详解iOS使用Keychain中的kSecClassGenericPassword存储数据

iOS设备中的Keychain是一个安全的存储容器,可以用来为不同应用保存敏感信息比如用户名,密码,网络密码,认证令牌。苹果自己用keychain来保存Wi-Fi网络密码,VPN凭证等等。它是一个sqlite数据库,位于/private/var/Keychains/keychain-2.db,其保存的所有数据都是加密过的。模拟器下keychain文件路径:~/Library/Application Support/iPhone Simulator/4.3/Library/Keychains

keychain里保存的信息不会因App被删除而丢失,在用户重新安装App后依然有效,数据还在。

关于备份,只会备份数据,到那时不会备份设备的密钥,换句话说,即使拿到数据,也没有办法解密里面的内容。

比较复杂的数据,使用苹果官方发布的KeychainItemWrapper或者SFHFKeychainUtils会很方便。如果是比较简单的,就不用苹果提供的类了,自己写个简单的类来实现就好了。

两种方法都需要在”Build Phases“中导入库"Security.framework"

一、自己封装的类

(1)实现代码(思路是将数据封装进NSDictionary,通过NSKeyedArchiver归档后保存)

a)MyKeychain.h

//
// MyKeychainh
// UUIDdemo
//
// Created by 555chy on 6/10/
// Copyright © 2016 555chy All rights reserved
// 

#import <Foundation/Foundationh>
#import <Security/Securityh> 

@interface MyKeychain : NSObject 

+ (BOOL)save:(NSString*)service data:(id)data;
+ (id)load:(NSString*)service;
+ (void)delete:(NSString*)service; 

@end
b)MyKeychainm
//
// MyKeychainm
// UUIDdemo
//
// Created by 555chy on 6/10/
// Copyright © 2016 555chy All rights reserved
// 

#import "MyKeychainh" 

@implementation MyKeychain 

+ (NSMutableDictionary*) getKeychainQuery: (NSString*)service {
  return [NSMutableDictionary dictionaryWithObjectsAndKeys:
    (id)kSecClassGenericPassword, (id)kSecClass,
    service, (id)kSecAttrService,
    service, (id)kSecAttrAccount,
    (id)kSecAttrAccessibleAfterFirstUnlock, (id)kSecAttrAccessible,
   nil nil];
} 

+ (BOOL) save:(NSString*)service data:(id)data {
  NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
  SecItemDelete((CFDictionaryRef)keychainQuery);
  [keychainQuery setObject:[NSKeyedArchiver archivedDataWithRootObject:data] forKey:(id)kSecValueData];
  return SecItemAdd((CFDictionaryRef)keychainQuery, NULL) == noErr;
} 

+ (id) load:(NSString*)service {
  id ret = NULL;
  NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
  [keychainQuery setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
  [keychainQuery setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
  NSData *keyData = NULL;
  if(SecItemCopyMatching((CFDictionaryRef)keychainQuery, (CFTypeRef*)(void*)&keyData) == noErr) {
    @try {
      ret = [NSKeyedUnarchiver unarchiveObjectWithData:keyData];
    }
    @catch (NSException *exception) {
      NSLog(@"Unarchive of %@ failed: %@", service, exception);
    }
    @finally {
    }
  }
  return ret;
} 

+ (void) delete:(NSString*)service {
  NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
  SecItemDelete((CFDictionaryRef)keychainQuery);
} 

@end

c)ViewController.m

//
// ViewControllerm
// UUIDdemo
//
// Created by 555chy on 6/10/
// Copyright © 2016 555chy All rights reserved
// 

#import "ViewControllerh"
#import "MyKeychainh" 

@interface ViewController () 

@end 

@implementation ViewController 

NSString *KEY_PACKAGE_NAME = @"comchyuuiddemouuid";
NSString *KEY_UUID = @"uuid"; 

-(void) saveIdfv {
  NSString *idfv = [[[UIDevice currentDevice] identifierForVendor] UUIDString];
  NSLog(@"get from UIDevice, idfv is %@", idfv); 

  NSMutableDictionary *dataDict = [NSMutableDictionary dictionary];
  [dataDict setObject:idfv forKey:KEY_UUID];
  BOOL ret = [MyKeychain save:KEY_PACKAGE_NAME data:dataDict];
  NSLog(@"save %@ %@", idfv, ret?@"succ":@"fail");
} 

-(void) reloadIdfv {
  NSMutableDictionary *loadData = [MyKeychain load:KEY_PACKAGE_NAME];
  NSString *loadIdfv = [loadData objectForKey:KEY_UUID];
  if(loadIdfv) {
    NSLog(@"load idfv is %@", loadIdfv);
  } else {
    NSLog(@"load idfv, but it not exist");
  }
} 

- (void)viewDidLoad {
  [super viewDidLoad];
  // Do any additional setup after loading the view, typically from a nib 

  [self reloadIdfv]; 

  [self saveIdfv]; 

  [self reloadIdfv]; 

  [MyKeychain delete:KEY_PACKAGE_NAME];
  NSLog(@"delete idfv from keychain"); 

  [self reloadIdfv]; 

  [self saveIdfv];
} 

- (void)didReceiveMemoryWarning {
  [super didReceiveMemoryWarning];
  // Dispose of any resources that can be recreated
} 

@end

(2)运行结果

第一次运行

第二次运行
在模拟器上每次运行实际上都是卸载前一个APP,然后再安装新的APP。而保存在keychain中的IDFV标识符依然还在。

(3)基本语法

SecItemAdd 增
SecItemUpdate 改
SecItemDelete 删
SecItemCopyMatching 查

(4)SecItem.h(变量的介绍基本都在头文件中了,看下头文件中的注释就能明白其中的含义)

/*
 * Copyright (c) 2006-2014 Apple Inc All Rights Reserved
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 0 (the 'License') You may not use this file except in
 * compliance with the License Please obtain a copy of the License at
 * http://wwwopensourceapplecom/apsl/ and read it before using this
 * file
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT
 * Please see the License for the specific language governing rights and
 * limitations under the License
 *
 * @APPLE_LICENSE_HEADER_END@
 */ 

/*!
  @header SecItem
  SecItem defines CoreFoundation-based constants and functions for
  access to Security items (certificates, keys, identities, and
  passwords)
*/ 

#ifndef _SECURITY_SECITEM_H_
#define _SECURITY_SECITEM_H_ 

#include <Security/SecBaseh>
#include <CoreFoundation/CFArrayh>
#include <CoreFoundation/CFDictionaryh> 

__BEGIN_DECLS 

CF_ASSUME_NONNULL_BEGIN
CF_IMPLICIT_BRIDGING_ENABLED 

/*!
  @enum Class Key Constant
  @discussion Predefined key constant used to get or set item class values in
    a dictionary Its value is one of the constants defined in the Value
    Constants for kSecClass
  @constant kSecClass Specifies a dictionary key whose value is the item's
    class code You use this key to get or set a value of type CFTypeRef
    that contains the item class code
*/
extern const CFStringRef kSecClass
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @enum Class Value Constants
  @discussion Predefined item class constants used to get or set values in
    a dictionary The kSecClass constant is the key and its value is one
    of the constants defined here
  @constant kSecClassGenericPassword Specifies generic password items
  @constant kSecClassInternetPassword Specifies Internet password items
  @constant kSecClassCertificate Specifies certificate items
  @constant kSecClassKey Specifies key items
  @constant kSecClassIdentity Specifies identity items
*/
extern const CFStringRef kSecClassGenericPassword
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
extern const CFStringRef kSecClassInternetPassword
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecClassCertificate
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
extern const CFStringRef kSecClassKey
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
extern const CFStringRef kSecClassIdentity
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); 

/*!
  @enum Attribute Key Constants
  @discussion Predefined item attribute keys used to get or set values in a
    dictionary Not all attributes apply to each item class The table
    below lists the currently defined attributes for each item class: 

  kSecClassGenericPassword item attributes:
    kSecAttrAccessible
    kSecAttrAccessControl
    kSecAttrAccessGroup
    kSecAttrCreationDate
    kSecAttrModificationDate
    kSecAttrDescription
    kSecAttrComment
    kSecAttrCreator
    kSecAttrType
    kSecAttrLabel
    kSecAttrIsInvisible
    kSecAttrIsNegative
    kSecAttrAccount
    kSecAttrService
    kSecAttrGeneric
    kSecAttrSynchronizable 

  kSecClassInternetPassword item attributes:
    kSecAttrAccessible
    kSecAttrAccessControl
    kSecAttrAccessGroup
    kSecAttrCreationDate
    kSecAttrModificationDate
    kSecAttrDescription
    kSecAttrComment
    kSecAttrCreator
    kSecAttrType
    kSecAttrLabel
    kSecAttrIsInvisible
    kSecAttrIsNegative
    kSecAttrAccount
    kSecAttrSecurityDomain
    kSecAttrServer
    kSecAttrProtocol
    kSecAttrAuthenticationType
    kSecAttrPort
    kSecAttrPath
    kSecAttrSynchronizable 

  kSecClassCertificate item attributes:
    kSecAttrAccessible
    kSecAttrAccessControl
    kSecAttrAccessGroup
    kSecAttrCertificateType
    kSecAttrCertificateEncoding
    kSecAttrLabel
    kSecAttrSubject
    kSecAttrIssuer
    kSecAttrSerialNumber
    kSecAttrSubjectKeyID
    kSecAttrPublicKeyHash
    kSecAttrSynchronizable 

  kSecClassKey item attributes:
    kSecAttrAccessible
    kSecAttrAccessControl
    kSecAttrAccessGroup
    kSecAttrKeyClass
    kSecAttrLabel
    kSecAttrApplicationLabel
    kSecAttrIsPermanent
    kSecAttrApplicationTag
    kSecAttrKeyType
    kSecAttrKeySizeInBits
    kSecAttrEffectiveKeySize
    kSecAttrCanEncrypt
    kSecAttrCanDecrypt
    kSecAttrCanDerive
    kSecAttrCanSign
    kSecAttrCanVerify
    kSecAttrCanWrap
    kSecAttrCanUnwrap
    kSecAttrSynchronizable 

  kSecClassIdentity item attributes:
    Since an identity is the combination of a private key and a
    certificate, this class shares attributes of both kSecClassKey and
    kSecClassCertificate 

   @constant kSecAttrAccessible Specifies a dictionary key whose value
   indicates when your application needs access to an item's data You
   should choose the most restrictive option that meets your application's
   needs to allow the system to protect that item in the best way possible
   See the "kSecAttrAccessible Value Constants" section for a list of
   values which can be specified
   IMPORTANT: This attribute is currently not supported for OS X keychain
   items, unless the kSecAttrSynchronizable attribute is also present If
   both attributes are specified on either OS X or iOS, the value for the
   kSecAttrAccessible key may only be one whose name does not end with
   "ThisDeviceOnly", as those cannot sync to another device 

   @constant kSecAttrAccessControl Specifies a dictionary key whose value
   is SecAccessControl instance which contains access control conditions
   for item 

   @constant kSecAttrAccessGroup Specifies a dictionary key whose value is
   a CFStringRef indicating which access group a item is in The access
   groups that a particular application has membership in are determined by
   two entitlements for that application The application-identifier
   entitlement contains the application's single access group, unless
   there is a keychain-access-groups entitlement present The latter
   has as its value a list of access groups; the first item in this list
   is the default access group Unless a specific access group is provided
   as the value of kSecAttrAccessGroup when SecItemAdd is called, new items
   are created in the application's default access group Specifying this
   attribute in SecItemCopyMatching, SecItemUpdate, or SecItemDelete calls
   limits the search to the specified access group (of which the calling
   application must be a member to obtain matching results) To share
   keychain items between multiple applications, each application must have
   a common group listed in its keychain-access-groups entitlement, and each
   must specify this shared access group name as the value for the
   kSecAttrAccessGroup key in the dictionary passed to SecItem functions 

   @constant kSecAttrSynchronizable Specifies a dictionary key whose value is
   a CFBooleanRef indicating whether the item in question can be synchronized
   To add a new item which can be synced to other devices, or to obtain
   synchronizable results from a query, supply this key with a value of
   kCFBooleanTrue If the key is not supplied, or has a value of
   kCFBooleanFalse, then no synchronizable items will be added or returned
   A predefined value, kSecAttrSynchronizableAny, may be provided instead of
   kCFBooleanTrue if both synchronizable and non-synchronizable results are
   desired 

   IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats: 

     - Updating or deleting items using the kSecAttrSynchronizable key will
      affect all copies of the item, not just the one on your local device
      Be sure that it makes sense to use the same password on all devices
      before deciding to make a password synchronizable
     - Only password items can currently be synchronized Keychain syncing
      is not supported for certificates or cryptographic keys
     - Items stored or obtained using the kSecAttrSynchronizable key cannot
      specify SecAccessRef-based access control with kSecAttrAccess If a
      password is intended to be shared between multiple applications, the
      kSecAttrAccessGroup key must be specified, and each application
      using this password must have a 'keychain-access-groups' entitlement
      with the specified access group value
     - Items stored or obtained using the kSecAttrSynchronizable key may
      not also specify a kSecAttrAccessible value which is incompatible
      with syncing (namely, those whose names end with "ThisDeviceOnly")
     - Items stored or obtained using the kSecAttrSynchronizable key cannot
      be specified by reference You must pass kSecReturnAttributes and/or
      kSecReturnData to retrieve results; kSecReturnRef is currently not
      supported for synchronizable items
     - Persistent references to synchronizable items should be avoided;
      while they may work locally, they cannot be moved between devices,
      and may not resolve if the item is modified on some other device
     - When specifying a query that uses the kSecAttrSynchronizable key,
      search keys are limited to the item's class and attributes
      The only search constant which may be used is kSecMatchLimit; other
      constants using the kSecMatch prefix are not supported at this time 

  @constant kSecAttrCreationDate (read-only) Specifies a dictionary key whose
    value is the item's creation date You use this key to get a value
    of type CFDateRef that represents the date the item was created
  @constant kSecAttrModificationDate (read-only) Specifies a dictionary key
    whose value is the item's modification date You use this key to get
    a value of type CFDateRef that represents the last time the item was
    updated
  @constant kSecAttrDescription Specifies a dictionary key whose value is
    the item's description attribute You use this key to set or get a
    value of type CFStringRef that represents a user-visible string
    describing this particular kind of item (eg, "disk image password")
  @constant kSecAttrComment Specifies a dictionary key whose value is the
    item's comment attribute You use this key to set or get a value of
    type CFStringRef containing the user-editable comment for this item
  @constant kSecAttrCreator Specifies a dictionary key whose value is the
    item's creator attribute You use this key to set or get a value of
    type CFNumberRef that represents the item's creator This number is
    the unsigned integer representation of a four-character code (eg,
    'aCrt')
  @constant kSecAttrType Specifies a dictionary key whose value is the item's
    type attribute You use this key to set or get a value of type
    CFNumberRef that represents the item's type This number is the
    unsigned integer representation of a four-character code (eg,
    'aTyp')
  @constant kSecAttrLabel Specifies a dictionary key whose value is the
    item's label attribute You use this key to set or get a value of
    type CFStringRef containing the user-visible label for this item
  @constant kSecAttrIsInvisible Specifies a dictionary key whose value is the
    item's invisible attribute You use this key to set or get a value
    of type CFBooleanRef that indicates whether the item is invisible
    (ie, should not be displayed)
  @constant kSecAttrIsNegative Specifies a dictionary key whose value is the
    item's negative attribute You use this key to set or get a value of
    type CFBooleanRef that indicates whether there is a valid password
    associated with this keychain item This is useful if your application
    doesn't want a password for some particular service to be stored in
    the keychain, but prefers that it always be entered by the user
  @constant kSecAttrAccount Specifies a dictionary key whose value is the
    item's account attribute You use this key to set or get a CFStringRef
    that contains an account name (Items of class
    kSecClassGenericPassword, kSecClassInternetPassword have this
    attribute)
  @constant kSecAttrService Specifies a dictionary key whose value is the
    item's service attribute You use this key to set or get a CFStringRef
    that represents the service associated with this item (Items of class
    kSecClassGenericPassword have this attribute)
  @constant kSecAttrGeneric Specifies a dictionary key whose value is the
    item's generic attribute You use this key to set or get a value of
    CFDataRef that contains a user-defined attribute (Items of class
    kSecClassGenericPassword have this attribute)
  @constant kSecAttrSecurityDomain Specifies a dictionary key whose value
    is the item's security domain attribute You use this key to set or
    get a CFStringRef value that represents the Internet security domain
    (Items of class kSecClassInternetPassword have this attribute)
  @constant kSecAttrServer Specifies a dictionary key whose value is the
    item's server attribute You use this key to set or get a value of
    type CFStringRef that contains the server's domain name or IP address
    (Items of class kSecClassInternetPassword have this attribute)
  @constant kSecAttrProtocol Specifies a dictionary key whose value is the
    item's protocol attribute You use this key to set or get a value of
    type CFNumberRef that denotes the protocol for this item (see the
    SecProtocolType enum in SecKeychainItemh) (Items of class
    kSecClassInternetPassword have this attribute)
  @constant kSecAttrAuthenticationType Specifies a dictionary key whose value
    is the item's authentication type attribute You use this key to set
    or get a value of type CFNumberRef that denotes the authentication
    scheme for this item (see the kSecAttrAuthenticationType value
    constants below)
  @constant kSecAttrPort Specifies a dictionary key whose value is the item's
    port attribute You use this key to set or get a CFNumberRef value
    that represents an Internet port number (Items of class
    kSecClassInternetPassword have this attribute)
  @constant kSecAttrPath Specifies a dictionary key whose value is the item's
    path attribute, typically this is the path component of the URL You use
    this key to set or get a CFStringRef value that represents a path (Items
    of class kSecClassInternetPassword have this attribute)
  @constant kSecAttrSubject (read-only) Specifies a dictionary key whose
    value is the item's subject You use this key to get a value of type
    CFDataRef that contains the X500 subject name of a certificate
    (Items of class kSecClassCertificate have this attribute)
  @constant kSecAttrIssuer (read-only) Specifies a dictionary key whose value
    is the item's issuer You use this key to get a value of type
    CFDataRef that contains the X500 issuer name of a certificate (Items
    of class kSecClassCertificate have this attribute)
  @constant kSecAttrSerialNumber (read-only) Specifies a dictionary key whose
    value is the item's serial number You use this key to get a value
    of type CFDataRef that contains the serial number data of a
    certificate (Items of class kSecClassCertificate have this
    attribute)
  @constant kSecAttrSubjectKeyID (read-only) Specifies a dictionary key whose
    value is the item's subject key ID You use this key to get a value
    of type CFDataRef that contains the subject key ID of a certificate
    (Items of class kSecClassCertificate have this attribute)
  @constant kSecAttrPublicKeyHash (read-only) Specifies a dictionary key
    whose value is the item's public key hash You use this key to get a
    value of type CFDataRef that contains the hash of a certificate's
    public key (Items of class kSecClassCertificate have this attribute)
  @constant kSecAttrCertificateType (read-only) Specifies a dictionary key
    whose value is the item's certificate type You use this key to get
    a value of type CFNumberRef that denotes the certificate type
    (Currently only the value of this attribute must be equal to the
    version of the X509 certificate So 1 for v1 2 for v2 and 3 for v3
    certificates) Only items of class kSecClassCertificate have this
    attribute
  @constant kSecAttrCertificateEncoding (read-only) Specifies a dictionary
    key whose value is the item's certificate encoding You use this key
    to get a value of type CFNumberRef that denotes the certificate
    encoding (Currently only the value 3 meaning
    kSecAttrCertificateEncodingDER is supported) Only items of class
    kSecClassCertificate have this attribute
  @constant kSecAttrKeyClass (read only) Specifies a dictionary key whose
    value is one of kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate or
    kSecAttrKeyClassSymmetric
  @constant kSecAttrApplicationLabel Specifies a dictionary key whose value
    is the key's application label attribute This is different from the
    kSecAttrLabel (which is intended to be human-readable) This attribute
    is used to look up a key programmatically; in particular, for keys of
    class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of
    this attribute is the hash of the public key
  @constant kSecAttrIsPermanent Specifies a dictionary key whose value is a
    CFBooleanRef indicating whether the key in question will be stored
    permanently
  @constant kSecAttrApplicationTag Specifies a dictionary key whose value is a
    CFDataRef containing private tag data
  @constant kSecAttrKeyType Specifies a dictionary key whose value is a
    CFNumberRef indicating the algorithm associated with this key
    (Currently only the value 42 is supported, alternatively you can use
    kSecAttrKeyTypeRSA)
  @constant kSecAttrKeySizeInBits Specifies a dictionary key whose value
    is a CFNumberRef indicating the number of bits in this key
  @constant kSecAttrEffectiveKeySize Specifies a dictionary key whose value
    is a CFNumberRef indicating the effective number of bits in this key
    For example, a DES key has a kSecAttrKeySizeInBits of 64, but a
    kSecAttrEffectiveKeySize of 56 bits
  @constant kSecAttrCanEncrypt Specifies a dictionary key whole value is a
    CFBooleanRef indicating whether the key in question can be used to
    encrypt data
  @constant kSecAttrCanDecrypt Specifies a dictionary key whose value is a
    CFBooleanRef indicating whether the key in question can be used to
    decrypt data
  @constant kSecAttrCanDerive Specifies a dictionary key whole value is a
    CFBooleanRef indicating whether the key in question can be used to
    derive another key
  @constant kSecAttrCanSign Specifies a dictionary key whole value is a
    CFBooleanRef indicating whether the key in question can be used to
    create a digital signature
  @constant kSecAttrCanVerify Specifies a dictionary key whole value is a
    CFBooleanRef indicating whether the key in question can be used to
    verify a digital signature
  @constant kSecAttrCanWrap Specifies a dictionary key whole value is a
    CFBooleanRef indicating whether the key in question can be used to
    wrap another key
  @constant kSecAttrCanUnwrap Specifies a dictionary key whole value is a
    CFBooleanRef indicating whether the key in question can be used to
    unwrap another key
  @constant kSecAttrSyncViewHint Specifies a dictionary key whose value is
  a CFStringRef This value is part of the primary key of each item, and
  can be used to help distiguish Sync Views when defining their
  queries
  @constant kSecAttrTokenID Specifies a dictionary key whose presence
  indicates that item is backed by external token Value of this attribute
  is CFStringRef uniquely identifying containing token When this attribute
  is not present, item is stored in internal keychain database
  Note that once item is created, this attribute cannot be changed - in other
  words it is not possible to migrate existing items to, from or between tokens
  Currently the only available value for this attribute is
  kSecAttrTokenIDSecureEnclave, which indicates that item (private key) is
  backed by device's Secure Enclave
 */
extern const CFStringRef kSecAttrAccessible
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
extern const CFStringRef kSecAttrAccessControl
  __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
extern const CFStringRef kSecAttrAccessGroup
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_3_0);
extern const CFStringRef kSecAttrSynchronizable
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern const CFStringRef kSecAttrCreationDate
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrModificationDate
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrDescription
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrComment
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCreator
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrType
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrLabel
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrIsInvisible
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrIsNegative
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAccount
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrService
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrGeneric
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrSecurityDomain
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrServer
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocol
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationType
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrPort
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrPath
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrSubject
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrIssuer
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrSerialNumber
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrSubjectKeyID
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrPublicKeyHash
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCertificateType
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCertificateEncoding
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrKeyClass
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrApplicationLabel
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrIsPermanent
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrApplicationTag
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrKeyType
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrKeySizeInBits
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrEffectiveKeySize
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanEncrypt
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanDecrypt
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanDerive
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanSign
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanVerify
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanWrap
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrCanUnwrap
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrSyncViewHint
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
extern const CFStringRef kSecAttrTokenID
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); 

/*!
  @enum kSecAttrAccessible Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecAttrAccessible constant is the key and its
    value is one of the constants defined here
    When asking SecItemCopyMatching to return the item's data, the error
    errSecInteractionNotAllowed will be returned if the item's data is not
    available until a device unlock occurs
  @constant kSecAttrAccessibleWhenUnlocked Item data can only be accessed
    while the device is unlocked This is recommended for items that only
    need be accesible while the application is in the foreground Items
    with this attribute will migrate to a new device when using encrypted
    backups
  @constant kSecAttrAccessibleAfterFirstUnlock Item data can only be
    accessed once the device has been unlocked after a restart This is
    recommended for items that need to be accesible by background
    applications Items with this attribute will migrate to a new device
    when using encrypted backups
  @constant kSecAttrAccessibleAlways Item data can always be accessed
    regardless of the lock state of the device This is not recommended
    for anything except system use Items with this attribute will migrate
    to a new device when using encrypted backups
  @constant kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly Item data can
     only be accessed while the device is unlocked This class is only
     available if a passcode is set on the device This is recommended for
     items that only need to be accessible while the application is in the
     foreground Items with this attribute will never migrate to a new
     device, so after a backup is restored to a new device, these items
     will be missing No items can be stored in this class on devices
     without a passcode Disabling the device passcode will cause all
     items in this class to be deleted
  @constant kSecAttrAccessibleWhenUnlockedThisDeviceOnly Item data can only
    be accessed while the device is unlocked This is recommended for items
    that only need be accesible while the application is in the foreground
    Items with this attribute will never migrate to a new device, so after
    a backup is restored to a new device, these items will be missing
  @constant kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly Item data can
    only be accessed once the device has been unlocked after a restart
    This is recommended for items that need to be accessible by background
    applications Items with this attribute will never migrate to a new
    device, so after a backup is restored to a new device these items will
    be missing
  @constant kSecAttrAccessibleAlwaysThisDeviceOnly Item data can always
    be accessed regardless of the lock state of the device This option
    is not recommended for anything except system use Items with this
    attribute will never migrate to a new device, so after a backup is
    restored to a new device, these items will be missing
*/
extern const CFStringRef kSecAttrAccessibleWhenUnlocked
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
extern const CFStringRef kSecAttrAccessibleAfterFirstUnlock
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
extern const CFStringRef kSecAttrAccessibleAlways
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
extern const CFStringRef kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly
  __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
extern const CFStringRef kSecAttrAccessibleWhenUnlockedThisDeviceOnly
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
extern const CFStringRef kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
extern const CFStringRef kSecAttrAccessibleAlwaysThisDeviceOnly
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); 

/*!
  @enum kSecAttrProtocol Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecAttrProtocol constant is the key and its
    value is one of the constants defined here
  @constant kSecAttrProtocolFTP
  @constant kSecAttrProtocolFTPAccount
  @constant kSecAttrProtocolHTTP
  @constant kSecAttrProtocolIRC
  @constant kSecAttrProtocolNNTP
  @constant kSecAttrProtocolPOP
  @constant kSecAttrProtocolSMTP
  @constant kSecAttrProtocolSOCKS
  @constant kSecAttrProtocolIMAP
  @constant kSecAttrProtocolLDAP
  @constant kSecAttrProtocolAppleTalk
  @constant kSecAttrProtocolAFP
  @constant kSecAttrProtocolTelnet
  @constant kSecAttrProtocolSSH
  @constant kSecAttrProtocolFTPS
  @constant kSecAttrProtocolHTTPS
  @constant kSecAttrProtocolHTTPProxy
  @constant kSecAttrProtocolHTTPSProxy
  @constant kSecAttrProtocolFTPProxy
  @constant kSecAttrProtocolSMB
  @constant kSecAttrProtocolRTSP
  @constant kSecAttrProtocolRTSPProxy
  @constant kSecAttrProtocolDAAP
  @constant kSecAttrProtocolEPPC
  @constant kSecAttrProtocolIPP
  @constant kSecAttrProtocolNNTPS
  @constant kSecAttrProtocolLDAPS
  @constant kSecAttrProtocolTelnetS
  @constant kSecAttrProtocolIMAPS
  @constant kSecAttrProtocolIRCS
  @constant kSecAttrProtocolPOP3S
*/
extern const CFStringRef kSecAttrProtocolFTP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolFTPAccount
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolHTTP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolIRC
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolNNTP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolPOP3
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolSMTP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolSOCKS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolIMAP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolLDAP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolAppleTalk
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolAFP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolTelnet
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolSSH
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolFTPS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolHTTPS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolHTTPProxy
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolHTTPSProxy
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolFTPProxy
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolSMB
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolRTSP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolRTSPProxy
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolDAAP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolEPPC
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolIPP
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolNNTPS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolLDAPS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolTelnetS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolIMAPS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolIRCS
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrProtocolPOP3S
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @enum kSecAttrAuthenticationType Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecAttrAuthenticationType constant is the key
    and its value is one of the constants defined here
  @constant kSecAttrAuthenticationTypeNTLM
  @constant kSecAttrAuthenticationTypeMSN
  @constant kSecAttrAuthenticationTypeDPA
  @constant kSecAttrAuthenticationTypeRPA
  @constant kSecAttrAuthenticationTypeHTTPBasic
  @constant kSecAttrAuthenticationTypeHTTPDigest
  @constant kSecAttrAuthenticationTypeHTMLForm
  @constant kSecAttrAuthenticationTypeDefault
*/
extern const CFStringRef kSecAttrAuthenticationTypeNTLM
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeMSN
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeDPA
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeRPA
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeHTTPBasic
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeHTTPDigest
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeHTMLForm
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecAttrAuthenticationTypeDefault
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @enum kSecAttrKeyClass Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecAttrKeyClass constant is the key
    and its value is one of the constants defined here
  @constant kSecAttrKeyClassPublic
  @constant kSecAttrKeyClassPrivate
  @constant kSecAttrKeyClassSymmetric
*/
extern const CFStringRef kSecAttrKeyClassPublic
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
extern const CFStringRef kSecAttrKeyClassPrivate
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
extern const CFStringRef kSecAttrKeyClassSymmetric
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); 

/*!
  @enum kSecAttrKeyType Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecAttrKeyType constant is the key
    and its value is one of the constants defined here
  @constant kSecAttrKeyTypeRSA
  @constant kSecAttrKeyTypeEC
*/
extern const CFStringRef kSecAttrKeyTypeRSA
  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
extern const CFStringRef kSecAttrKeyTypeEC
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); 

/*!
  @enum kSecAttrSynchronizable Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecAttrSynchronizable constant is the key
    and its value is one of the constants defined here
  @constant kSecAttrSynchronizableAny Specifies that both synchronizable and
    non-synchronizable results should be returned from this query This may
    be used as a value for the kSecAttrSynchronizable dictionary key in a
    call to SecItemCopyMatching, SecItemUpdate, or SecItemDelete
*/
extern const CFStringRef kSecAttrSynchronizableAny
  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); 

/*!
  @enum Search Constants
  @discussion Predefined search constants used to set values in a query
    dictionary You can specify a combination of search attributes and
    item attributes when looking for matching items with the
    SecItemCopyMatching function
  @constant kSecMatchPolicy Specifies a dictionary key whose value is a
    SecPolicyRef If provided, returned certificates or identities must
    verify with this policy
  @constant kSecMatchIssuers Specifies a dictionary key whose value is a
    CFArray of X500 names (of type CFDataRef) If provided, returned
    certificates or identities will be limited to those whose
    certificate chain contains one of the issuers provided in this list
  @constant kSecMatchEmailAddressIfPresent Specifies a dictionary key whose
    value is a CFStringRef containing an RFC822 email address If
    provided, returned certificates or identities will be limited to those
    that contain the address, or do not contain any email address
  @constant kSecMatchSubjectContains Specifies a dictionary key whose value
    is a CFStringRef If provided, returned certificates or identities
    will be limited to those containing this string in the subject
  @constant kSecMatchCaseInsensitive Specifies a dictionary key whose value
    is a CFBooleanRef If this value is kCFBooleanFalse, or is not
    provided, then case-sensitive string matching is performed
  @constant kSecMatchTrustedOnly Specifies a dictionary key whose value is
    a CFBooleanRef If provided with a value of kCFBooleanTrue, only
    certificates which can be verified back to a trusted anchor will be
    returned If this value is kCFBooleanFalse, or is not provided, then
    both trusted and untrusted certificates may be returned
  @constant kSecMatchValidOnDate Specifies a dictionary key whose value is
    of type CFDateRef If provided, returned keys, certificates or
    identities will be limited to those which are valid for the given date
    Pass a value of kCFNull to indicate the current date
  @constant kSecMatchLimit Specifies a dictionary key whose value is a
    CFNumberRef If provided, this value specifies the maximum number of
    results to return If not provided, results are limited to the first
    item found Predefined values are provided for a single item
    (kSecMatchLimitOne) and all matching items (kSecMatchLimitAll)
  @constant kSecMatchLimitOne Specifies that results are limited to the first
    item found; used as a value for the kSecMatchLimit dictionary key
  @constant kSecMatchLimitAll Specifies that an unlimited number of results
    may be returned; used as a value for the kSecMatchLimit dictionary
    key
*/
extern const CFStringRef kSecMatchPolicy
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchItemList
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchSearchList
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchIssuers
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchEmailAddressIfPresent
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchSubjectContains
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchCaseInsensitive
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchTrustedOnly
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchValidOnDate
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchLimit
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchLimitOne
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecMatchLimitAll
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @enum Return Type Key Constants
  @discussion Predefined return type keys used to set values in a dictionary
    You use these keys to specify the type of results which should be
    returned by the SecItemCopyMatching or SecItemAdd function You can
    specify zero or more of these return types If more than one of these
    result types is specified, the result is returned as a CFDictionaryRef
    whose keys are the result types and values are the requested data
  @constant kSecReturnData Specifies a dictionary key whose value is of type
    CFBooleanRef A value of kCFBooleanTrue indicates that the data of
    an item (CFDataRef) should be returned For keys and password
    items, data is secret (encrypted) and may require the user to enter
    a password for access
  @constant kSecReturnAttributes Specifies a dictionary key whose value is
    of type CFBooleanRef A value of kCFBooleanTrue indicates that the
    (non-encrypted) attributes of an item (CFDictionaryRef) should be
    returned
  @constant kSecReturnRef Specifies a dictionary key whose value is a
    CFBooleanRef A value of kCFBooleanTrue indicates that a reference
    should be returned Depending on the item class requested, the
    returned reference(s) may be of type SecKeychainItemRef, SecKeyRef,
    SecCertificateRef, or SecIdentityRef
  @constant kSecReturnPersistentRef Specifies a dictionary key whose value
    is of type CFBooleanRef A value of kCFBooleanTrue indicates that a
    persistent reference to an item (CFDataRef) should be returned
*/
extern const CFStringRef kSecReturnData
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecReturnAttributes
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecReturnRef
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecReturnPersistentRef
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @enum Value Type Key Constants
  @discussion Predefined value type keys used to pass values in a dictionary
    You can specify zero or more of these types depending on the function
    you are calling For SecItemCopyMatching or SecItemAdd these are
    used as keys in the results dictionary
  @constant kSecValueData Specifies a dictionary key whose value is of type
    CFDataRef For keys and password items, data is secret (encrypted)
    and may require the user to enter a password for access
  @constant kSecValueRef Specifies a dictionary key whose value, depending
    on the item class requested, is of type SecKeychainItemRef, SecKeyRef,
    SecCertificateRef, or SecIdentityRef
  @constant kSecValuePersistentRef Specifies a dictionary key whose value
    is of type CFDataRef The bytes in this CFDataRef can be stored by
    the caller and used on a subsequent invocation of the application (or
    even a different application) to retrieve the item referenced by it
*/
extern const CFStringRef kSecValueData
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecValueRef
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecValuePersistentRef
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @enum Other Constants
  @discussion Predefined constants used to set values in a dictionary
  @constant kSecUseItemList Specifies a dictionary key whose value is a
    CFArray of items If provided, this array is treated as the set of
    all possible items to search, or add if the API being called is
    SecItemAdd The items in this array may be of type SecKeyRef,
    SecCertificateRef, SecIdentityRef, or CFDataRef (for a persistent
    item reference) The items in the array must all be of the same
    type When this attribute is provided, no keychains are searched
  @constant kSecUseOperationPrompt Specifies a dictionary key whose value
    is a CFStringRef that represents a user-visible string describing
    the operation for which the application is attempting to authenticate
    The application is responsible for the text localization
  @constant kSecUseNoAuthenticationUI Specifies a dictionary key whose value
    is a CFBooleanRef If provided with a value of kCFBooleanTrue, the error
    errSecInteractionNotAllowed will be returned if the item is attempting
    to authenticate with UI
  @constant kSecUseAuthenticationUI Specifies a dictionary key whose value
    is one of kSecUseAuthenticationUIAllow, kSecUseAuthenticationUIFail, kSecUseAuthenticationUISkip
  @constant kSecUseAuthenticationContext Specifies a dictionary key whose value
    is LAContext to be used for keychain item authentication
    * If the item requires authentication and this key is omitted, a new context
     will be created just for the purpose of the single call
    * If the specified context has been previously authenticated, the operation
     will succeed without asking user for authentication
    * If the specified context has not been previously authenticated, the new
     authentication will be started on this context, allowing caller to
     eventually reuse the sucessfully authenticated context in subsequent
     keychain operations
*/
extern const CFStringRef kSecUseItemList
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
extern const CFStringRef kSecUseOperationPrompt
  __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
extern const CFStringRef kSecUseNoAuthenticationUI
  __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_10, __MAC_10_11, __IPHONE_8_0, __IPHONE_9_0, "Use a kSecAuthenticationUI instead");
extern const CFStringRef kSecUseAuthenticationUI
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
extern const CFStringRef kSecUseAuthenticationContext
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); 

/*!
  @enum kSecUseAuthenticationUI Value Constants
  @discussion Predefined item attribute constants used to get or set values
    in a dictionary The kSecUseAuthenticationUI constant is the key and its
    value is one of the constants defined here
    If the key kSecUseAuthenticationUI not provided then kSecUseAuthenticationUIAllow
    is used as default
  @constant kSecUseAuthenticationUIAllow Specifies that authenticate UI can appear
  @constant kSecUseAuthenticationUIFail Specifies that the error
    errSecInteractionNotAllowed will be returned if an item needs
    to authenticate with UI
  @constant kSecUseAuthenticationUIAllowSkip Specifies that all items which need
    to authenticate with UI will be silently skipped This value can be used
    only with SecItemCopyMatching
 */
extern const CFStringRef kSecUseAuthenticationUIAllow
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
extern const CFStringRef kSecUseAuthenticationUIFail
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
extern const CFStringRef kSecUseAuthenticationUISkip
  __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); 

/*!
   @enum kSecAttrTokenID Value Constants
   @discussion Predefined item attribute constant used to get or set values
     in a dictionary The kSecAttrTokenID constant is the key and its value
     can be kSecAttrTokenIDSecureEnclave
   @constant kSecAttrTokenIDSecureEnclave Specifies well-known identifier of the
     token implemented using device's Secure Enclave The only keychain items
     supported by the Secure Enclave token are 256-bit elliptic curve keys
     (kSecAttrKeyTypeEC) Keys must be generated on the secure enclave using
     SecKeyGenerateKeyPair call with kSecAttrTokenID set to
     kSecAttrTokenIDSecureEnclave in the parameters dictionary, it is not
     possible to import pregenerated keys to kSecAttrTokenIDSecureEnclave token
*/
extern const CFStringRef kSecAttrTokenIDSecureEnclave
  __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_9_0); 

/*!
  @function SecItemCopyMatching
  @abstract Returns one or more items which match a search query
  @param query A dictionary containing an item class specification and
    optional attributes for controlling the search See the "Keychain
    Search Attributes" section for a description of currently defined
    search attributes
  @param result On return, a CFTypeRef reference to the found item(s) The
    exact type of the result is based on the search attributes supplied
    in the query, as discussed below
  @result A result code See "Security Error Codes" (SecBaseh)
  @discussion Attributes defining a search are specified by adding key/value
    pairs to the query dictionary 

  A typical query consists of: 

   * a kSecClass key, whose value is a constant from the Class
    Constants section that specifies the class of item(s) to be searched
   * one or more keys from the "Attribute Key Constants" section, whose value
    is the attribute data to be matched
   * one or more keys from the "Search Constants" section, whose value is
    used to further refine the search
   * a key from the "Return Type Key Constants" section, specifying the type of
    results desired 

  Result types are specified as follows: 

   * To obtain the data of a matching item (CFDataRef), specify
    kSecReturnData with a value of kCFBooleanTrue
   * To obtain the attributes of a matching item (CFDictionaryRef), specify
    kSecReturnAttributes with a value of kCFBooleanTrue
   * To obtain a reference to a matching item (SecKeychainItemRef,
    SecKeyRef, SecCertificateRef, or SecIdentityRef), specify kSecReturnRef
    with a value of kCFBooleanTrue
   * To obtain a persistent reference to a matching item (CFDataRef),
    specify kSecReturnPersistentRef with a value of kCFBooleanTrue Note
    that unlike normal references, a persistent reference may be stored
    on disk or passed between processes
   * If more than one of these result types is specified, the result is
    returned as a CFDictionaryRef containing all the requested data
   * If a result type is not specified, no results are returned 

  By default, this function returns only the first match found To obtain
  more than one matching item at a time, specify kSecMatchLimit with a value
  greater than The result will be a CFArrayRef containing up to that
  number of matching items; the items' types are described above 

  To filter a provided list of items down to those matching the query,
  specify a kSecMatchItemList whose value is a CFArray of SecKeychainItemRef,
  SecKeyRef, SecCertificateRef, or SecIdentityRef items The objects in the
  provided array must be of the same type 

  To convert from a persistent item reference to a normal item reference,
  specify a kSecValuePersistentRef whose value a CFDataRef (the persistent
  reference), and a kSecReturnRef whose value is kCFBooleanTrue
*/
OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef * __nullable CF_RETURNS_RETAINED result)
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @function SecItemAdd
  @abstract Add one or more items to a keychain
  @param attributes A dictionary containing an item class specification and
    optional entries specifying the item's attribute values See the
    "Attribute Key Constants" section for a description of currently defined
    attributes
  @param result On return, a CFTypeRef reference to the newly added item(s)
    The exact type of the result is based on the values supplied
    in attributes, as discussed below Pass NULL if this result is not
    required
  @result A result code See "Security Error Codes" (SecBaseh)
  @discussion Attributes defining an item are specified by adding key/value
    pairs to the attributes dictionary To add multiple items to a keychain
    at once use the kSecUseItemList key with an array of items as its value
    This is currently only supported for non password items 

  Result types are specified as follows: 

   * To obtain the data of the added item (CFDataRef), specify
    kSecReturnData with a value of kCFBooleanTrue
   * To obtain all the attributes of the added item (CFDictionaryRef),
    specify kSecReturnAttributes with a value of kCFBooleanTrue
   * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef,
    SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a
    value of kCFBooleanTrue
   * To obtain a persistent reference to the added item (CFDataRef), specify
    kSecReturnPersistentRef with a value of kCFBooleanTrue Note that
    unlike normal references, a persistent reference may be stored on disk
    or passed between processes
   * If more than one of these result types is specified, the result is
    returned as a CFDictionaryRef containing all the requested data
   * If a result type is not specified, no results are returned
*/
OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef * __nullable CF_RETURNS_RETAINED result)
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @function SecItemUpdate
  @abstract Modify zero or more items which match a search query
  @param query A dictionary containing an item class specification and
    optional attributes for controlling the search See the "Attribute
    Constants" and "Search Constants" sections for a description of
    currently defined search attributes
  @param attributesToUpdate A dictionary containing one or more attributes
    whose values should be set to the ones specified Only real keychain
    attributes are permitted in this dictionary (no "meta" attributes are
    allowed) See the "Attribute Key Constants" section for a description of
    currently defined value attributes
  @result A result code See "Security Error Codes" (SecBaseh)
  @discussion Attributes defining a search are specified by adding key/value
    pairs to the query dictionary
*/
OSStatus SecItemUpdate(CFDictionaryRef query,
  CFDictionaryRef attributesToUpdate)
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

/*!
  @function SecItemDelete
  @abstract Delete zero or more items which match a search query
  @param query A dictionary containing an item class specification and
    optional attributes for controlling the search See the "Attribute
    Constants" and "Search Constants" sections for a description of
    currently defined search attributes
  @result A result code See "Security Error Codes" (SecBaseh)
  @discussion Attributes defining a search are specified by adding key/value
    pairs to the query dictionary 

  By default, this function deletes all items matching the specified query
  You can change this behavior by specifying one of the follow keys: 

   * To delete an item identified by a transient reference, specify
    kSecValueRef with a reference returned by using the kSecReturnRef
    key in a previous call to SecItemCopyMatching or SecItemAdd
   * To delete an item identified by a persistent reference, specify
    kSecValuePersistentRef with a persistent reference returned by
    using the kSecReturnPersistentRef key to SecItemCopyMatching or
    SecItemAdd
   * To delete multiple items specify kSecMatchItemList with an array
    of references
   * If more than one of these result keys is specified, the behavior is
    undefined
*/
OSStatus SecItemDelete(CFDictionaryRef query)
  __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 

CF_IMPLICIT_BRIDGING_DISABLED
CF_ASSUME_NONNULL_END 

__END_DECLS 

#endif /* !_SECURITY_SECITEM_H_ */

二、苹果官方的KeychainItemWrapper

官方示例地址

https://developer.apple.com/library/ios/samplecode/GenericKeychain/Listings/Classes_KeychainItemWrapper_m.html#//apple_ref/doc/uid/DTS40007797-Classes_KeychainItemWrapper_m-DontLinkElementID_10

/*
   File: KeychainItemWrapperm
 Abstract:
 Objective-C wrapper for accessing a single keychain item 

 Version: 2 

 Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
 Inc ("Apple") in consideration of your agreement to the following
 terms, and your use, installation, modification or redistribution of
 this Apple software constitutes acceptance of these terms If you do
 not agree with these terms, please do not use, install, modify or
 redistribute this Apple software 

 In consideration of your agreement to abide by the following terms, and
 subject to these terms, Apple grants you a personal, non-exclusive
 license, under Apple's copyrights in this original Apple software (the
 "Apple Software"), to use, reproduce, modify and redistribute the Apple
 Software, with or without modifications, in source and/or binary forms;
 provided that if you redistribute the Apple Software in its entirety and
 without modifications, you must retain this notice and the following
 text and disclaimers in all such redistributions of the Apple Software
 Neither the name, trademarks, service marks or logos of Apple Inc may
 be used to endorse or promote products derived from the Apple Software
 without specific prior written permission from Apple Except as
 expressly stated in this notice, no other rights or licenses, express or
 implied, are granted by Apple herein, including but not limited to any
 patent rights that may be infringed by your derivative works or by other
 works in which the Apple Software may be incorporated 

 The Apple Software is provided by Apple on an "AS IS" basis APPLE
 MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
 THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS
 FOR A PARTICULAR PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND
 OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS 

 IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL
 OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION,
 MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
 AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE),
 STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE 

 Copyright (C) 2010 Apple Inc All Rights Reserved 

*/  

#import "KeychainItemWrapperh"
#import <Security/Securityh> 

/* 

These are the default constants and their respective types,
available for the kSecClassGenericPassword Keychain Item class: 

kSecAttrAccessGroup     -    CFStringRef
kSecAttrCreationDate    -    CFDateRef
kSecAttrModificationDate  -    CFDateRef
kSecAttrDescription     -    CFStringRef
kSecAttrComment       -    CFStringRef
kSecAttrCreator       -    CFNumberRef
kSecAttrType        -    CFNumberRef
kSecAttrLabel        -    CFStringRef
kSecAttrIsInvisible     -    CFBooleanRef
kSecAttrIsNegative     -    CFBooleanRef
kSecAttrAccount       -    CFStringRef
kSecAttrService       -    CFStringRef
kSecAttrGeneric       -    CFDataRef 

See the header file Security/SecItemh for more details 

*/ 

@interface KeychainItemWrapper (PrivateMethods)
/*
The decision behind the following two methods (secItemFormatToDictionary and dictionaryToSecItemFormat) was
to encapsulate the transition between what the detail view controller was expecting (NSString *) and what the
Keychain API expects as a validly constructed container class
*/
- (NSMutableDictionary *)secItemFormatToDictionary:(NSDictionary *)dictionaryToConvert;
- (NSMutableDictionary *)dictionaryToSecItemFormat:(NSDictionary *)dictionaryToConvert; 

// Updates the item in the keychain, or adds it if it doesn't exist
- (void)writeToKeychain; 

@end 

@implementation KeychainItemWrapper 

@synthesize keychainItemData, genericPasswordQuery; 

- (id)initWithIdentifier: (NSString *)identifier accessGroup:(NSString *) accessGroup;
{
  if (self = [super init])
  {
    // Begin Keychain search setup The genericPasswordQuery leverages the special user
    // defined attribute kSecAttrGeneric to distinguish itself between other generic Keychain
    // items which may be included by the same application
    genericPasswordQuery = [[NSMutableDictionary alloc] init]; 

    [genericPasswordQuery setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
    [genericPasswordQuery setObject:identifier forKey:(id)kSecAttrGeneric]; 

    // The keychain access group attribute determines if this item can be shared
    // amongst multiple apps whose code signing entitlements contain the same keychain access group
    if (accessGroup != nil)
    {
#if TARGET_IPHONE_SIMULATOR
      // Ignore the access group if running on the iPhone simulator
      //
      // Apps that are built for the simulator aren't signed, so there's no keychain access group
      // for the simulator to check This means that all apps can see all keychain items when run
      // on the simulator
      //
      // If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
      // simulator will return -25243 (errSecNoAccessForItem)
#else
      [genericPasswordQuery setObject:accessGroup forKey:(id)kSecAttrAccessGroup];
#endif
    } 

    // Use the proper search constants, return only the attributes of the first match
    [genericPasswordQuery setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
    [genericPasswordQuery setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnAttributes]; 

    NSDictionary *tempQuery = [NSDictionary dictionaryWithDictionary:genericPasswordQuery]; 

    NSMutableDictionary *outDictionary = nil; 

    if (! SecItemCopyMatching((CFDictionaryRef)tempQuery, (CFTypeRef *)&outDictionary) == noErr)
    {
      // Stick these default values into keychain item if nothing found
      [self resetKeychainItem]; 

      // Add the generic attribute and the keychain access group
      [keychainItemData setObject:identifier forKey:(id)kSecAttrGeneric];
      if (accessGroup != nil)
      {
#if TARGET_IPHONE_SIMULATOR
        // Ignore the access group if running on the iPhone simulator
        //
        // Apps that are built for the simulator aren't signed, so there's no keychain access group
        // for the simulator to check This means that all apps can see all keychain items when run
        // on the simulator
        //
        // If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
        // simulator will return -25243 (errSecNoAccessForItem)
#else
        [keychainItemData setObject:accessGroup forKey:(id)kSecAttrAccessGroup];
#endif
      }
    }
    else
    {
      // load the saved data from Keychain
      selfkeychainItemData = [self secItemFormatToDictionary:outDictionary];
    } 

    [outDictionary release];
  } 

  return self;
} 

- (void)dealloc
{
  [keychainItemData release];
  [genericPasswordQuery release]; 

  [super dealloc];
} 

- (void)setObject:(id)inObject forKey:(id)key
{
  if (inObject == nil) return;
  id currentObject = [keychainItemData objectForKey:key];
  if (![currentObject isEqual:inObject])
  {
    [keychainItemData setObject:inObject forKey:key];
    [self writeToKeychain];
  }
} 

- (id)objectForKey:(id)key
{
  return [keychainItemData objectForKey:key];
} 

- (void)resetKeychainItem
{
  OSStatus junk = noErr;
  if (!keychainItemData)
  {
    selfkeychainItemData = [[NSMutableDictionary alloc] init];
  }
  else if (keychainItemData)
  {
    NSMutableDictionary *tempDictionary = [self dictionaryToSecItemFormat:keychainItemData];
    junk = SecItemDelete((CFDictionaryRef)tempDictionary);
    NSAssert( junk == noErr || junk == errSecItemNotFound, @"Problem deleting current dictionary" );
  } 

  // Default attributes for keychain item
  [keychainItemData setObject:@"" forKey:(id)kSecAttrAccount];
  [keychainItemData setObject:@"" forKey:(id)kSecAttrLabel];
  [keychainItemData setObject:@"" forKey:(id)kSecAttrDescription]; 

  // Default data for keychain item
  [keychainItemData setObject:@"" forKey:(id)kSecValueData];
} 

- (NSMutableDictionary *)dictionaryToSecItemFormat:(NSDictionary *)dictionaryToConvert
{
  // The assumption is that this method will be called with a properly populated dictionary
  // containing all the right key/value pairs for a SecItem 

  // Create a dictionary to return populated with the attributes and data
  NSMutableDictionary *returnDictionary = [NSMutableDictionary dictionaryWithDictionary:dictionaryToConvert]; 

  // Add the Generic Password keychain item class attribute
  [returnDictionary setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass]; 

  // Convert the NSString to NSData to meet the requirements for the value type kSecValueData
  // This is where to store sensitive data that should be encrypted
  NSString *passwordString = [dictionaryToConvert objectForKey:(id)kSecValueData];
  [returnDictionary setObject:[passwordString dataUsingEncoding:NSUTF8StringEncoding] forKey:(id)kSecValueData]; 

  return returnDictionary;
} 

- (NSMutableDictionary *)secItemFormatToDictionary:(NSDictionary *)dictionaryToConvert
{
  // The assumption is that this method will be called with a properly populated dictionary
  // containing all the right key/value pairs for the UI element 

  // Create a dictionary to return populated with the attributes and data
  NSMutableDictionary *returnDictionary = [NSMutableDictionary dictionaryWithDictionary:dictionaryToConvert]; 

  // Add the proper search key and class attribute
  [returnDictionary setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
  [returnDictionary setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass]; 

  // Acquire the password data from the attributes
  NSData *passwordData = NULL;
  if (SecItemCopyMatching((CFDictionaryRef)returnDictionary, (CFTypeRef *)&passwordData) == noErr)
  {
    // Remove the search, class, and identifier key/value, we don't need them anymore
    [returnDictionary removeObjectForKey:(id)kSecReturnData]; 

    // Add the password to the dictionary, converting from NSData to NSString
    NSString *password = [[[NSString alloc] initWithBytes:[passwordData bytes] length:[passwordData length]
                           encoding:NSUTF8StringEncoding] autorelease];
    [returnDictionary setObject:password forKey:(id)kSecValueData];
  }
  else
  {
    // Don't do anything if nothing is found
    NSAssert(NO, @"Serious error, no matching item found in the keychain\n");
  } 

  [passwordData release]; 

  return returnDictionary;
} 

- (void)writeToKeychain
{
  NSDictionary *attributes = NULL;
  NSMutableDictionary *updateItem = NULL;
  OSStatus result; 

  if (SecItemCopyMatching((CFDictionaryRef)genericPasswordQuery, (CFTypeRef *)&attributes) == noErr)
  {
    // First we need the attributes from the Keychain
    updateItem = [NSMutableDictionary dictionaryWithDictionary:attributes];
    // Second we need to add the appropriate search key/values
    [updateItem setObject:[genericPasswordQuery objectForKey:(id)kSecClass] forKey:(id)kSecClass]; 

    // Lastly, we need to set up the updated attribute list being careful to remove the class
    NSMutableDictionary *tempCheck = [self dictionaryToSecItemFormat:keychainItemData];
    [tempCheck removeObjectForKey:(id)kSecClass]; 

#if TARGET_IPHONE_SIMULATOR
    // Remove the access group if running on the iPhone simulator
    //
    // Apps that are built for the simulator aren't signed, so there's no keychain access group
    // for the simulator to check This means that all apps can see all keychain items when run
    // on the simulator
    //
    // If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
    // simulator will return -25243 (errSecNoAccessForItem)
    //
    // The access group attribute will be included in items returned by SecItemCopyMatching,
    // which is why we need to remove it before updating the item
    [tempCheck removeObjectForKey:(id)kSecAttrAccessGroup];
#endif 

    // An implicit assumption is that you can only update a single item at a time 

    result = SecItemUpdate((CFDictionaryRef)updateItem, (CFDictionaryRef)tempCheck);
    NSAssert( result == noErr, @"Couldn't update the Keychain Item" );
  }
  else
  {
    // No previous item found; add the new one
    result = SecItemAdd((CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL);
    NSAssert( result == noErr, @"Couldn't add the Keychain Item" );
  }
} 

@end

看到这里会发现苹果的KeychainWrapper和我们自定义的工具类实现原理都一样,就是调用那几个方法,所以就不展开介绍了,将来有空再补上。

(0)

相关推荐

  • 详解iOS开发中Keychain的相关使用

    一.Keychain 基础 根据苹果的介绍,iOS设备中的Keychain是一个安全的存储容器,可以用来为不同应用保存敏感信息比如用户名,密码,网络密码,认证令牌.苹果自己用keychain来保存Wi-Fi网络密码,VPN凭证等等.它是一个sqlite数据库,位于/private/var/Keychains/keychain-2.db,其保存的所有数据都是加密过的. 开发者通常会希望能够利用操作系统提供的功能来保存凭证(credentials)而不是把它们(凭证)保存到NSUserDefault

  • iOS中利用KeyChain保存用户信息的方法示例

    前言 说到保存用户名和密码,以前有用过本地的数据库来保存,也接触过用userdefault来保存,后来在一个项目中发现了一个新的方法--用Keychain来保存.下面话不多说了,直接通过示例代码来介绍吧. 方法示例 一.新建一个LYKeychainTool类,导入系统Security框架 ,LYKeychainTool.h文件实现如下: // // LYKeychainTool.h // keyChainTest // // Created by Liyu on 2017/6/2. // Cop

  • IOS开发使用KeychainItemWrapper 持久存储用户名和密码

    首先从官网下载 KeychainItemWrapper.h KeychainItemWrapper.m 将这两个文件导入项目中 不过该文件是手动释放的 所以要使用这个文件需要先做一些处理: 如果要使用KeychainItemWrapper.h类 在CompileSources中选中该类 添加-fno-objc-arc 接下来直接上代码: KeychainItemWrapper *keychain=[[KeychainItemWrapper alloc] initWithIdentifier:@"

  • 详解iOS使用Keychain中的kSecClassGenericPassword存储数据

    iOS设备中的Keychain是一个安全的存储容器,可以用来为不同应用保存敏感信息比如用户名,密码,网络密码,认证令牌.苹果自己用keychain来保存Wi-Fi网络密码,VPN凭证等等.它是一个sqlite数据库,位于/private/var/Keychains/keychain-2.db,其保存的所有数据都是加密过的.模拟器下keychain文件路径:~/Library/Application Support/iPhone Simulator/4.3/Library/Keychains ke

  • 详解如何在python中读写和存储matlab的数据文件(*.mat)

    背景 在做deeplearning过程中,使用caffe的框架,一般使用matlab来处理图片(matlab处理图片相对简单,高效),用python来生成需要的lmdb文件以及做test产生结果.所以某些matlab从图片处理得到的label信息都会以.mat文件供python读取,同时也python产生的结果信息也需要matlab来做进一步的处理(当然也可以使用txt,不嫌麻烦自己处理结构信息). 介绍 matlab和python间的数据传输一般是基于matlab的文件格式.mat,pytho

  • 详解iOS App开发中Cookie的管理方法

    一.何为Cookie Cookie是网站为了便是终端身份,保存在终端本地的用户凭证信息.Cookie中的字段与意义由服务端进行定义.例如,当用户在某个网站进行了登录操作后,服务端会将Cookie信息返回给终端,终端会将这些信息进行保存,在下一次再次访问这个网站时,终端会将保存的Cookie信息一并发送到服务端,服务端根据Cookie信息是否有效来判断此用户是否可以自动登录. 二.iOS中进行Cookie管理的两个类 iOS中进行HTTP网络请求Cookie管理主要由两个类负责,一个类是NSHTT

  • 详解iOS App开发中session和coockie的用户数据存储处理

    NSURLSession 在iOS7之后,NSURLSession作为系统推荐使用的HTTP请求框架,在进行前台请求的情况下,NSURLSession与NSURLConnection并无太大差异,对于后台的请求,NSURLSession更加灵活的优势就将展现无遗. 1.NSURLSession集合的类型 NSURLSession类提供3中Session类型: (1)Default类型:提供前台请求相关方法,支持配置缓存,身份凭证等. (2)Ephemeral类型:即时的请求类型,不使用缓存,身份

  • 详解iOS应用开发中autoresizing尺寸自动适应属性的用法

    前言:现在已经不像以前那样只有一个尺寸,现在最少的iPhone开发需要最少需要适配三个尺寸.因此以前我们可以使用硬坐标去设定各个控件的位置,但是现在的话已经不可以了,我们需要去做适配,也许你说可以使用两套UI或两套以上的UI,但那样不高效也不符合设计.iOS有两大自动布局利器:autoresizing 和 autolayout(autolayout是IOS6以后新增).autoresizing是UIView的属性,一直存在,使用也比较简单,但是没有autolayout那样强大.如果你的界面比较简

  • 详解iOS应用开发中的ARC内存管理方式

    提示:本文中所说的"实例变量"即是"成员变量","局部变量"即是"本地变量" 零.简介 ARC是自iOS 5之后增加的新特性,完全消除了手动管理内存的烦琐,编译器会自动在适当的地方插入适当的retain.release.autorelease语句.你不再需要担心内存管理,因为编译器为你处理了一切 注意:ARC 是编译器特性,而不是 iOS 运行时特性(除了weak指针系统),它也不是类似于其它语言中的垃圾收集器.因此 ARC

  • 详解iOS应用开发中Core Data数据存储的使用

    1.如果想创建一个带有coreData的程序,要在项目初始化的时候勾选中   2.创建完成之后,会发现在AppDelegate里多出了几个属性,和2个方法 复制代码 代码如下: <span style="font-size:18px;">    @property (readonly, strong, nonatomic) NSManagedObjectContext *managedObjectContext;  @property (readonly, strong,

  • 详解iOS App开发中UIViewController的loadView方法使用

    当你访问一个ViewController的view属性时,如果此时view的值是nil,那么,ViewController就会自动调用loadView这个方法.这个方法就会加载或者创建一个view对象,赋值给view属性. loadView默认做的事情是:如果此ViewController存在一个对应的nib文件,那么就加载这个nib.否则,就创建一个UIView对象. 如果你用Interface Builder来创建界面,那么不应该重载这个方法. 控制器的loadView方法以及view属性

  • 详解iOS游戏开发中Cocos2D的坐标位置关系

    接触Cocos2D有段时间了,今天特意研究了下Cocos2D坐标系中各种位置关系,anchor属性,CCNode坐标和地图坐标转换. 先看一段代码: 复制代码 代码如下: -(id) init  {      // always call "super" init      // Apple recommends to re-assign "self" with the "super" return value      if( (self=[s

  • 详解iOS App开发中改变UIButton内部控件的基本方法

    UIButton内部默认有个UIImageView.UILabel控件,可以分别用下面属性访问: 复制代码 代码如下: @property(nonatomic,readonly,retain) UIImageView *imageView; @property(nonatomic,readonly,retain) UILabel     *titleLabel; UIButton之所以能显示文字,完全是因为它内部的titleLabel也,也就是说,UIButton的setTitle:forSta

随机推荐