KeychainHelper

open class KeychainHelper : NSObject

The KeychainHelper class performs RSA export operations to DER and PEM formats that can be used outside iOS for data signing.

  • Exports the public key retrieved from the keychain in Privacy Enhanced Mail (PEM) format.

    Declaration

    Swift

    open static func exportPublicKey(_ rawPublicKeyBytes: Data) -> String?

    Parameters

    rawPublicKeyBytes

    The raw public key in bytes.

    Return Value

    Privacy Enhanced Mail (PEM) representation of the key.

  • Exports the public key retrieved from the keychain in Privacy Enhanced Mail (PEM) format.

    Declaration

    Swift

    open static func exportPublicKey(_ rawPublicKeyBytes: Data, base64EncodingOptions: Data.Base64EncodingOptions) -> String?

    Parameters

    rawPublicKeyBytes

    The raw public key in bytes.

    base64EncodingOptions

    Options for methods used to Base-64 encode data.

    Return Value

    Privacy Enhanced Mail (PEM) representation of the key.

  • Generates a private and public key to sign data.

    Remark

    The private key is automatically stored in default keychain accessible via the kSecAttrApplicationTag. The encryption method used to generate the keys is kSecAttrKeyTypeRSA and the size is 2,048 bits. This method does not apply an authentication constraint to access the private key.

    Declaration

    Swift

    open static func createKeyPair(_ keyName: String, completion: (_ success: Bool, _ publicKeyData: Data?) -> Void)

    Parameters

    keyName

    The unqiue identifer of the key.

    completion

    The flag to represent the generation status and the String representation of the generated public key or nil if the keys failed to generate.

  • Generates a private and public key to sign data.

    Remark

    The private key is automatically stored in default keychain accessible via the kSecAttrApplicationTag. The encryption method used to generate the keys is kSecAttrKeyTypeRSA and the size is 2,048 bits.

    Declaration

    Swift

    open static func createKeyPair(_ keyName: String, authenticationRequired: SecAccessControlCreateFlags?, completion: (_ success: Bool, _ publicKeyData: Data?) -> Void)

    Parameters

    keyName

    The unqiue identifer of the key.

    authenticationRequired

    Defines constants to be used with the accessing the private key. See SecAccessControlCreateFlag.

    completion

    The flag to represent the generation status and the String representation of the generated public key or nil if the keys failed to generate.

  • Using a key generated by the device, sign data and return the encrypted result.

    Declaration

    Swift

    open static func signData(_ keyName: String, value: String) -> String?

    Parameters

    keyName

    The unqiue identifer of the key.

    value

    The string to encrypt.

    Return Value

    The Base64 signed data, otherwise nil if the private key is inaccessible.

  • Using a key generated by the device, sign data and return the encrypted result.

    Remark

    When the private key requires authentication and false is specified, nil is returned.

    Declaration

    Swift

    open static func signData(_ keyName: String, value: String, localizedReason: String?) -> String?

    Parameters

    keyName

    The unqiue identifer of the key.

    value

    The string to encrypt.

    localizedReason

    Application reason for authentication. This string must be provided in correct localization and should be short and clear. It will be eventually displayed in the authentication dialog subtitle. A name of the calling application will be displayed in title, so it should not be duplicated here.

    Return Value

    The Base64 signed data, otherwise nil if the private key is inaccessible.

  • Using a key generated by the device, sign data and return the encrypted result.

    Remark

    When the private key requires authentication and false is specified, nil is returned.

    Declaration

    Swift

    open static func signData(_ keyName: String, value: String, localizedReason: String?, base64EncodingOptions: Data.Base64EncodingOptions) -> String?

    Parameters

    keyName

    The unqiue identifer of the key.

    value

    The string to encrypt.

    localizedReason

    Application reason for authentication. This string must be provided in correct localization and should be short and clear. It will be eventually displayed in the authentication dialog subtitle. A name of the calling application will be displayed in title, so it should not be duplicated here.

    base64EncodingOptions

    A mask that specifies options for Base-64 encoding the data.

    Return Value

    The Base64 signed data, otherwise nil if the private key is inaccessible.

  • Delete a private and public key from the Keychain.

    Declaration

    Swift

    open static func deleteKeyPair(_ keyName: String, completion: ((_ success: Bool) -> Void))

    Parameters

    keyName

    The unqiue identifer of the key.

    completion

    The flag to indicate if the keys were deleted.

  • Performs a check of the domain state used to generate keys requiring authentication has changed.

    Declaration

    Swift

    open static func hasAuthenticationSettingsChanged(_ evaluatedPolicyDomainState: Data? = nil) -> Bool

    Parameters

    evaluatedPolicyDomainState

    The domain state used to generate the key initially. Default value is nil.

    Return Value

    true if the current domain state has changed, otherwise false.

  • Query the keychain for a matching key name.

    Remark

    If the key has been generated requiring authentication for access, the UI has been surpressed. Therefore the function will return true under the following conditions:
  • errSecSuccess The item was found, no error.
  • errSecInteractionNotAllowed The item was found, the user interaction is not allowed.
  • errSecAuthFailed The item was found, but invalidated due to a change to Touch ID or passphrase.
  • Declaration

    Swift

    open static func checkKeyPairExists(_ keyName: String) -> Bool

    Parameters

    keyName

    The unqiue identifer of the key.

    Return Value

    true if the key exists, otherwise false.