KeychainHelper

open class KeychainHelper : NSObject

The KeychainHelper class performs RSA export operations to DER and PEM formats that can be used outside iOS for data signing.

  • Exports the public key retrieved from the keychain in Privacy Enhanced Mail (PEM) format.

    Declaration

    Swift

    open static func exportPublicKey(_ rawPublicKeyBytes: Data) -> String?
  • Exports the public key retrieved from the keychain in Privacy Enhanced Mail (PEM) format.

    Declaration

    Swift

    open static func exportPublicKey(_ rawPublicKeyBytes: Data, base64EncodingOptions: Data.Base64EncodingOptions) -> String?
  • Generates a private and public key to sign data.

    Remark

    The private key is automatically stored in default keychain accessible via the kSecAttrApplicationTag. The encryption method used to generate the keys is kSecAttrKeyTypeRSA and the size is 2,048 bits. This method does not apply an authentication constraint to access the private key.

    Declaration

    Swift

    open static func createKeyPair(_ keyName: String, completion: (_ success: Bool, _ publicKeyData: Data?) -> Void)
  • Generates a private and public key to sign data.

    Remark

    The private key is automatically stored in default keychain accessible via the kSecAttrApplicationTag. The encryption method used to generate the keys is kSecAttrKeyTypeRSA and the size is 2,048 bits.

    Declaration

    Swift

    open static func createKeyPair(_ keyName: String, authenticationRequired: SecAccessControlCreateFlags?, completion: (_ success: Bool, _ publicKeyData: Data?) -> Void)
  • Using a key generated by the device, sign data and return the encrypted result.

    Declaration

    Swift

    open static func signData(_ keyName: String, value: String) -> String?
  • Using a key generated by the device, sign data and return the encrypted result.

    Remark

    When the private key requires authentication and false is specified, nil is returned.

    Declaration

    Swift

    open static func signData(_ keyName: String, value: String, localizedReason: String?) -> String?
  • Using a key generated by the device, sign data and return the encrypted result.

    Remark

    When the private key requires authentication and false is specified, nil is returned.

    Declaration

    Swift

    open static func signData(_ keyName: String, value: String, localizedReason: String?, base64EncodingOptions: Data.Base64EncodingOptions) -> String?
  • Delete a private and public key from the Keychain.

    Declaration

    Swift

    open static func deleteKeyPair(_ keyName: String, completion: ((_ success: Bool) -> Void))
  • Performs a check of the domain state used to generate keys requiring authentication has changed.

    Declaration

    Swift

    open static func hasAuthenticationSettingsChanged(_ evaluatedPolicyDomainState: Data? = nil) -> Bool
  • Query the keychain for a matching key name.

    Remark

    If the key has been generated requiring authentication for access, the UI has been surpressed. Therefore the function will return true under the following conditions:

  • errSecSuccess The item was found, no error.
  • errSecInteractionNotAllowed The item was found, the user interaction is not allowed.
  • errSecAuthFailed The item was found, but invalidated due to a change to Touch ID or passphrase.
  • Declaration

    Swift

    open static func checkKeyPairExists(_ keyName: String) -> Bool