errSecInvalidAttributeSubprime: OSStatusA subprime attribute was not valid.
var errSecMissingAttributeSubprime: OSStatusA subprime attribute was missing.
var errSecInvalidAttributeIterationCount: OSStatusAn iteration count attribute was not valid.
var errSecMissingAttributeIterationCount: OSStatusAn iteration count attribute was missing.
var errSecInvalidAttributeDLDBHandle: OSStatusA database handle attribute was not valid.
var errSecMissingAttributeDLDBHandle: OSStatusA database handle attribute was missing.
var errSecInvalidAttributeAccessCredentials: OSStatusAn access credentials attribute was not valid.
var errSecMissingAttributeAccessCredentials: OSStatusAn access credentials attribute was missing.
var errSecInvalidAttributePublicKeyFormat: OSStatusA public key format attribute was not valid.
var errSecMissingAttributePublicKeyFormat: OSStatusA public key format attribute was missing.
var errSecInvalidAttributePrivateKeyFormat: OSStatusA private key format attribute was not valid.
var errSecMissingAttributePrivateKeyFormat: OSStatusA private key format attribute was missing.
var errSecInvalidAttributeSymmetricKeyFormat: OSStatusA symmetric key format attribute was not valid.
var errSecMissingAttributeSymmetricKeyFormat: OSStatusA symmetric key format attribute was missing.
var errSecInvalidAttributeWrappedKeyFormat: OSStatusA wrapped key format attribute was not valid.
var errSecMissingAttributeWrappedKeyFormat: OSStatusA wrapped key format attribute was missing.
var errSecStagedOperationInProgress: OSStatusA staged operation is in progress.
var errSecStagedOperationNotStarted: OSStatusA staged operation was not started.
var errSecVerifyFailed: OSStatusA cryptographic verification failure has occurred.
var errSecQuerySizeUnknown: OSStatusThe query size is unknown.
var errSecBlockSizeMismatch: OSStatusA block size mismatch occurred.
var errSecPublicKeyInconsistent: OSStatusThe public key was inconsistent.
var errSecDeviceVerifyFailed: OSStatusA device verification failure has occurred.
var errSecInvalidLoginName: OSStatusAn invalid login name was detected.
var errSecAlreadyLoggedIn: OSStatusThe user is already logged in.
var errSecInvalidDigestAlgorithm: OSStatusAn invalid digest algorithm was detected.
var errSecInvalidCRLGroup: OSStatusAn invalid CRL group was detected.
var errSecCertificateCannotOperate: OSStatusThe certificate cannot operate.
var errSecCertificateExpired: OSStatusAn expired certificate was detected.
var errSecCertificateNotValidYet: OSStatusThe certificate is not yet valid.
var errSecCertificateRevoked: OSStatusThe certificate was revoked.
var errSecCertificateSuspended: OSStatusThe certificate was suspended.
var errSecInsufficientCredentials: OSStatusInsufficient credentials were detected.
var errSecInvalidAction: OSStatusThe action was not valid.
var errSecInvalidAuthority: OSStatusThe authority was not valid.
var errSecVerifyActionFailed: OSStatusA verify action has failed.
var errSecInvalidCertAuthority: OSStatusThe certificate authority was not valid.
var errSecInvaldCRLAuthority: OSStatusThe CRL authority was not valid.
var errSecInvalidCRLEncoding: OSStatusThe CRL encoding was not valid.
var errSecInvalidCRLType: OSStatusThe CRL type was not valid.
var errSecInvalidCRL: OSStatusThe CRL was not valid.
var errSecInvalidFormType: OSStatusThe form type was not valid.
var errSecInvalidID: OSStatusThe ID was not valid.
var errSecInvalidIdentifier: OSStatusThe identifier was not valid.
var errSecInvalidIndex: OSStatusThe index was not valid.
var errSecInvalidPolicyIdentifiers: OSStatusThe policy identifiers are not valid.
var errSecInvalidTimeString: OSStatusThe time specified was not valid.
var errSecInvalidReason: OSStatusThe trust policy reason was not valid.
var errSecInvalidRequestInputs: OSStatusThe request inputs are not valid.
var errSecInvalidResponseVector: OSStatusThe response vector was not valid.
var errSecInvalidStopOnPolicy: OSStatusThe stop-on policy was not valid.
var errSecInvalidTuple: OSStatusThe tuple was not valid.
var errSecMultipleValuesUnsupported: OSStatusMultiple values are not supported.
var errSecNotTrusted: OSStatusThe trust policy was not trusted.
var errSecNoDefaultAuthority: OSStatusNo default authority was detected.
var errSecRejectedForm: OSStatusThe trust policy had a rejected form.
var errSecRequestLost: OSStatusThe request was lost.
var errSecRequestRejected: OSStatusThe request was rejected.
var errSecUnsupportedAddressType: OSStatusThe address type is not supported.
var errSecUnsupportedService: OSStatusThe service is not supported.
var errSecInvalidTupleGroup: OSStatusThe tuple group was not valid.
var errSecInvalidBaseACLs: OSStatusThe base ACLs are not valid.
var errSecInvalidTupleCredendtials: OSStatusThe tuple credentials are not valid.
var errSecInvalidEncoding: OSStatusThe encoding was not valid.
var errSecInvalidValidityPeriod: OSStatusThe validity period was not valid.
var errSecInvalidRequestor: OSStatusThe requestor was not valid.
var errSecRequestDescriptor: OSStatusThe request descriptor was not valid.
var errSecInvalidBundleInfo: OSStatusThe bundle information was not valid.
var errSecInvalidCRLIndex: OSStatusThe CRL index was not valid.
var errSecNoFieldValues: OSStatusNo field values were detected.
var errSecUnsupportedFieldFormat: OSStatusThe field format is not supported.
var errSecUnsupportedIndexInfo: OSStatusThe index information is not supported.
var errSecUnsupportedLocality: OSStatusThe locality is not supported.
var errSecUnsupportedNumAttributes: OSStatusThe number of attributes is not supported.
var errSecUnsupportedNumIndexes: OSStatusThe number of indexes is not supported.
var errSecUnsupportedNumRecordTypes: OSStatusThe number of record types is not supported.
var errSecFieldSpecifiedMultiple: OSStatusToo many fields were specified.
var errSecIncompatibleFieldFormat: OSStatusThe field format was incompatible.
var errSecInvalidParsingModule: OSStatusThe parsing module was not valid.
var errSecDatabaseLocked: OSStatusThe database is locked.
var errSecDatastoreIsOpen: OSStatusThe data store is open.
var errSecMissingValue: OSStatusA missing value was detected.
var errSecUnsupportedQueryLimits: OSStatusThe query limits are not supported.
var errSecUnsupportedNumSelectionPreds: OSStatusThe number of selection predicates is not supported.
var errSecUnsupportedOperator: OSStatusThe operator is not supported.
var errSecInvalidDBLocation: OSStatusThe database location is not valid.
var errSecInvalidAccessRequest: OSStatusThe access request is not valid.
var errSecInvalidIndexInfo: OSStatusThe index information is not valid.
var errSecInvalidNewOwner: OSStatusThe new owner is not valid.
var errSecInvalidModifyMode: OSStatusThe modify mode is not valid.
var errSecMissingRequiredExtension: OSStatusA required certificate extension is missing.
var errSecExtendedKeyUsageNotCritical: OSStatusThe extended key usage extension was not marked critical.
var errSecTimestampMissing: OSStatusA timestamp was expected but was not found.
var errSecTimestampInvalid: OSStatusThe timestamp was not valid.
var errSecTimestampNotTrusted: OSStatusThe timestamp was not trusted.
var errSecTimestampServiceNotAvailable: OSStatusThe timestamp service is not available.
var errSecTimestampBadAlg: OSStatusFound an unrecognized or unsupported algorithm identifier (AI) in timestamp.
var errSecTimestampBadRequest: OSStatusThe timestamp transaction is not permitted or supported.
var errSecTimestampBadDataFormat: OSStatusThe timestamp data submitted has the wrong format.
var errSecTimestampTimeNotAvailable: OSStatusThe time source for the timestamp authority is not available.
var errSecTimestampUnacceptedPolicy: OSStatusThe requested policy is not supported by the timestamp authority.
var errSecTimestampUnacceptedExtension: OSStatusThe requested extension is not supported by the timestamp authority.
var errSecTimestampAddInfoNotAvailable: OSStatusThe additional information requested is not available.
var errSecTimestampSystemFailure: OSStatusThe timestamp request cannot be handled due to a system failure .
var errSecSigningTimeMissing: OSStatusA signing time was expected but was not found.
var errSecTimestampRejection: OSStatusA timestamp transaction was rejected.
var errSecTimestampWaiting: OSStatusA timestamp transaction is waiting.
var errSecTimestampRevocationWarning: OSStatusA timestamp authority revocation warning was issued.
var errSecTimestampRevocationNotification: OSStatusA timestamp authority revocation notification was issued.