珍珠跳棋,帕查拉·奇拉锡瓦特,天钟变
keychain services的相关接口可以让你发现、增加、修改和删除钥匙串中的items。
使用os x的钥匙链访问密码保护服务如下所示:
![\](http://www.lhsxpumps.com/_images3/10qianwan/20190109/b_0_201901092336195217.jpg "\")
使用iphone访问网络服务器密钥链服务如下所示:<�喎? f/ware/vc/"="" target="_blank" class="keylink">vcd4ncjxwpjxpbwcgywx0pq=="" src="/uploadfile/collfiles/20160730/201607300927101045.png" title="\" />
1 functions
1.1 using keychain item search dictionaries
钥匙串由cfdictionary定义键值对。
// 搜索查询
@available(ios 2.0, *)
public func secitemcopymatching(query: cfdictionary, _ result: unsafemutablepointer) -> osstatus
// 增加
@available(ios 2.0, *)
public func secitemadd(attributes: cfdictionary, _ result: unsafemutablepointer) -> osstatus
// 修改
@available(ios 2.0, *)
public func secitemupdate(query: cfdictionary, _ attributestoupdate: cfdictionary) -> osstatus
// 删除
@available(ios 2.0, *)
public func secitemdelete(query: cfdictionary) -> osstatus
1.2 creating access control objects
// 创建一个新的访问控制对象,该对象具有指定的保护类型和标志。
@available(ios 8.0, *)
public func secaccesscontrolcreatewithflags(allocator: cfallocator?, _ protection: anyobject, _ flags: secaccesscontrolcreateflags, _ error: unsafemutablepointer?>) -> secaccesscontrol?
2 constants
2.1 os x keychain services api constants
// 预定义的关键常量时,基于字典的参数使用传递导入/导出功能
@available(ios 2.0, *)
public let ksecimportexportpassphrase: cfstring
2.2 keychain item class keys and values
2.2.1 item class key constant
// 搜索词典条目
@available(ios 2.0, *)
public let ksecclass: cfstring
2.2.2 item class value constants
// 一般密码
@available(ios 2.0, *)
public let ksecclassgenericpassword: cfstring
// 互联网密码
@available(ios 2.0, *)
public let ksecclassinternetpassword: cfstring
// 证书对象
@available(ios 2.0, *)
public let ksecclasscertificate: cfstring
// 专用秘钥
@available(ios 2.0, *)
public let ksecclasskey: cfstring
// 身份对象,包含ksecclasskey和ksecclasscertificate.
@available(ios 2.0, *)
public let ksecclassidentity: cfstring
2.3 attribute item keys and values
2.3.1 attribute item keys
每种类型的钥匙串项可以有多个描述属性
|
cftyperef |
declaration |
value |
readonly |
ksecclassgenericpassword |
ksecclassinternetpassword |
ksecclasscertificate |
ksecclasskey |
ksecclassidentity |
| ksecattraccessible |
可访问性类型透明 |
cftyperef |
|
√ |
√ |
√ |
√ |
√ |
| ksecattraccesscontrol(ios 8.0) |
访问控制 |
secaccesscontrol |
|
√ |
√ |
√ |
√ |
√ |
| ksecattraccessgroup |
访问组 |
cfstringref |
|
√ |
√ |
√ |
√ |
√ |
| ksecattrsynchronizable(ios 7.0) |
数据同步或异步到其他设备 |
cfbooleanref |
|
√ |
√ |
√ |
√ |
√ |
| ksecattrcreationdate |
创建日期 |
cfdateref |
√ |
√ |
√ |
|
|
|
| ksecattrmodificationdate |
最后一次修改日期 |
cfdateref |
√ |
√ |
√ |
|
|
|
| ksecattrdescription |
描述 |
cfstringref |
|
√ |
√ |
|
|
|
| ksecattrcomment |
注释 |
cfstringref |
|
√ |
√ |
|
|
|
| ksecattrcreator |
创造者 |
cfnumberref |
|
√ |
√ |
|
|
|
| ksecattrtype |
类型 |
cfnumberref |
|
√ |
√ |
|
|
|
| ksecattrlabel |
标签 |
cfstringref |
|
√ |
√ |
√ |
√ |
√ |
| ksecattrisinvisible |
是否隐藏 |
kcfbooleantrue |
|
√ |
√ |
|
|
|
| ksecattrisnegative |
是否具有密码 |
cfbooleanref |
|
√ |
√ |
|
|
|
| ksecattraccount |
账户 |
cfstringref |
|
√ |
√ |
|
|
|
| ksecattrservice |
所具有服务 |
cfstringref |
|
√ |
|
|
|
|
| ksecattrgeneric |
用户自定义内容 |
cfdataref |
|
√ |
|
|
|
|
| ksecattrsecuritydomain |
域 |
cfstringref |
|
|
√ |
|
|
|
| ksecattrserver |
服务器域名或ip地址 |
cfstringref |
|
|
√ |
|
|
|
| ksecattrprotocol |
协议 |
cfnumberref |
|
|
√ |
|
|
|
| ksecattrauthenticationtype |
认证类型 |
cfnumberref |
|
|
√ |
|
|
|
| ksecattrport |
网络端口 |
cfnumberref |
|
|
√ |
|
|
|
| ksecattrpath |
访问路径 |
cfstringref |
|
|
√ |
|
|
|
| ksecattrsubject |
x.500证书主题名称 |
cfdataref |
√ |
|
|
√ |
|
√ |
| ksecattrissuer |
x.500证书颁发者名称 |
cfdataref |
√ |
|
|
√ |
|
√ |
| ksecattrserialnumber |
序列号 |
cfdataref |
√ |
|
|
√ |
|
√ |
| ksecattrsubjectkeyid |
主题id |
cfdataref |
√ |
|
|
√ |
|
√ |
| ksecattrpublickeyhash |
公钥hash值 |
cfdataref |
√ |
|
|
√ |
|
√ |
| ksecattrcertificatetype |
证书类型 |
cfnumberref |
√ |
|
|
√ |
|
√ |
| ksecattrcertificateencoding |
证书编码类型 |
cfnumberref |
√ |
|
|
√ |
|
√ |
| ksecattrkeyclass |
密钥类 |
cftyperef |
√ |
|
|
|
√ |
√ |
| ksecattrapplicationlabel |
标签(给程序使用) |
cfstringref |
|
|
|
|
√ |
√ |
| ksecattrispermanent |
是否永久保存加密密钥 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrapplicationtag |
标签(私有标签数据) |
cfdataref |
|
|
|
|
√ |
√ |
| ksecattrkeytype |
加密密钥类型(算法) |
cfnumberref |
|
|
|
|
√ |
√ |
| ksecattrkeysizeinbits |
密钥总位数 |
cfnumberref |
|
|
|
|
√ |
√ |
| ksecattreffectivekeysize |
密钥有效位数 |
cfnumberref |
|
|
|
|
√ |
√ |
| ksecattrcanencrypt |
密钥是否可用于加密 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrcandecrypt |
密钥是否可用于解密 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrcanderive |
密钥是否可用于导出其他密钥 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrcansign |
密钥是否可用于数字签名 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrcanverify |
密钥是否可用于验证数字签名 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrcanwrap |
密钥是否可用于打包其他密钥 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrcanunwrap |
密钥是否可用于解包其他密钥 |
cfbooleanref |
|
|
|
|
√ |
√ |
| ksecattrsyncviewhint(ios 9.0) |
同步视图中的定义查询 |
cfstringref |
|
|
|
|
|
|
| ksecattrtokenid(ios 9.0) |
令牌 |
cfstringref |
|
|
|
|
|
|
ksecattraccessgroup:如果希望这个keychain的item可以被多个应用share,可以给这个item设置这个属性,类型是cfstringref。应用程序在被编译时,可以在entitlement中指定自己的accessgroup,如果应用的accessgroup名字和keychain item的accessgroup名字一致,那这个应用就可以访问这个item,不过这个设计并不是很好,因为应用的accessgroup是由应用开发者指定的,它可以故意跟其他应用的accessgroup一样,从而访问其他应用的item,更可怕的是还支持wildcard,比如keychain-dumper将自己的accessgroup指定为*,从而可以把keychain中的所有item都dump出来。 ksecattrtokenid: 当前对应的值只有ksecattrtokenidsecureenclave
2.3.2 protocol values
ksecattrprotocol对应的values
let ksecattrprotocolftp: cfstring // ftp protocol.
let ksecattrprotocolftpaccount: cfstring // a client side ftp account.
let ksecattrprotocolhttp: cfstring // http protocol.
let ksecattrprotocolirc: cfstring // irc protocol.
let ksecattrprotocolnntp: cfstring // nntp protocol.
let ksecattrprotocolpop3: cfstring // pop3 protocol.
let ksecattrprotocolsmtp: cfstring // smtp protocol.
let ksecattrprotocolsocks: cfstring // socks protocol.
let ksecattrprotocolimap: cfstring // imap protocol.
let ksecattrprotocolldap: cfstring // ldap protocol.
let ksecattrprotocolappletalk: cfstring // afp over appletalk.
let ksecattrprotocolafp: cfstring // afp over tcp.
let ksecattrprotocoltelnet: cfstring // telnet protocol.
let ksecattrprotocolssh: cfstring // ssh protocol.
let ksecattrprotocolftps: cfstring // ftp over tls/ssl.
let ksecattrprotocolhttps: cfstring // http over tls/ssl.
let ksecattrprotocolhttpproxy: cfstring // http proxy.
let ksecattrprotocolhttpsproxy: cfstring // https proxy.
let ksecattrprotocolftpproxy: cfstring // ftp proxy.
let ksecattrprotocolsmb: cfstring // smb protocol.
let ksecattrprotocolrtsp: cfstring // rtsp protocol.
let ksecattrprotocolrtspproxy: cfstring // rtsp proxy.
let ksecattrprotocoldaap: cfstring // daap protocol.
let ksecattrprotocoleppc: cfstring // remote apple events.
let ksecattrprotocolipp: cfstring // ipp protocol.
let ksecattrprotocolnntps: cfstring // nntp over tls/ssl.
let ksecattrprotocolldaps: cfstring // ldap over tls/ssl.
let ksecattrprotocoltelnets: cfstring // telnet over tls/ssl.
let ksecattrprotocolimaps: cfstring // imap over tls/ssl.
let ksecattrprotocolircs: cfstring // irc over tls/ssl.
let ksecattrprotocolpop3s: cfstring // pop3 over tls/ssl.
2.3.3 authentication type values
ksecattrauthenticationtype对应的values
let ksecattrauthenticationtypentlm: cfstring // windows nt lan manager authentication.
let ksecattrauthenticationtypemsn: cfstring // microsoft network default authentication.
let ksecattrauthenticationtypedpa: cfstring // distributed password authentication.
let ksecattrauthenticationtyperpa: cfstring // remote password authentication.
let ksecattrauthenticationtypehttpbasic: cfstring // http basic authentication.
let ksecattrauthenticationtypehttpdigest: cfstring // http digest access authentication.
let ksecattrauthenticationtypehtmlform: cfstring // html form based authentication.
let ksecattrauthenticationtypedefault: cfstring // the default authentication type.
2.3.4 key class values
ksecattrkeyclass对应的values
let ksecattrkeyclasspublic: cfstring // 公钥
let ksecattrkeyclassprivate: cfstring // 私钥
let ksecattrkeyclasssymmetric: cfstring // 对称密钥
2.3.5 key type values
ksecattrkeytype对应的values
let ksecattrkeytypersa: cfstring // rsa公钥加密算法
let ksecattrkeytypeec: cfstring // 非对称加密
2.3.6 keychain item accessibility constants
ksecattraccessible对应的常量,默认ksecattraccessiblewhenunlocked
let ksecattraccessiblewhenunlocked: cfstring // 解锁可访问,加密备份
let ksecattraccessibleafterfirstunlock: cfstring // 设备重启、第一次解锁后可访问,加密备份
let ksecattraccessiblealways: cfstring // 一直可访问,加密备份
@available(ios 8.0, *)
let ksecattraccessiblewhenpasscodesetthisdeviceonly: cfstring // 设备解锁时才被访问,不备份,禁用设备密码会导致这类项目被删除。
let ksecattraccessiblewhenunlockedthisdeviceonly: cfstring // 解锁可访问,不备份
let ksecattraccessibleafterfirstunlockthisdeviceonly: cfstring // 设备重启、第一次解锁后可访问,不备份
let ksecattraccessiblealwaysthisdeviceonly: cfstring // 一直可访问,不备份
2.3.7 ksecattrsynchronizable value constants
使用于secitemcopymatching, secitemupdate, or secitemdelete.
@available(ios 7.0, *)
public let ksecattrsynchronizableany: cfstring // 同步和非同步返回查询结果
2.3.8 ksecattrtokenid value constants
使用ksecattrkeytypeec 256-bits加密,对应使用的ksecattrtokenid和ksecattrtokenidsecureenclave
@available(ios 9.0, *)
public let ksecattrtokenidsecureenclave: cfstring // 秘钥
2.4 search keys
2.4.1 search attribute keys
查询时使用的属性key
let ksecmatchpolicy: cfstring // 指定策略
let ksecmatchitemlist: cfstring // 指定搜索范围 cfarrayref(seckeychainitemref, seckeyref, seccertificateref, secidentityref,cfdataref)数组内的类型必须唯一。仍然会搜索钥匙串,但是搜索结果需要与该数组取交集作为最终结果。
let ksecmatchsearchlist: cfstring // 搜索列表 cfarray
let ksecmatchissuers: cfstring // 指定发行人数组 cfarrayref(ksecattrissuer对应的value)
let ksecmatchemailaddressifpresent: cfstring // 指定邮件地址 cfstringref
let ksecmatchsubjectcontains: cfstring // 指定主题 cfstringref
let ksecmatchcaseinsensitive: cfstring // 指定是否不区分大小写 cfbooleanref(kcfbooleanfalse或不提供此参数,区分大小写;kcfbooleantrue,不区分大小写)
let ksecmatchtrustedonly: cfstring // 指定只搜索可信证书 cfbooleanref(kcfbooleanfalse或不提供此参数,全部证书;kcfbooleantrue,只搜索可信证书)
let ksecmatchvalidondate: cfstring // 指定有效日期 cfdateref(kcfnull表示今天)
let ksecmatchlimit: cfstring // 指定结果数量 cfnumberref(ksecmatchlimitone or ksecmatchlimitall)
let ksecmatchlimitone: cfstring // 首条结果
let ksecmatchlimitall: cfstring // 全部结果
2.4.2 item list key
用于指定要搜索或添加的项目列表的键。用户提供用于查询的列表。当这个列表被提供的时候,不会再搜索钥匙串。
let ksecuseitemlist: cfstring // cfarrayref(seckeychainitemref, seckeyref, seccertificateref, secidentityref, or (for persistent item references) cfdataref items. )
2.5 search results constants
2.5.1 return type keys
搜索的返回值
let ksecreturndata: cfstring // 返回数据(cfdataref) cfbooleanref
let ksecreturnattributes: cfstring // 返回属性字典(cfdictionaryref) cfbooleanref
let ksecreturnref: cfstring // 返回实例(seckeychainitemref, seckeyref, seccertificateref, secidentityref, or cfdataref) cfbooleanref
let ksecreturnpersistentref: cfstring // 返回持久型实例(cfdataref) cfbooleanref
2.5.2 value type keys
let ksecvaluedata: cfstring // data数据(cfdataref)
let ksecvalueref: cfstring // 引用数据(seckeychainitemref, seckeyref, seccertificateref, or secidentityref.)
let ksecvaluepersistentref: cfstring // 强引用数据(cfdataref)
2.6 access control create flags
secaccesscontrolcreateflags方法使用的常数
@available(ios 8.0, *)
public struct secaccesscontrolcreateflags : optionsettype {
public init(rawvalue: cfindex)
public static var userpresence: secaccesscontrolcreateflags { get } // user presence policy using touch id or passcode. touch id does not have to be available or enrolled. item is still accessible by touch id even if fingers are added or removed.
@available(ios 9.0, *)
public static var touchidany: secaccesscontrolcreateflags { get } // constraint: touch id (any finger). touch id must be available and at least one finger must be enrolled. item is still accessible by touch id even if fingers are added or removed.
@available(ios 9.0, *)
public static var touchidcurrentset: secaccesscontrolcreateflags { get } // constraint: touch id from the set of currently enrolled fingers. touch id must be available and at least one finger must be enrolled. when fingers are added or removed, the item is invalidated.
@available(ios 9.0, *)
public static var devicepasscode: secaccesscontrolcreateflags { get } // constraint: device passcode
@available(ios 9.0, *)
public static var or: secaccesscontrolcreateflags { get } // constraint logic operation: when using more than one constraint, at least one of them must be satisfied.
@available(ios 9.0, *)
public static var and: secaccesscontrolcreateflags { get } // constraint logic operation: when using more than one constraint, all must be satisfied.
@available(ios 9.0, *)
public static var privatekeyusage: secaccesscontrolcreateflags { get } // create access control for private key operations (i.e. sign operation)
@available(ios 9.0, *)
public static var applicationpassword: secaccesscontrolcreateflags { get } // security: application provided password for data encryption key generation. this is not a constraint but additional item encryption mechanism.
}
2.7 other constants
2.7.1 predefined constants
@available(ios 8.0, *)
public let ksecuseoperationprompt: cfstring // ui校验通过
@available(ios 9.0, *)
public let ksecuseauthenticationui: cfstring // 验证ui(cfbooleanref)
@available(ios 9.0, *)
public let ksecuseauthenticationcontext: cfstring // 秘钥item验证(lacontext)
2.7.2 ksecuseauthenticationui value constants
@available(ios 9.0, *)
public let ksecuseauthenticationuiallow: cfstring // ui校验通过
@available(ios 9.0, *)
public let ksecuseauthenticationuifail: cfstring // ui校验出错
@available(ios 9.0, *)
public let ksecuseauthenticationuiskip: cfstring // ui校验跳过
如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!!
点击进行留言回复
我要评论
网友评论