KeychainHelper
open class KeychainHelper : NSObject
The KeychainHelper
class performs RSA export operations to DER and PEM formats that can be used outside iOS for data signing.
-
Exports the public key retrieved from the keychain in Privacy Enhanced Mail (PEM) format.
Declaration
Swift
open static func exportPublicKey(_ rawPublicKeyBytes: Data) -> String?
Parameters
rawPublicKeyBytes
The raw public key in bytes.
Return Value
Privacy Enhanced Mail (PEM) representation of the key.
-
Exports the public key retrieved from the keychain in Privacy Enhanced Mail (PEM) format.
Declaration
Swift
open static func exportPublicKey(_ rawPublicKeyBytes: Data, base64EncodingOptions: Data.Base64EncodingOptions) -> String?
Parameters
rawPublicKeyBytes
The raw public key in bytes.
base64EncodingOptions
Options for methods used to Base-64 encode data.
Return Value
Privacy Enhanced Mail (PEM) representation of the key.
-
Generates a private and public key to sign data.
Remark
The private key is automatically stored in default keychain accessible via thekSecAttrApplicationTag
. The encryption method used to generate the keys iskSecAttrKeyTypeRSA
and the size is 2,048 bits. This method does not apply an authentication constraint to access the private key.Declaration
Swift
open static func createKeyPair(_ keyName: String, completion: (_ success: Bool, _ publicKeyData: Data?) -> Void)
Parameters
keyName
The unqiue identifer of the key.
completion
The flag to represent the generation status and the
String
representation of the generated public key ornil
if the keys failed to generate. -
Generates a private and public key to sign data.
Remark
The private key is automatically stored in default keychain accessible via thekSecAttrApplicationTag
. The encryption method used to generate the keys iskSecAttrKeyTypeRSA
and the size is 2,048 bits.Declaration
Swift
open static func createKeyPair(_ keyName: String, authenticationRequired: SecAccessControlCreateFlags?, completion: (_ success: Bool, _ publicKeyData: Data?) -> Void)
Parameters
keyName
The unqiue identifer of the key.
authenticationRequired
Defines constants to be used with the accessing the private key. See SecAccessControlCreateFlag.
completion
The flag to represent the generation status and the
String
representation of the generated public key ornil
if the keys failed to generate. -
Using a key generated by the device, sign data and return the encrypted result.
Declaration
Swift
open static func signData(_ keyName: String, value: String) -> String?
Parameters
keyName
The unqiue identifer of the key.
value
The string to encrypt.
Return Value
The Base64 signed data, otherwise
nil
if the private key is inaccessible. -
Using a key generated by the device, sign data and return the encrypted result.
Remark
When the private key requires authentication andfalse
is specified,nil
is returned.Declaration
Swift
open static func signData(_ keyName: String, value: String, localizedReason: String?) -> String?
Parameters
keyName
The unqiue identifer of the key.
value
The string to encrypt.
localizedReason
Application reason for authentication. This string must be provided in correct localization and should be short and clear. It will be eventually displayed in the authentication dialog subtitle. A name of the calling application will be displayed in title, so it should not be duplicated here.
Return Value
The Base64 signed data, otherwise
nil
if the private key is inaccessible. -
Using a key generated by the device, sign data and return the encrypted result.
Remark
When the private key requires authentication andfalse
is specified,nil
is returned.Declaration
Swift
open static func signData(_ keyName: String, value: String, localizedReason: String?, base64EncodingOptions: Data.Base64EncodingOptions) -> String?
Parameters
keyName
The unqiue identifer of the key.
value
The string to encrypt.
localizedReason
Application reason for authentication. This string must be provided in correct localization and should be short and clear. It will be eventually displayed in the authentication dialog subtitle. A name of the calling application will be displayed in title, so it should not be duplicated here.
base64EncodingOptions
A mask that specifies options for Base-64 encoding the data.
Return Value
The Base64 signed data, otherwise
nil
if the private key is inaccessible. -
Delete a private and public key from the Keychain.
Declaration
Swift
open static func deleteKeyPair(_ keyName: String, completion: ((_ success: Bool) -> Void))
Parameters
keyName
The unqiue identifer of the key.
completion
The flag to indicate if the keys were deleted.
-
Performs a check of the domain state used to generate keys requiring authentication has changed.
Declaration
Swift
open static func hasAuthenticationSettingsChanged(_ evaluatedPolicyDomainState: Data? = nil) -> Bool
Parameters
evaluatedPolicyDomainState
The domain state used to generate the key initially. Default value is
nil
.Return Value
true
if the current domain state has changed, otherwisefalse
. -
Query the keychain for a matching key name.
Remark
If the key has been generated requiring authentication for access, the UI has been surpressed. Therefore the function will returntrue
under the following conditions:errSecSuccess
The item was found, no error.errSecInteractionNotAllowed
The item was found, the user interaction is not allowed.errSecAuthFailed
The item was found, but invalidated due to a change to Touch ID or passphrase.Declaration
Swift
open static func checkKeyPairExists(_ keyName: String) -> Bool
Parameters
keyName
The unqiue identifer of the key.
Return Value
true
if the key exists, otherwisefalse
.