Framework | CoreServices/CoreServices.h, Carbon/Carbon.h |
Declared in | KeychainCore.h KeychainHI.h |
The Keychain Manager is an API that provides a uniform way for your application to handle passwords for multiple users, multiple databases, or any situation in which a user must enter single or multiple passwords. You can use the Keychain Manager to provide secure storage for a user's passwords, cryptographic keys, and digital certificates.
This document, which describes KeychainLib 2.0, is relevant to you if your application needs to create and manage passwords and other secure data.
Important: Keychain Manager is being phased out and replaced by Keychain Services. Any new development should use Keychain Services. See Keychain Services Reference.
Carbon fully supports the Keychain Manager.
KCMakeKCRefFromAlias
KCMakeAliasFromKCRef
KCReleaseKeychain
KCMakeKCRefFromFSSpec
Deprecated in Mac OS X v10.5
KCCreateKeychain
kccreatekeychain
KCSetDefaultKeychain
KCGetDefaultKeychain
KCGetStatus
KCGetKeychainName
kcgetkeychainname
KCCountKeychains
KCGetIndKeychain
KCAddAppleSharePassword
kcaddapplesharepassword
KCFindAppleSharePassword
kcfindapplesharepassword
KCAddInternetPassword
kcaddinternetpassword
KCAddInternetPasswordWithPath
kcaddinternetpasswordwithpath
KCFindInternetPassword
kcfindinternetpassword
KCFindInternetPasswordWithPath
kcfindinternetpasswordwithpath
KCAddGenericPassword
kcaddgenericpassword
KCFindGenericPassword
kcfindgenericpassword
Disposes of a UPP to your keychain event callback.
Not recommended
void DisposeKCCallbackUPP ( KCCallbackUPP userUPP );
A Universal Procedure Pointer (UPP) to your keychain event callback function.
A result code. See “Keychain Manager Result Codes.”
When you are finished with a UPP to your keychain event callback
function, you should dispose of it by calling the DisposeKCCallbackUPP
function.
There is no replacement function available.
KeychainCore.h
Invokes your keychain event callback.
Not recommended
OSStatus InvokeKCCallbackUPP ( KCEvent keychainEvent, KCCallbackInfo *info, void *userContext, KCCallbackUPP userUPP );
The keychain events you want your application
to receive. See “Keychain Events Constants” for a description of possible values. The
Keychain Manager tests the bitmask you pass in the eventMask
parameter
of the function KCAddCallback
to
determine which events to pass to your callback function. See “Keychain Events Mask” for
a description of this bitmask.
A pointer to a structure of type KCCallbackInfo
that
provides information about the keychain event to your callback function.
The Keychain Manager passes a pointer to this structure in the info
parameter
of your callback function.
A pointer to application-defined storage.
The Keychain Manager passes this value in the userContext
parameter
of your callback function. Your application can use this to associate
any particular call of the InvokeKCCallbackUPP
function
with any particular call of the keychain event callback function.
A Universal Procedure Pointer to your keychain
event callback function. For information on how to create a keychain
event callback function, see KCCallbackProcPtr
.
A result code. See “Keychain Manager Result Codes.”
You should not need to use the function InvokeKCCallbackUPP
,
as the system calls your KCAddCallback
callback
function for you.
There is no replacement function available.
KeychainCore.h
Adds a new AppleShare server password to the default keychain.
Not recommended
OSStatus KCAddAppleSharePassword ( AFPServerSignature *serverSignature, StringPtr serverAddress, StringPtr serverName, StringPtr volumeName, StringPtr accountName, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
A pointer to a 16-byte Apple File Protocol
server signature block. Pass a value of type AFPServerSignature
. Pass NULL
to
match any server signature. The Keychain Manager identifies the
location for the password by the information passed in the serverAddress
and serverSignature
parameters. You
must pass a valid value in at least one of these parameters.
A pointer to a Pascal string containing the
server address, which may be specified as an AppleTalk zone name,
a DNS domain name (in the format "xxx.yyy.zzz"), or an
IP address (in the format "111.222.333.444"). The Keychain
Manager identifies the location for the password by the information
passed in the serverAddress
and serverSignature
parameters. You
must pass a valid value in at least one of these parameters.
A pointer to a Pascal string containing the server name.
A pointer to a Pascal string containing the volume name.
A pointer to a Pascal string containing the account name.
The length of the buffer pointed to by passwordData
.
A pointer to a buffer which will hold the
returned password data. Before calling KCAddAppleSharePassword
,
allocate enough memory for the buffer to hold the data you want
to store.
On return, a pointer to a reference to the
added item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCDuplicateItem
indicates
that you tried to add a password that already exists in the keychain.
The result code errKCDataTooLarge
indicates
that you tried to add more data than is allowed for a record of
this type.
The KCAddAppleSharePassword
function
adds a new AppleShare server password to the default keychain that
is uniquely identified by the serverName
, volumeName
,
and accountName
parameters,
and a location specified either by the serverAddress
or serverSignature
parameters.
The KCAddAppleSharePassword
function
optionally returns a reference to the newly added item.
Most applications do not need to store AppleShare password
data, as this is handled transparently by the AppleShare client
software. To be compatible with the AppleShare client, you should
store a fully-specified File Manager structure AFPXVolMountInfo
as
the password data.
The KCAddAppleSharePassword
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently locked.
You can also call the function kcaddapplesharepassword
to
add an AppleShare server password to the default keychain. kcaddapplesharepassword
requires
that you pass a pointer to a C string instead of a pointer to a
Pascal string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kcaddapplesharepassword
function
provides the same functionality as KCAddAppleSharePassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use KCAddAppleSharePassword
,
since kcaddapplesharepassword
is
provided for convenience only and may be removed from the header
file at some point in the future.
It is recommended that you use internet passwords instead
of AppleShare passwords. Use the SecKeychainAddInternetPassword
function
in Keychain Services instead.
KeychainHI.h
Not recommended
OSStatus kcaddapplesharepassword ( AFPServerSignature *serverSignature, const char *serverAddress, const char *serverName, const char *volumeName, const char *accountName, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCAddAppleSharePassword
instead.
It is recommended that you use internet passwords instead
of AppleShare passwords. Use the SecKeychainAddInternetPassword
function
in Keychain Services instead.
KeychainHI.h
Registers your keychain event callback function.
Not recommended
OSStatus KCAddCallback ( KCCallbackUPP callbackProc, KCEventMask eventMask, void *userContext );
A Universal Procedure Pointer (UPP) to your
keychain event callback function, described in KCCallbackProcPtr
. You indicate the
type of keychain events you want to receive by passing a bitmask
of the desired events in the eventMask
parameter.
To create a UPP to your callback function, call the function NewKCCallbackUPP
.
A bitmask indicating the keychain events that
your application wishes to be notified of. See “Keychain Events Mask” for a
description of this bitmask. The Keychain Manager tests this mask
to determine the keychain events that you wish to receive, and passes
these events in the keychainEvent
parameter
of your callback function. See “Keychain Events Constants” for a
description of these events.
A pointer to application-defined storage that
will be passed to your callback function. Your application can use
this to associate any particular call of the KCAddCallback
function
with any particular call of your keychain event callback function.
A result
code. See “Keychain Manager Result Codes.” The result code errKCDuplicateCallback
indicates
that your callback function is already registered.
You can register your callback function by passing a UPP to
it in the callbackProc
parameter
of the KCAddCallback
function.
Once you have done so, the Keychain Manager calls the function InvokeKCCallbackUPP
when
the keychain event specified in the eventMask
parameter
occurs. In turn, the function InvokeKCCallbackUPP
passes
the keychain event, information about the event, and application-defined
storage to your keychain event callback function.
Available beginning with KeychainLib 1.0.
Use the SecKeychainAddCallback
function
in Keychain Services instead.
KeychainCore.h
Adds a new generic password to the default keychain.
Not recommended
OSStatus KCAddGenericPassword ( StringPtr serviceName, StringPtr accountName, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
A pointer to a Pascal string containing an application-defined service name.
A pointer to a Pascal string containing an application-defined account name.
The length of the password data to be stored
A pointer to the buffer that holds the returned
password data. Before calling the KCAddGenericPassword
function,
allocate enough memory for the buffer to hold the data you want
to store.
On return, a pointer to a reference to the
added item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCDuplicateItem
indicates
that you tried to add a password that already exists in the keychain.
The result code errKCDataTooLarge
indicates
that you tried to add more data than is allowed for a record of
this type.
The KCAddGenericPassword
function
adds a new generic password to the default keychain. Required parameters
to identify the password are serviceName
and accountName
,
which are application-defined strings. The KCAddGenericPassword
function
optionally returns a reference to the newly added item.
You can use the KCAddGenericPassword
function
to add passwords for accounts other than Internet or AppleShare.
For example, you might add passwords for your database or scheduling
programs.
You can also call the function kcaddgenericpassword
to
add a new generic password to the default keychain. The difference
between the two functions is that the kcaddgenericpassword
function
takes a pointer to a C string instead of a Pascal string in the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
The KCAddGenericPassword
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently
locked.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kcaddgenericpassword
function
provides the same functionality as the function KCAddGenericPassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use the KCAddGenericPassword
function,
since the kcaddgenericpassword
function
is provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainAddGenericPassword
function
in Keychain Services instead.
KeychainHI.h
Not recommended
OSStatus kcaddgenericpassword ( const char *serviceName, const char *accountName, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCAddGenericPassword
instead.
Use the SecKeychainAddGenericPassword
function
in Keychain Services instead.
KeychainHI.h
Adds a new Internet server password to the default keychain.
Not recommended
OSStatus KCAddInternetPassword ( StringPtr serverName, StringPtr securityDomain, StringPtr accountName, UInt16 port, OSType protocol, OSType authType, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
A pointer to a Pascal string containing the server name.
A pointer to a Pascal string containing the security domain. This parameter is optional, as not all protocols will require it.
A pointer to a Pascal string containing the account name.
The TCP/IP port number. Pass the constant kAnyPort
,
described in “Default Internet Port Constant,” to specify any port.
The protocol associated with this password.
See “Keychain Protocol Type Constants” for
a description of possible values. Pass the constant kAnyProtocol
,
described in “Default Internet Protocol And Authentication Type Constants,”
to specify any protocol.
The authentication scheme used. See “Authentication Type Constants” for a
description of possible values. Pass the constant kAnyAuthType
,
described in “Default Internet Protocol And Authentication Type Constants,”
to specify any authentication scheme.
The length of the buffer pointed to by passwordData
.
A pointer to a buffer that holds the returned
password data. Before calling the KCAddInternetPasswordWithPath
function,
allocate enough memory for the buffer to hold the data you want
to store.
On return, a pointer to a reference to the
added item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCDuplicateItem
indicates
that you tried to add a password that already exists in the keychain.
The result code errKCDataTooLarge
indicates
that you tried to add more data than is allowed for a record of
this type.
The KCAddInternetPassword
function
adds a new Internet server password to the default keychain. Required
parameters to identify the password are serviceName
and accountName
(you
cannot pass NULL
for
both parameters). In addition, some protocols may require an optional
value in the securityDomain
parameter
when authentication is requested. KCAddInternetPassword
optionally
returns a reference to the newly added item.
The KCAddInternetPassword
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently locked.
You can also call the function kcaddinternetpassword
to
add a new Internet server password to the default keychain. The kcaddinternetpassword
function
requires that you pass a pointer to a C string instead of a pointer
to a Pascal string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kcaddinternetpassword
function
provides the same functionality as KCAddInternetPassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use KCAddInternetPassword
,
since kcaddinternetpassword
is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainAddInternetPassword
function
in Keychain Services instead.
KeychainHI.h
Not recommended
OSStatus kcaddinternetpassword ( const char *serverName, const char *securityDomain, const char *accountName, UInt16 port, OSType protocol, OSType authType, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCAddInternetPassword
instead.
Use the SecKeychainAddInternetPassword
function
in Keychain Services instead.
KeychainHI.h
Adds a new Internet server password with a specified path to the default keychain.
Not recommended
OSStatus KCAddInternetPasswordWithPath ( StringPtr serverName, StringPtr securityDomain, StringPtr accountName, StringPtr path, UInt16 port, OSType protocol, OSType authType, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
A pointer to a Pascal string containing the server name.
A pointer to a Pascal string containing the security domain. This parameter is optional, as not all protocols will require it.
A pointer to a Pascal string containing the account name.
A pointer to a Pascal string containing additional
information that specifies a file or directory on the server specified
by the serverName
parameter.
In a typical URL, path information begins directly after the first
slash (“/”) character following the server name. This parameter
is optional.
The TCP/IP port number. Pass the constant kAnyPort
,
described in “Default Internet Port Constant,” to specify any port.
The protocol associated with this password.
See “Keychain Protocol Type Constants” for
a description of possible values. Pass the constant kAnyProtocol
,
described in “Default Internet Protocol And Authentication Type Constants,”
to specify any protocol.
The authentication scheme used. See “Authentication Type Constants” for a
description of possible values. Pass the constant kAnyAuthType
,
described in “Default Internet Protocol And Authentication Type Constants,”
to specify any authentication scheme.
The length of the buffer pointed to by passwordData
.
A pointer to a buffer which will hold the
returned password data. Before calling KCAddInternetPasswordWithPath
,
allocate enough memory for the buffer to hold the data you want
to store.
On return, a pointer to a reference to the
added item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCDuplicateItem
indicates
that you tried to add a password that already exists in the keychain.
The result code errKCDataTooLarge
indicates
that you tried to add more data than is allowed for a record of
this type.
The KCAddInternetPasswordWithPath
function
enables you to specify path information when adding a new Internet
server password to the default keychain. Required parameters to
identify the password are serviceName
and accountName
(you
cannot pass NULL
for
both parameters). In addition, some protocols may require an optional securityDomain
when
authentication is requested. KCAddInternetPasswordWithPath
optionally
returns a reference to the newly added item.
The KCAddInternetPasswordWithPath
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently
locked.
You can also call the function kcaddinternetpasswordwithpath
to
add a new Internet server password to the default keychain. The
function kcaddinternetpasswordwithpath
requires that
you pass a pointer to a C string instead of a pointer to a Pascal
string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 2.0. In KeychainLib 1.0,
the kcaddinternetpasswordwithpath
function
provides the same functionality as the KCAddInternetPasswordWithPath
function,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use the KCAddInternetPasswordWithPath
function,
since the function kcaddinternetpasswordwithpath
is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainAddInternetPassword
function
in Keychain Services instead.
KeychainHI.h
Not recommended
OSStatus kcaddinternetpasswordwithpath ( const char *serverName, const char *securityDomain, const char *accountName, const char *path, UInt16 port, OSType protocol, OSType authType, UInt32 passwordLength, const void *passwordData, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCAddInternetPasswordWithPath
instead.
Use the SecKeychainAddInternetPassword
function
in Keychain Services instead.
KeychainHI.h
Adds a password or other keychain item to the default keychain.
Not recommended
OSStatus KCAddItem ( KCItemRef item );
A reference to the keychain item you wish
to add. If you pass an existing item in the keychain, the item is
updated. If you pass an item that has not been previously added
to the keychain and an identical item already exists in the keychain, KCAddItem
returns
the result code errKCDuplicateItem
.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid. The result
code errKCDuplicateItem
indicates that
you tried to add a new item that already exists in the keychain.
You can use the KCAddItem
function
to add a password or other keychain item to the permanent data store
of the default keychain. If you want to add a password to a keychain other
than the default, call the function KCSetDefaultKeychain
to change the default keychain.
The KCAddItem
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the item is currently locked.
Available beginning with KeychainLib 1.0.
When you use Keychain Services to create an item, it is always added to the specified keychain at creation time.
KeychainHI.h
Displays a dialog box enabling the user to change the name, password, or settings of a keychain.
Not recommended
OSStatus KCChangeSettings ( KCRef keychain );
A reference to an unlocked keychain. Pass
in NULL
to specify the
default keychain.
A result
code. See “Keychain Manager Result Codes.” The result code errUserCanceled
indicates
that the user pressed the Cancel button in the Change Settings dialog
box. The result code errKCNoDefaultKeychain
indicates
that the default keychain could not be found. The result code errKCInvalidKeychain
indicates
that the specified keychain is invalid.
Typically, your application should not call the KCChangeSettings
function.
You would only call the KCChangeSettings
function
in response to a user's request to change keychain settings, name,
or password. Note that you cannot change a keychain passphrase directly. You
must call the KCChangeSettings
function
and allow the user to change it.
Available beginning with KeychainLib 2.0.
Use the SecKeychainSetSettings
function
in Keychain Services instead.
KeychainHI.h
Displays a list of certificates that the user can choose from.
Unsupported
OSStatus KCChooseCertificate ( CFArrayRef items, KCItemRef *certificate, CFArrayRef policyOIDs, KCVerifyStopOn stopOn );
An array of certificate references.
If the items
array
only contains one certificate, on return, a pointer to that certificate.
In this case, no user interface is displayed.
An array of trust policy options used for
Macintosh file signing. To obtain a pointer to this array, call
the function SecMacGetDefaultPolicyOIDs
.
The criteria to use in selecting the certificates to display. See “Certificate Verification Criteria” for a description of this mask.
A result
code. See “Keychain Manager Result Codes.” The result code userCanceledErr
indicates
that the user pressed the Cancel button in the user interface.
The KCChooseCertificate
function
displays a list of the certificates from which the user can choose.
If only one certificate matches the criteria, the reference is passed
back in the certificate
parameter
and no user interface is presented.
Available beginning with KeychainLib 2.0.
This function is obsolete. There is currently no replacement.
KeychainHI.h
Copies a password or other keychain item from one keychain to another.
Not recommended
OSStatus KCCopyItem ( KCItemRef item, KCRef destKeychain, KCItemRef *copy );
A reference to the keychain item you wish to copy.
A reference to the keychain into which the item is to be copied.
A pointer to a reference to the new copied keychain item.
A result
code. See “Keychain Manager Result Codes.” The result code errKCReadOnly
indicates
that the destination keychain is read only. The result code errKCNoSuchClass
indicates
that the item has an invalid keychain item class. The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid.
You can use the KCCopyItem
function
to copy a keychain item from one keychain to another. The KCCopyItem
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the item to be copied is currently
locked.
Available beginning with KeychainLib 2.0.
Use the SecKeychainItemCopyContent
function
in Keychain Services instead.
KeychainCore.h
Determines the number of available keychains.
Not recommended
UInt16 KCCountKeychains ( void );
The number of available keychains. This includes all keychains in the Keychains folder, as well as any other keychains known to the Keychain Manager.
This function reports the number of keychains known to the
Keychain Manager. These keychains are created by the function KCCreateKeychain
.
Available beginning with KeychainLib 1.0.
Use the SecKeychainCopySearchList
function
in Keychain Services followed by a call to CFArrayGetCount
instead.
KeychainCore.h
Creates an empty keychain.
Not recommended
OSStatus KCCreateKeychain ( StringPtr password, KCRef *keychain );
A pointer to a Pascal string representing
the password string which will be used to protect the new keychain.
If you pass NULL
, the
Keychain Setup dialog box will be displayed to obtain it.
A pointer to a reference to the keychain you
wish to create. You create a keychain reference by calling the function KCMakeKCRefFromFSSpec
or KCMakeKCRefFromAlias
.
If you pass a pointer to a keychain reference, the user will not
need to be prompted for a name and location; in all other cases, KCCreateKeychain
will
interactively request this information from the user. If you pass
a pointer to a NULL
keychain
reference, the Keychain Manager allocates the memory for the keychain
reference and returns it in this parameter. Pass a NULL
pointer
if you do not need a reference returned.
A result
code. See “Keychain Manager Result Codes.” The result code userCanceledErr
indicates
that the user pressed the Cancel button in the create keychain.
The result code errKCDuplicateKeychain
indicates
that the user tried to create a keychain which already exists. The
result code errKCInvalidKeychain
indicates
that the specified keychain is invalid. Additional errors may be
returned if the keychain could not be created (for example, a file
system or network error may be returned if there is no write access
to the storage media).
The KCCreateKeychain
function
creates an empty keychain. The keychain
and password
parameters
are optional. If user interaction to create a keychain is posted,
the newly-created keychain is automatically unlocked after creation.
You can also call the function kccreatekeychain
to
create an empty keychain. The function kccreatekeychain
requires
that you pass a pointer to a C string instead of a pointer to a Pascal
string in the password
parameter.
It is recommended that the KCCreateKeychain
function
not be explicitly called by applications. Instead, you should call
one of the add functions in “Storing and Retrieving Passwords” to
add a password to the default keychain. If a default keychain does
not exist, it is created automatically.
When you are finished with a keychain, you must deallocate
its memory by calling the function KCReleaseKeychain
.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kccreatekeychain
function
provides the same functionality as KCCreateKeychain
.
In KeychainLib 2.0, you should use KCCreateKeychain
,
since kccreatekeychain
is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainCreate
function
in Keychain Services instead.
KeychainHI.h
Not recommended
OSStatus kccreatekeychain ( const char *password, KCRef *keychain );
This function is available for convenience only and may be
removed. Use the function KCCreateKeychain
instead.
Use the SecKeychainCreate
function
in Keychain Services instead.
KeychainHI.h
Deletes a password or other keychain item from the default keychain.
Not recommended
OSStatus KCDeleteItem ( KCItemRef item );
A reference to the keychain item you wish
to delete. If you pass an item that has not been previously added
to the keychain, the function KCDeleteItem
does
nothing and returns noErr
.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid.
You can use the KCDeleteItem
function
to delete a keychain item from the permanent data store of the default
keychain. The KCDeleteItem
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the item is currently locked.
The KCDeleteItem
function
does not dispose the memory occupied by the item reference. To do
so, call the function KCReleaseItem
when
you are finished with an item.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemDelete
function
in Keychain Services instead.
KeychainCore.h
Finds the first AppleShare password in the default keychain that matches the specified parameters.
Not recommended
OSStatus KCFindAppleSharePassword ( AFPServerSignature *serverSignature, ConstStringPtr serverAddress, ConstStringPtr serverName, ConstStringPtr volumeName, ConstStringPtr accountName, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
A pointer to a 16-byte Apple File Protocol
server signature block. Pass a value of type AFPServerSignature
. Pass NULL
to
match any server signature. The Keychain Manager identifies the
location for the password by the information passed in the serverAddress
and serverSignature
parameters. You
must pass a valid value in at least one of these parameters.
A pointer to a Pascal string containing the
server address, which may be specified as an AppleTalk zone name,
a DNS domain name (in the format "xxx.yyy.zzz"), or an
IP address (in the format "111.222.333.444"). The Keychain
Manager identifies the location for the password by the information
passed in the serverAddress
and serverSignature
parameters. You
must pass a valid value in at least one of these parameters.
A pointer to a Pascal string containing the
server name. Pass NULL
to
match any server name.
A pointer to a Pascal string containing the
volume name. Pass NULL
to
match any volume name.
A pointer to a Pascal string containing the
account name. Pass NULL
to
match any account name.
The length of the buffer pointed to by passwordData
.
A pointer to a buffer which will hold the
returned password data. Before calling KCFindAppleSharePassword
,
allocate enough memory for the buffer to hold the data you want
to store. Pass NULL
if
you want to obtain the item reference but not the password data.
In this case, you must also pass NULL
in the actualLength
parameter.
On return, a pointer to the returned password data.
On return, the actual length of the password
data that was retrieved. If the buffer pointed to by passwordData
is
smaller than the actual length of the data, KCFindAppleSharePassword
returns
the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling KCFindAppleSharePassword
again.
On return, a pointer to a reference to the
found item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain was found. The result code errKCItemNotFound
indicates
that no matching password item was found. The result code errKCBufferTooSmall
indicates
that your application must allocate a new buffer of sufficient size
before calling KCFindAppleSharePassword
again.
The KCFindAppleSharePassword
function
finds the first AppleShare password item which matches the attributes
you provide. The buffer specified in the passwordData
parameter must
be large enough to hold the password data, otherwise KCFindAppleSharePassword
returns
the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the KCFindAppleSharePassword
function
again. The KCFindAppleSharePassword
function
optionally returns a reference to the found item.
The KCFindAppleSharePassword
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently
locked.
You can also call the function kcfindapplesharepassword
to
find the first AppleShare server password matching specified attributes. kcfindapplesharepassword
requires
that you pass a pointer to a C string instead of a pointer to a
Pascal string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kcfindapplesharepassword
function
provides the same functionality as KCFindAppleSharePassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use KCFindAppleSharePassword
,
since kcfindapplesharepassword
is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the Keychain Services function SecKeychainSearchCreateFromAttributes
followed
by the SecKeychainSearchCopyNext
function
instead.
KeychainCore.h
Not recommended
OSStatus kcfindapplesharepassword ( AFPServerSignature *serverSignature, const char *serverAddress, const char *serverName, const char *volumeName, const char *accountName, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCFindAppleSharePassword
instead.
Use the Keychain Services function SecKeychainSearchCreateFromAttributes
followed
by the SecKeychainSearchCopyNext
function
instead.
KeychainCore.h
Finds the first keychain item in a specified keychain that matches specified attributes.
Not recommended
OSStatus KCFindFirstItem ( KCRef keychain, const KCAttributeList *attrList, KCSearchRef *search, KCItemRef *item );
A reference to the keychain that you wish
to search. If you pass a locked keychain, the Unlock Keychain dialog
box is displayed. If you pass NULL
,
the KCFindFirstItem
function
searches all unlocked keychains.
A pointer to a list of 0 or more structures
containing information about the keychain item attributes to be
matched. Pass NULL
to
match any attribute.
On return, a pointer to a reference to the current search criteria.
On return, a pointer to the first matching keychain item.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCItemNotFound
indicates
that no matching keychain item was found. The result code errKCNoSuchAttr
indicates
that the specified attribute is undefined for this item class.
The KCFindFirstItem
function
returns a reference to the first keychain item in a keychain that
matches a list of attributes. The KCFindFirstItem
function
also returns a reference to the search criteria used. You should
pass the returned search criteria in the searchRef
parameter
of the function KCFindNextItem
.
The KCFindFirstItem
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the item you are searching
for is currently locked.
When you are completely finished with a search, you should
the functions KCReleaseItem
and KCReleaseSearch
to
release the memory occupied by the keychain item and search criteria
reference.
Available beginning with KeychainLib 1.0.
Use the Keychain Services function SecKeychainSearchCreateFromAttributes
followed
by a call to SecKeychainSearchCopyNext
instead.
KeychainCore.h
Finds the first generic password in the default keychain matching the specified parameters.
Not recommended
OSStatus KCFindGenericPassword ( ConstStringPtr serviceName, ConstStringPtr accountName, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
A pointer to a Pascal string containing an
application-defined service name. Pass NULL
to
match any service name.
A pointer to a Pascal string containing an
application-defined account name. Pass NULL
to
match any account name.
The length of the buffer pointed to by passwordData
.
A pointer to the buffer that holds the returned
password data. Before calling the KCFindGenericPassword
function,
allocate enough memory for the buffer to hold the data you want
to store. Pass NULL
if
you want to obtain the item reference but not the password data.
In this case, you must also pass NULL
in the actualLength
parameter.
On return, a pointer to the returned password data.
On return, the actual length of the password
data that was retrieved. If the buffer pointed to by the passwordData
parameter
is smaller than the actual length of the data, the KCFindGenericPassword
function
returns the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the KCFindGenericPassword
function
again.
On return, a pointer to a reference to the
found item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain was found. The result code errKCItemNotFound
indicates
that no matching password item was found. The result code errKCBufferTooSmall
indicates
that your application must allocate a new buffer of sufficient size
before calling the function KCFindGenericPassword
again.
The KCFindGenericPassword
function
finds the first generic password item which matches the attributes
you provide. The buffer specified in the passwordData
parameter
must be large enough to hold the password data, otherwise the function KCFindGenericPassword
returns
the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the function KCFindGenericPassword
again.
The KCFindGenericPassword
function
optionally returns a reference to the found item.
The KCFindGenericPassword
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently locked.
You can also call the function kcfindgenericpassword
to
find the first generic password matching specified attributes. The kcfindgenericpassword
function
requires that you pass a pointer to a C string instead of a pointer
to a Pascal string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kcfindgenericpassword
function
provides the same functionality as the function KCFindGenericPassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use the KCFindGenericPassword
function,
since the kcfindgenericpassword
function is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainFindGenericPassword
function
in Keychain Services instead.
KeychainCore.h
Not recommended
OSStatus kcfindgenericpassword ( const char *serviceName, const char *accountName, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCFindGenericPassword
instead.
Use the SecKeychainFindGenericPassword
function
in Keychain Services instead.
KeychainCore.h
Finds the first Internet password in the default keychain that matches the specified parameters.
Not recommended
OSStatus KCFindInternetPassword ( ConstStringPtr serverName, ConstStringPtr securityDomain, ConstStringPtr accountName, UInt16 port, OSType protocol, OSType authType, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
A pointer to a Pascal string containing the
server name. Pass NULL
to
match any server name.
A pointer to a Pascal string containing the
security domain. Pass NULL
to match
any domain.
A pointer to a Pascal string containing the
account name. Pass NULL
to
match any account name.
The TCP/IP port number. Pass the constant kAnyPort
,
described in “Default Internet Port Constant,” to match any port.
The protocol associated with this password.
See “Keychain Protocol Type Constants” for
a description of possible values. Pass the constant kAnyProtocol
,
described in “Default Internet Protocol And Authentication Type Constants,”
to match any protocol.
The authentication scheme used. See “Authentication Type Constants” for a
description of possible values. Pass the constant kAnyAuthType
,
described in “Default Internet Protocol And Authentication Type Constants,”
to match any authentication scheme.
The length of the buffer pointed to by passwordData
.
A pointer to the buffer that holds the returned
password data. Before calling the KCFindInternetPassword
function,
allocate enough memory for the buffer to hold the data you want
to store. Pass NULL
if
you want to obtain the item reference but not the password data.
In this case, you must also pass NULL
in
the actualLength
parameter.
On return, a pointer to the returned password data.
On return, the actual length of the password
data that was retrieved. If the buffer pointed to by the passwordData
parameter
is smaller than the actual length of the data, the KCFindInternetPassword
function
returns the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the KCFindInternetPassword
function
again.
On return, a pointer to a reference to the
found item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain was found. The result code errKCItemNotFound
indicates
that no matching password item was found. The result code errKCBufferTooSmall
indicates
that your application must allocate a new buffer of sufficient size
before calling the function KCFindInternetPassword
again.
The KCFindInternetPassword
function
finds the first Internet password item that matches the attributes
you provide. The buffer specified in the passwordData
parameter
must be large enough to hold the password data, otherwise the function KCFindInternetPassword
returns
the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the function KCFindInternetPassword
again.
The KCFindInternetPassword
function
optionally returns a reference to the found item.
The KCFindInternetPassword
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently locked.
You can also call the function kcfindinternetpassword
to
find the first Internet password item matching specified attributes.
The kcfindinternetpassword
function
requires that you pass a pointer to a C string instead of a Pascal
string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 1.0. In KeychainLib 1.0,
the kcfindinternetpassword
function
provides the same functionality as the function KCFindInternetPassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use the KCFindInternetPassword
function,
since kcfindinternetpassword
is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainFindInternetPassword
function
in Keychain Services instead.
KeychainCore.h
Not recommended
OSStatus kcfindinternetpassword ( const char *serverName, const char *securityDomain, const char *accountName, UInt16 port, OSType protocol, OSType authType, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCFindInternetPassword
instead.
Use the SecKeychainFindInternetPassword
function
in Keychain Services instead.
KeychainCore.h
Finds the first Internet password in the default keychain that matches the specified parameters, including path information.
Not recommended
OSStatus KCFindInternetPasswordWithPath ( ConstStringPtr serverName, ConstStringPtr securityDomain, ConstStringPtr accountName, ConstStringPtr path, UInt16 port, OSType protocol, OSType authType, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
A pointer to a Pascal string containing the
server name. Pass NULL
to
match any server name.
A pointer to a Pascal string containing the
security domain. Pass NULL
to match
any domain.
A pointer to a Pascal string containing the
account name. Pass NULL
to
match any account name.
A pointer to a Pascal string containing additional
information that specifies a file or directory on the server specified
by the serverName
parameter.
In a typical URL, path information begins directly after the first
slash (“/”) character following the server name. This parameter
is optional.
The TCP/IP port number. Pass the constant kAnyPort
,
described in “Default Internet Port Constant,” to match any port.
The protocol associated with this password.
See “Keychain Protocol Type Constants” for
a description of possible values. Pass the constant kAnyProtocol
,
described in “Default Internet Protocol And Authentication Type Constants,”
to match any protocol.
The authentication scheme used. See “Authentication Type Constants” for a
description of possible values. Pass the constant kAnyAuthType
,
described in “Default Internet Protocol And Authentication Type Constants,”
to match any authentication scheme.
The length of the buffer pointed to by passwordData
.
A pointer to a buffer which will hold the
returned password data. Before calling the KCFindInternetPasswordWithPath
function,
allocate enough memory for the buffer to hold the data you want
to store. Pass NULL
if
you want to obtain the item reference but not the password data.
In this case, you must also pass NULL
in
the actualLength
parameter.
On return, a pointer to the returned password data.
On return, the actual length of the password
data that was retrieved. If the buffer pointed to by the passwordData
parameter
is smaller than the actual length of the data, the function KCFindInternetPasswordWithPath
returns
the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the function KCFindInternetPasswordWithPath
again.
On return, a pointer to a reference to the
found item. Pass NULL
if
you don’t want to obtain this reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain was found. The result code errKCItemNotFound
indicates
that no matching password item was found. The result code errKCBufferTooSmall
indicates
that your application must allocate a new buffer of sufficient size
before calling the function KCFindInternetPasswordWithPath
again.
The KCFindInternetPasswordWithPath
function
finds the first Internet password item which matches the attributes
you provide, including path information. The buffer specified in
the passwordData
parameter
must be large enough to hold the password data, otherwise the function KCFindInternetPasswordWithPath
returns
the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling the KCFindInternetPasswordWithPath
function
again. The KCFindInternetPasswordWithPath
function
optionally returns a reference to the found item.
The KCFindInternetPasswordWithPath
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the password is currently
locked.
You can also call the function kcfindinternetpasswordwithpath
to
find the first Internet password item matching specified attributes.
The function kcfindinternetpasswordwithpath
requires
that you pass a pointer to a C string instead of a pointer to a
Pascal string for the serverAddress
, serverName
, volumeName
, accountName
,
and passwordData
parameters.
Available beginning with KeychainLib 2.0. In KeychainLib 1.0,
the kcfindinternetpassword
function
provides the same functionality as the function KCFindInternetPassword
,
except that it accepts C strings rather than Pascal strings as arguments.
In KeychainLib 2.0, you should use KCFindInternetPassword
,
since kcfindinternetpassword
is
provided for convenience only and may be removed from the header
file at some point in the future.
Use the SecKeychainFindInternetPassword
function
in Keychain Services instead.
KeychainCore.h
Not recommended
OSStatus kcfindinternetpasswordwithpath ( const char *serverName, const char *securityDomain, const char *accountName, const char *path, UInt16 port, OSType protocol, OSType authType, UInt32 maxLength, void *passwordData, UInt32 *actualLength, KCItemRef *item );
This function is available for convenience only and may be
removed. Use the function KCFindInternetPasswordWithPath
instead.
Use the SecKeychainFindInternetPassword
function
in Keychain Services instead.
KeychainCore.h
Finds the next keychain item matching the previously specified search criteria.
Not recommended
OSStatus KCFindNextItem ( KCSearchRef search, KCItemRef *item );
A reference to the previously-specified search
criteria. Pass the reference passed back in the searchRef
parameter
of the function KCFindFirstItem
.
On return, a pointer to the next matching keychain item, if any.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCItemNotFound
indicates
that no matching keychain item was found. The result code errKCInvalidSearchRef
indicates
that the specified search reference was invalid.
The KCFindNextItem
function
finds the next keychain item matching the search criteria previously
specified by a call to the function KCFindFirstItem
. The KCFindNextItem
function returns
a reference to the matching item, if any. The KCFindNextItem
function
automatically calls the function KCUnlock
to display the Unlock Keychain
dialog box if the keychain containing the item you are searching
for is currently locked.
When you are completely finished with a search, you should
use the functions KCReleaseItem
and KCReleaseSearch
to
release the keychain item and search criteria reference.
Available beginning with KeychainLib 1.0.
Use the SecKeychainSearchCopyNext
function
in Keychain Services instead.
KeychainCore.h
Finds the certificates in a keychain that match specified search criteria.
Unsupported
OSStatus KCFindX509Certificates ( KCRef keychain, CFStringRef name, CFStringRef emailAddress, KCCertSearchOptions options, CFMutableArrayRef *certificateItems );
A reference to the keychain you want to search. If the keychain is locked, the Unlock Keychain dialog box is automatically displayed.
A pointer to a C string containing the certificate owner's common name.
A pointer to a C string containing the certificate owner’s email address.
The search criteria you wish to use. See “Certificate Search Options” for a description of this mask.
On return, a pointer to a list of the matching
certificates. Pass NULL
if
you don’t want to obtain these references.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that a default keychain was not found. The result code errKCBufferTooSmall
indicates
that the certificate data was too large for the supplied buffer.
In this case, you should allocate a new buffer of sufficient size
before calling KCFindX509Certificates
again.
The result code errKCItemNotFound
indicates
that no matching certificate was found.
Available beginning with KeychainLib 2.0.
This function is obsolete. There is currently no replacement.
KeychainHI.h
Determines keychain item data using a keychain item attribute structure.
Not recommended
OSStatus KCGetAttribute ( KCItemRef item, KCAttribute *attr, UInt32 *actualLength );
A reference to the keychain item whose attribute data you wish to determine.
A pointer to a structure of type KCAttribute
. Before
calling the KCGetAttribute
function,
fill in the tag,
length
,
and data
fields (the data
field
should contain a pointer to a buffer of sufficient length for the
type of data to be returned). On return, the KCGetAttribute
function
passes back the requested data in the data
field.
On return, a pointer to the actual length of the attribute data. This may be more than the length you allocated in the length field of the attribute structure.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid. The result
code errKCNoSuchAttr
indicates
that you tried to set an attribute which is undefined for this item
class. The result code errKCBufferTooSmall
indicates
that your application must allocate a new buffer of sufficient size
before calling KCGetAttribute
again.
You can call the function KCGetAttribute
or
the function KCGetData
to
obtain keychain item data. The difference between the functions
is that the function KCGetData
requires
that you pass the length of the data and a pointer to that data
as separate parameters rather than fields in a keychain item attribute
structure.
If the keychain that contains the item is locked, before calling
the KCGetAttribute
function you
should call the function KCUnlock
to
prompt the user to unlock the keychain.
You can determine any of the standard item attributes identified
by the following tag constants: kClassKCItemAttr
, kCreationDateKCItemAttr
, kModDateKCItemAttr
, kDescriptionKCItemAttr
, kCommentKCItemAttr
, kLabelKCItemAttr
, kCreatorKCItemAttr
, kScriptCodeKCItemAttr
,
and kCustomIconKCItemAttr
.
There is additional data you can determine, depending upon the type
of keychain item whose data you wish to obtain. See “Keychain Item Attribute Tag Constants” for more information.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemCopyAttributesAndData
function
in Keychain Services instead.
KeychainCore.h
Determines keychain item data.
Not recommended
OSStatus KCGetData ( KCItemRef item, UInt32 maxLength, void *data, UInt32 *actualLength );
A reference to the keychain item whose data you wish to determine.
The length of the data buffer pointed to by
the data
parameter.
A pointer to the buffer that holds the returned
data. Before calling the KCGetData
function,
allocate enough memory for the buffer to hold the data you want
to store. On return, a pointer to the attribute data you requested.
On return, a pointer to the actual length
of the data being retrieved. If the buffer pointed to by the data
parameter
is smaller than the actual length of the data, the KCGetData
function
returns the result code errKCBufferTooSmall
.
In this case, your application must allocate a new buffer of sufficient
size before calling KCGetData
again.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid. The result
code errKCBufferTooSmall
indicates
that your application must allocate a new buffer of sufficient size
before calling KCGetData
again.
The result code errKCDataNotModifiable
indicates
that the data is not available for this item.
You can call the function KCGetData
or
the function KCGetAttribute
to
obtain keychain item data. The difference between the functions
is that the function KCGetAttribute
requires
that you pass the length of the data and a pointer to that data
as fields in a keychain item attribute structure rather than as
separate parameters.
If the keychain that contains the item is locked, before calling
the function KCGetData
you should
call the function KCUnlock
to
prompt the user to unlock the keychain. You cannot call the KCGetData
function
for a private key.
You can determine any of the standard item attributes identified
by the following tag constants: kClassKCItemAttr
, kCreationDateKCItemAttr
, kModDateKCItemAttr
, kDescriptionKCItemAttr
, kCommentKCItemAttr
, kLabelKCItemAttr
, kCreatorKCItemAttr
, kScriptCodeKCItemAttr
,
and kCustomIconKCItemAttr
.
There is additional data you can determine, depending upon the type
of keychain item whose data you wish to obtain. See “Keychain Item Attribute Tag Constants” for more information.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemCopyContent
function
in Keychain Services instead.
KeychainCore.h
Obtains the default keychain.
Not recommended
OSStatus KCGetDefaultKeychain ( KCRef *keychain );
On return, a pointer to default keychain reference.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that there is no default keychain.
You can determine the name of the default keychain by passing
the returned keychain reference to the function KCGetKeychainName
.
Available beginning with KeychainLib 2.0.
Use the SecKeychainCopyDefault
function
in Keychain Services instead.
KeychainCore.h
Obtains the reference to an indexed keychain.
Not recommended
OSStatus KCGetIndKeychain ( UInt16 index, KCRef *keychain );
An index of the list of available keychains.
Pass a value between 1 and the number returned by the function KCCountKeychains
.
On return, pointer to the keychain reference
corresponding to the index in the index
parameter.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoSuchKeychain
indicates
that the index value is out of range.
To guarantee correct operation, you should call the function KCCountKeychains
once
before calling KCGetIndKeychain
.
The memory that the keychain reference occupies must be released
by calling the function KCReleaseKeychain
when
you are finished with it.
Available beginning with KeychainLib 1.0.
Use the SecKeychainCopySearchList
function
in Keychain Services followed by a call to CFArrayGetValueAtIndex
instead.
KeychainCore.h
Determines the location of a password or other keychain item.
Not recommended
OSStatus KCGetKeychain ( KCItemRef item, KCRef *keychain );
A reference to the keychain item whose keychain
location you wish to determine. If you pass a reference to a keychain
item whose keychain is locked, the KCGetKeychain
function
returns the result code errKCInvalidItemRef
.
On return, a pointer to the keychain containing the specified item.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidItemRef
indicates
that the keychain item reference was invalid.
The KCGetKeychain
function
determines the location of a keychain item in an unlocked keychain.
It does not search locked keychains. Calling the KCGetKeychain
function
displays the Unlock Keychain dialog box if the keychain containing
the item is currently locked.
The keychain reference returned by KCGetKeychain
should
be released by calling the function KCReleaseItem
.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemCopyKeychain
function
in Keychain Services instead.
KeychainCore.h
Determines the version of the Keychain Manager installed on the user’s system.
Not Recommended
OSStatus KCGetKeychainManagerVersion ( UInt32 *returnVers );
On return, a pointer to the version number of the Keychain Manager installed on the current system.
A result code. See “Keychain Manager Result Codes.”
Your application can call the KCGetKeychainManagerVersion
function
to find out which version of the Keychain Manager is installed on
the user's system.
Available beginning with KeychainLib 1.0.
Use the SecKeychainGetVersion
function
in Keychain Services instead.
KeychainCore.h
Determines the name of a keychain.
Not recommended
OSStatus KCGetKeychainName ( KCRef keychain, StringPtr keychainName );
A reference to the keychain whose name you wish to obtain.
A pointer to a Pascal string. On return, this string contains the name of the keychain.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidKeychain
indicates
that the keychain is invalid.
You can also call the function kcgetkeychainname
to
obtain the name of a keychain. kcgetkeychainname
requires
that you pass a pointer to a C string instead of a pointer to a Pascal
string in the keychainName
parameter.
Available beginning with KeychainLib 2.0.
Use the SecKeychainGetPath
function
in Keychain Services instead.
KeychainCore.h
Not recommended
OSStatus kcgetkeychainname ( KCRef keychain, char *keychainName );
This function is available for convenience only and may be
removed. Use the function KCGetKeychainName
instead.
Use the SecKeychainGetPath
function
in Keychain Services instead.
KeychainCore.h
Determines the permissions that are set in a keychain.
Not recommended
OSStatus KCGetStatus ( KCRef keychain, UInt32 *keychainStatus );
A pointer to the keychain reference whose
permissions you wish to determine. Pass NULL
to
obtain the status of the default keychain.
On return, a pointer to a bitmask that you can test to determine the permissions that are set in a keychain. See “Keychain Status Constants” for a description of this mask.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoSuchKeychain
indicates
that the specified keychain could not be found. The result code errKCInvalidKeychain
indicates
that the specified keychain is invalid.
Available beginning with KeychainLib 1.0.
Use the SecKeychainGetStatus
function
in Keychain Services instead.
KeychainCore.h
Indicates whether Keychain Manager functions that display a user interaction will do so.
Not recommended
Boolean KCIsInteractionAllowed ( void );
A Boolean
value
indicating whether user interaction is permitted. If true
, user
interaction is allowed, and Keychain Manager functions that display
a user interface can do so as appropriate.
Available beginning with KeychainLib 2.0.
Use the SecKeychainGetUserInteractionAllowed
function
in Keychain Services instead.
KeychainCore.h
Locks a keychain.
Not recommended
OSStatus KCLock ( KCRef keychain );
A reference to the keychain to lock. Pass NULL
to
lock all unlocked keychains.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoSuchKeychain
indicates
that specified keychain could not be found. The result code errKCInvalidKeychain
indicates
that the specified keychain is invalid.
Your application should not call the KCLock
function
unless you are responding to a user's request to lock a keychain.
In general, you should leave the keychain unlocked so that the user
does not have to unlock it again in another application.
The function KCLock
replaces
the function KCLockKeychain
,
which was available in KeychainLib 1.0.
Use the SecKeychainLock
function
in Keychain Services instead.
KeychainCore.h
Creates an alias to a keychain reference.
Not Recommended
OSStatus KCMakeAliasFromKCRef ( KCRef keychain, AliasHandle *keychainAlias );
A reference to the keychain for which you want to create an alias.
On return, a pointer to an alias handle to the file referred to by the keychain reference.
A result code. See “Keychain Manager Result Codes.”
You may wish to call the KCMakeAliasFromKCRef
function
to determine the location of a keychain.
When you are finished with a keychain, you should call the
function KCReleaseKeychain
to deallocate
its memory. You should not use the keychain after its memory has
been deallocated.
Available beginning with KeychainLib 2.0.
Use the SecKeychainGetPath
function
in Keychain Services followed by calls to the function FSPathMakeRef
and FSNewAlias
instead.
KeychainCore.h
Creates a keychain reference from a keychain alias.
Not Recommended
OSStatus KCMakeKCRefFromAlias ( AliasHandle keychainAlias, KCRef *keychain );
A handle to an alias record of the keychain file. Since the keychain is a file, an alias can be made to the keychain file.
On return, a pointer to a reference to the
keychain specified by the alias in the keychainAlias
parameter.
A result code. See “Keychain Manager Result Codes.”
When you are finished with a keychain, you should call the
function KCReleaseKeychain
to deallocate
its memory. You should not use the keychain after its memory has
been deallocated.
Available beginning with KeychainLib 2.0.
Use the SecKeychainOpen
function
in Keychain Services instead. If the keychain doesn’t exist, use
the SecKeychainCreate
function in Keychain
Services.
KeychainCore.h
Creates a reference to a keychain item.
Not recommended
OSStatus KCNewItem ( KCItemClass itemClass, OSType itemCreator, UInt32 length, const void *data, KCItemRef *item );
The type of keychain item that you wish to
create. See “Keychain Item Type Constants” for a description of possible
values and a description of the KCItemClass
data
type.
The creator code of the application that owns this item.
The length of the data to be stored in this item.
A pointer to a buffer containing the data
to be stored in this item. Before calling KCNewItem
,
allocate enough memory for the buffer to hold the data you want
to store.
On return, a pointer to a reference to the newly-created item.
A result
code. See “Keychain Manager Result Codes.” The Memory Manager
result code memFullErr
indicates
that you did not allocate enough memory in the current heap to create
the item.
After calling the KCNewItem
function,
you should call the function KCAddItem
if
you wish to permanently store a password or other keychain item.
Note that a copy of the data buffer pointed to by the data
parameter
is stored in the newly-created item.
When you are done with a keychain item, you should call the
function KCReleaseItem
to release
its memory. You should not use the item after its memory has been
deallocated.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemCreateFromContent
function
in Keychain Services instead.
KeychainCore.h
Disposes of the memory occupied by a keychain item reference.
Not recommended
OSStatus KCReleaseItem ( KCItemRef *item );
A pointer to a keychain item reference. Pass
the keychain item reference whose memory you want to release. On
return, the reference is set to NULL
and
should not be used again.
A result code. See “Keychain Manager Result Codes.”
You should call the KCReleaseItem
function
to release the memory occupied by a keychain item reference when
you are finished with it.
Available beginning with KeychainLib 1.0
Use the CFRelease
function instead.
KeychainCore.h
Disposes of the memory associated with a keychain reference.
Not recommended
OSStatus KCReleaseKeychain ( KCRef *keychain );
A pointer to a keychain reference. Pass the
keychain reference whose memory you want to release. On return,
the reference is set to NULL
and should
not be used again.
A result code. See “Keychain Manager Result Codes.”
You should call the KCReleaseKeychain
function
to release the memory occupied by a keychain reference when you
are finished with it. You should not use the reference after it has
been released.
Available beginning with KeychainLib 2.0.
Use the CFRelease
function instead.
KeychainCore.h
Disposes of the memory occupied by a search criteria reference.
Not recommended
OSStatus KCReleaseSearch ( KCSearchRef *search );
A pointer to a search criteria reference.
Pass the search criteria reference whose memory you want to release.
On return, the reference is set to NULL
and
should not be used again.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidSearchRef
indicates
that the specified search reference was invalid.
You should call the KCReleaseSearch
function
to release the memory occupied by a search criteria reference when
you are completely finished with a search performed by calling the functions KCFindFirstItem
or KCFindNextItem
.
Available beginning with KeychainLib 1.0
Use the CFRelease
function instead.
KeychainCore.h
Unregisters your keychain event callback function.
Not recommended
OSStatus KCRemoveCallback ( KCCallbackUPP callbackProc );
A Universal Procedure Pointer (UPP) to your
keychain event callback function that was previously registered
with the function KCAddCallback
.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidCallback
indicates
that the callback function was not previously registered.
After you pass a UPP to your keychain event callback function
to the KCRemoveCallback
function,
it will no longer be called by the Keychain Manager.
After calling KCRemoveCallback
,
you should call the function DisposeKCCallbackUPP
to dispose
of the UPP to your callback function.
Available beginning with KeychainLib 1.0.
Use the SecKeychainRemoveCalllback
function
in Keychain Services instead.
KeychainCore.h
Sets or edits keychain item data using a keychain item attribute structure.
Not recommended
OSStatus KCSetAttribute ( KCItemRef item, KCAttribute *attr );
A reference to the keychain item whose data you wish to set or edit.
A pointer to a structure of type KCAttribute
containing
keychain item data you want to set. Before calling the function KCSetAttribute
,
fill in the tag
, length
,
and data
fields of this
structure with the tag identifying the attribute you wish to modify
or set, the length of the attribute data you wish to set, and a
pointer to that data, respectively.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidItemRef
indicates
that the keychain item reference was invalid. The result code errKCNoSuchAttr
indicates
that the item attribute you wish to set is undefined for the specified
item. The result code errKCDataTooLarge
indicates
that more data was supplied than is allowed for this attribute.
You can call the KCSetAttribute
function
or the function KCSetData
to
set or modify keychain item data. The difference between the functions
is that the KCSetData
function requires
that you pass the length of the data and a pointer to that data
as separate parameters rather than fields in a keychain item attribute
structure.
If the keychain that contains the item is locked, before calling
the KCSetAttribute
function you
should call the function KCUnlock
to
prompt the user to unlock the keychain. The keychain must permit
read/write access in order to modify keychain item data.
You can only set or modify standard item attributes identified
by the tag constants kDescriptionKCItemAttr
, kCommentKCItemAttr
, kLabelKCItemAttr
, kCreatorKCItemAttr
, kTypeKCItemAttr
,
and kCustomIconKCItemAttr
.
In addition, each class of keychain item has attributes specific
to that class which may be set or modified. See “Keychain Item Attribute Tag Constants” for
more information.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemModifyAttributesAndData
function
in Keychain Services instead.
KeychainCore.h
Sets or edits keychain item data.
Not recommended
OSStatus KCSetData ( KCItemRef item, UInt32 length, const void *data );
A reference to the keychain item whose data you wish to set.
The length of the data buffer pointed to by
the data
parameter.
A pointer to a buffer containing the data
to be stored in this item. Before calling the KCSetData
function,
allocate enough memory for the buffer to hold the data you want
to store.
A result
code. See “Keychain Manager Result Codes.” The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid. The result
code errKCDataTooLarge
indicates
that the data was too large for the supplied buffer. The result
code errKCDataNotModifiable
indicates
that the data cannot be set for this item.
You can call the function KCSetData
or
the function KCSetAttribute
to
set or modify keychain item data. The difference between the functions
is that the function KCSetAttribute
requires
that you pass the length of the data buffer as a field in a keychain item
attribute structure rather than as a separate parameter.
If the keychain that contains the item is locked, before calling
the KCSetData
function
you should call the function KCUnlock
to
prompt the user to unlock the keychain. The keychain must permit
read/write access in order to modify keychain item data.
You can set or edit any of the standard item attributes identified
by the following tag constants: kDescriptionKCItemAttr
, kCommentKCItemAttr
, kLabelKCItemAttr
, kCreatorKCItemAttr
, kTypeKCItemAttr
,
and kCustomIconKCItemAttr
.
There is additional data you can set, depending upon the type of
keychain item whose data you are manipulating. See “Keychain Item Attribute Tag Constants” for more information.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemModifyContent
function
in Keychain Services instead.
KeychainCore.h
Sets the default keychain.
Not recommended
OSStatus KCSetDefaultKeychain ( KCRef keychain );
A reference to the keychain you wish to make the default.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoSuchKeychain
indicates
that the specified keychain could not be found. The result code errKCInvalidKeychain
indicates
that the specified keychain is invalid.
In most cases, your application should not need to set the
default keychain, because this is a choice normally made by the
user. You should call the KCSetDefaultKeychain
function
to change where a password or other keychain items are added.
The KCSetDefaultKeychain
function
sets the default keychain regardless of whether the keychain is
currently locked.
Available beginning with KeychainLib 2.0.
Use the SecKeychainSetDefault
function
in Keychain Services instead.
KeychainCore.h
Enables or disables Keychain Manager functions that display a user interface.
Not recommended
OSStatus KCSetInteractionAllowed ( Boolean state );
A flag that indicates whether the Keychain
Manager will display a user interface. If you pass true
,
user interaction is allowed. This is the default value. If false
,
Keychain Manager functions that normally display a user interface
will instead return an error.
A result code. See “Keychain Manager Result Codes.”
The KCSetInteractionAllowed
function
enables you to control whether the functions KCLock
, KCUnlock
, and KCChangeSettings
display a user interface.
Note that failure to re-enable user interaction will affect other
clients of the Keychain Manager. By default, user interaction is
permitted.
Available beginning with KeychainLib 2.0.
Use the SecKeychainSetUserInteractionAllowed
function
in Keychain Services instead.
KeychainCore.h
Displays a dialog box that prompts the user for a password before unlocking a keychain.
Not recommended
OSStatus KCUnlock ( KCRef keychain, StringPtr password );
A reference to the keychain to unlock. Pass NULL
to
specify the default keychain. If you pass NULL
and
the default keychain is currently locked, the keychain will appear
as the default choice. If you pass a locked keychain, the function KCUnlock
displays
the Unlock Keychain dialog box and the keychain appears as the chosen
menu item in the keychain popup menu. If the default keychain is
currently unlocked, the Unlock Keychain dialog box is not displayed
and the KCUnlock
function
returns noErr
.
A pointer to a Pascal string representing
the password string for this keychain. Pass NULL
if
the user password is unknown. In this case, The KCUnlock
function
displays the Unlock Keychain dialog box, and the authentication
user interface associated with the keychain about to be unlocked.
If you specify an invalid password, you will not be able to unlock the
keychain with a specified password until the machine is rebooted.
In this case, the KCUnlock
function
returns errKCInteractionRequired
.
A result
code. See “Keychain Manager Result Codes.” The result code noErr
does
not guarantee that the specified keychain is unlocked, because the
user can select any available keychain and unlock it. The result
code userCanceledErr
indicates
that the user pressed the Cancel button in the Unlock Keychain dialog
box. The result code errKCAuthFailed
indicates
that authentication failed because of too many unsuccessful retries.
The result code errKCInteractionRequired
indicates
that user interaction is required to unlock the keychain. In this
case, you will not be able to unlock the keychain with that password
until the machine is rebooted.
In most cases, your application does not need to call the KCUnlock
function
directly, since most Keychain Manager functions that require an
unlocked keychain call KCUnlock
automatically.
If your application needs to verify that a keychain is unlocked,
call the function KCGetStatus
.
You can also call the function kcunlock
to
display a user interface prompting the user to unlock a keychain.
The kcunlock
function
requires that you pass a pointer to a C string instead of a pointer
to a Pascal string in the password
parameter.
It is recommended that the KCUnlock
function
not be explicitly called by applications. Most functions that require
an unlocked keychain call the KCUnlock
function
for you.
The memory that the keychain reference occupies must be released
by calling the function KCReleaseKeychain
when
you are finished with it.
The KCUnlock
function
replaces the function KCUnlockKeychain
,
which was available in KeychainLib 1.0.
Use the SecKeychainUnlock
function
in Keychain Services instead.
KeychainHI.h
Not recommended
OSStatus kcunlock ( KCRef keychain, const char *password );
This function is available for convenience only and may be
removed. Use the function KCUnlock
instead.
Use the SecKeychainUnlock
function
in Keychain Services instead.
KeychainHI.h
Updates a password or other keychain item.
Not recommended
OSStatus KCUpdateItem ( KCItemRef item );
A reference to the keychain item whose data
you wish to update. If you pass an item that has not been previously
added to the keychain, the KCUpdateItem
function
does nothing and returns noErr
.
A result
code. See “Keychain Manager Result Codes.” The result code errKCNoDefaultKeychain
indicates
that no default keychain could be found. The result code errKCInvalidItemRef
indicates
that the specified keychain item reference was invalid.
You can use the KCUpdateItem
function
to update a password or other keychain item in a keychain’s permanent
data store after changing its data. The function KCUpdateItem
automatically
calls the function KCUnlock
to
display the Unlock Keychain dialog box if the keychain containing
the item is currently locked.
Available beginning with KeychainLib 1.0.
Use the SecKeychainItemModifyContent
function
in Keychain Services instead.
KeychainCore.h
Creates a UPP to your keychain event callback.
Not recommended
KCCallbackUPP NewKCCallbackUPP ( KCCallbackProcPtr userRoutine );
A pointer to your keychain event callback
function. For information on how to create a keychain event callback,
see KCCallbackProcPtr
.
A UPP to your callback
function. You can register your callback function by passing this
UPP in the callbackProc
parameter
of the function KCAddCallback
. See the description of the KCCallbackUPP
data type.
The NewKCCallbackUPP
function
creates a pointer to your keychain event callback function. You
pass a pointer to your callback function in the callbackProc
parameter
of the function KCAddCallback
if
you want your application to receive data transfer events.
When you are finished with a UPP to your keychain event callback
function, you should dispose of it by calling the function DisposeKCCallbackUPP
.
There is no replacement function available.
KeychainCore.h
Defines a pointer to your keychain event callback that handles user keychain access events.
typedef OSStatus (*KCCallbackProcPtr) ( KCEvent keychainEvent, KCCallbackInfo * info, void * userContext );
If you name your function MyKCCallbackProc
,
you would declare it like this:
OSStatus MyKCCallbackProc ( KCEvent keychainEvent, KCCallbackInfo * info, void * userContext );
The keychain event that your application wishes
to be notified of. See “Keychain Events Constants” for a description of possible values.
The type of event that can trigger your callback depends on the
bitmask you passed in the eventMask
parameter
of the function KCAddCallback
.
For more information, see the discussion.
A pointer to a structure of type KCCallbackInfo
. On
return, the structure contains information about the keychain event
that occurred. The Keychain Manager passes this information to your
callback function via the info
parameter
of the function InvokeKCCallbackUPP
.
A pointer to application-defined storage that
your application previously passed to the function KCAddCallback
. You can use this value
to perform operations such as tracking which instance of a function
is operating.
A result
code. See “Keychain Manager Result Codes.” Your keychain event callback
function should process the keychain event and return noErr
.
Your keychain event callback function handles those keychain
events that you indicate. In order to be notified of these events,
you must pass a UPP to your notification callback function in the callbackProc
parameter
of KCAddCallback
. You
indicate the type of data transfer events you want to receive via
a bitmask in the eventMask
parameter.
When you no longer wish to receive notification of keychain events,
you should call the function KCRemoveCallback
to
dispose of the UPP to your keychain event callback function.
Use the SecKeychainCalllback
function
in Keychain Services instead.
KeychainCore.h
Represents a 16-byte Apple File Protocol server signature block.
typedef UInt8 AFPServerSignature[16];
The AFPServerSignature
type
represents a 16-byte Apple File Protocol server signature block.
You can pass a value of this type in the serverSignature parameter
of the functions KCAddAppleSharePassword
and KCFindAppleSharePassword
to
represent an Apple File Protocol server signature. You can use a
value of this type with the keychain item attribute constant kSignatureKCItemAttr
to
specify an Apple File Protocol server signature.
KeychainCore.h
Contains information about a keychain item attribute.
typedef SecKeychainAttribute KCAttribute;
The KCAttribute
type
represents a structure containing information about the attribute
of a keychain item. It contains a tag that identifies a particular
keychain item attribute value, the length of the attribute value,
and a pointer to the attribute value. You can modify attribute data
for a keychain item attribute by passing a pointer to this structure
in the attr
parameter
of the function KCSetAttribute
.
The function KCGetAttribute
passes
back a pointer to this structure in the attr
parameter.
KeychainCore.h
Lists attributes in a keychain item.
typedef SecKeychainAttributeList KCAttributeList;
The KCAttributeList
type
represents a list of structures containing information about the attributes
in a keychain item. You pass a pointer to this list of 0 or more
structures in the attrList
parameter
of the function KCFindFirstItem
to
indicate the attributes to be matched.
KeychainCore.h
Identifies a keychain item attribute value.
typedef SecKeychainAttrType KCAttrType;
The KCAttrType
type
represents a tag that identifies a keychain item attribute value.
You can use this value in the tag
field
of the structure KCAttribute
to
identify the keychain item attribute value you wish to set or obtain.
See Keychain Item Attribute Tag Constants
for a description of the Apple-defined tag constants
and the data types of the values they identify. Your application
can create application-defined tags of type KCAttrType
.
KeychainCore.h
Contains information about a keychain event.
struct KCCallbackInfo { UInt32 version; KCItemRef item; long processID[2]; long event[4]; KCRef keychain; }; typedef struct KCCallbackInfo KCCallbackInfo;
version
The version of this structure.
item
A reference to the keychain item in which the event occurred. If the event did not involve an item, this field is not valid.
processID
A 64-bit quantity containing the process serial number of the process in which the event occurred. This is not available on Mac OS X.
event
The keychain event that occurred. If the event
is a system event as indicated by the constant kSystemKCEvent
,
the Keychain client can process events. If the event is not a system
event, this field is not valid. This is not available on Mac OS
X.
keychain
A reference to the keychain in which the event occurred. If the event did not involve a keychain, this field is not valid.
The KCCallbackInfo
type
represents a structure that contains information about the keychain
event of which your application wants to be notified. The Keychain
Manager passes a pointer to this structure in the info
parameter
of your callback function via the function InvokeKCCallbackUPP
, which invokes your
callback function. For information on how to write a keychain event
callback function, see KCCallbackProcPtr
.
KeychainCore.h
Defines a data type for the KCCallbackProcPtr
callback
pointer.
typedef KCCallbackProcPtr KCCallbackUPP;
KeychainCore.h
Represents a reference to a keychain item.
typedef SecKeychainItemRef KCItemRef;
The KCItemRef
type
represents a reference to an opaque structure that identifies a
keychain item. You should call the function KCNewItem
to create a keychain item
reference. The function KCReleaseItem
disposes
of a keychain item reference when no longer needed.
KeychainCore.h
Represents a 20-byte public key hash.
typedef UInt8 KCPublicKeyHash[20];
The KCPublicKeyHash
type
represents a hash of a public key. You can use the constant kPublicKeyHashKCItemAttr
,
described in Keychain Item Attribute Tag Constants
, to set or retrieve a certificate
attribute value of this type.
KeychainCore.h
Represents a reference to a keychain.
typedef SecKeychainRef KCRef;
The KCRef
type
represents a reference to an opaque structure that identifies a
keychain. You should call the function KCMakeKCRefFromFSSpec
or KCMakeKCRefFromAlias
to create a keychain
reference. The function KCReleaseKeychain
disposes
of a keychain reference when no longer needed. You pass a reference
of this type to Keychain Manager functions that operate on a keychain
in some way.
KeychainCore.h
Represents a reference to the current search criteria.
typedef SecKeychainSearchRef KCSearchRef;
The KCSearchRef
type
represents a reference to an opaque structure that identifies the current
search criteria. The function KCFindFirstItem
passes
back a reference of this type in the search
parameter
for subsequent calls to the function KCFindNextItem
. You must release this
reference when you are finished with a search by calling the function KCReleaseSearch
.
KeychainCore.h
Identifies a mask that you can use in determining the permissions that are set in a keychain.
typedef SecKeychainStatus KCStatus;
The KCStatus
enumeration
defines masks your application can use to determine the read and
write permissions for a keychain. The function KCGetStatus
passes back this mask in the status
parameter.
KeychainCore.h
Represent the type of authentication to use in storing and retrieving Internet passwords.
enum { kKCAuthTypeNTLM = 'ntlm', kKCAuthTypeMSN = 'msna', kKCAuthTypeDPA = 'dpaa', kKCAuthTypeRPA = 'rpaa', kKCAuthTypeHTTPDigest = 'httd', kKCAuthTypeDefault = 'dflt' }; typedef FourCharCode KCAuthType;
kKCAuthTypeNTLM
Specifies Windows NT LAN Manager authentication.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCAuthTypeMSN
Specifies Microsoft Network authentication.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCAuthTypeDPA
Specifies Distributed Password authentication.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCAuthTypeRPA
Specifies Remote Password authentication.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCAuthTypeHTTPDigest
Specifies HTTP Digest Access authentication.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCAuthTypeDefault
Specifies default authentication.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCAuthType
enumeration
defines constants you can use to identify the type of authentication
to use in storing and retrieving Internet passwords. You can pass
a constant of this type in the authType
parameter
of the functions KCAddInternetPassword
, KCAddInternetPasswordWithPath
, KCFindInternetPassword
,
and KCFindInternetPasswordWithPath
.
Represent a mask that specifies the search criteria to use when finding certificates.
typedef UInt32 KCCertSearchOptions; enum { kCertSearchShift = 0, kCertSearchSigningIgnored = 0, kCertSearchSigningAllowed = 1 << (kCertSearchShift + 0), kCertSearchSigningDisallowed = 1 << (kCertSearchShift + 1), kCertSearchSigningMask = ((kCertSearchSigningAllowed) | (kCertSearchSigningDisallowed)), kCertSearchVerifyIgnored = 0, kCertSearchVerifyAllowed = 1 << (kCertSearchShift + 2), kCertSearchVerifyDisallowed = 1 << (kCertSearchShift + 3), kCertSearchVerifyMask = ((kCertSearchVerifyAllowed) | (kCertSearchVerifyDisallowed)), kCertSearchEncryptIgnored = 0, kCertSearchEncryptAllowed = 1 << (kCertSearchShift + 4), kCertSearchEncryptDisallowed = 1 << (kCertSearchShift + 5), kCertSearchEncryptMask = ((kCertSearchEncryptAllowed) | (kCertSearchEncryptDisallowed)), kCertSearchDecryptIgnored = 0, kCertSearchDecryptAllowed = 1 << (kCertSearchShift + 6), kCertSearchDecryptDisallowed = 1 << (kCertSearchShift + 7), kCertSearchDecryptMask = ((kCertSearchDecryptAllowed) | (kCertSearchDecryptDisallowed)), kCertSearchWrapIgnored = 0, kCertSearchWrapAllowed = 1 << (kCertSearchShift + 8), kCertSearchWrapDisallowed = 1 << (kCertSearchShift + 9), kCertSearchWrapMask = ((kCertSearchWrapAllowed) | (kCertSearchWrapDisallowed)), kCertSearchUnwrapIgnored = 0, kCertSearchUnwrapAllowed = 1 << (kCertSearchShift + 10), kCertSearchUnwrapDisallowed = 1 << (kCertSearchShift + 11), kCertSearchUnwrapMask = ((kCertSearchUnwrapAllowed) | (kCertSearchUnwrapDisallowed)), kCertSearchPrivKeyRequired = 1 << (kCertSearchShift + 12), kCertSearchAny = 0 };
The KCCertSearchOptions
enumeration
defines masks that you can use in the options
parameter
of the function KCFindX509Certificates
.
Represent a mask that specifies the usage options when adding certificates.
typedef UInt32 KCCertAddOptions; enum { kSecOptionReserved = 0x000000FF, kCertUsageShift = 8, kCertUsageSigningAdd = 1 << (kCertUsageShift + 0), kCertUsageSigningAskAndAdd = 1 << (kCertUsageShift + 1), kCertUsageVerifyAdd = 1 << (kCertUsageShift + 2), kCertUsageVerifyAskAndAdd = 1 << (kCertUsageShift + 3), kCertUsageEncryptAdd = 1 <<(kCertUsageShift + 4), kCertUsageEncryptAskAndAdd = 1 << (kCertUsageShift + 5), kCertUsageDecryptAdd = 1 << (kCertUsageShift + 6), kCertUsageDecryptAskAndAdd = 1 << (kCertUsageShift + 7), kCertUsageKeyExchAdd = 1 << (kCertUsageShift + 8), kCertUsageKeyExchAskAndAdd = 1 << (kCertUsageShift + 9), kCertUsageRootAdd = 1 << (kCertUsageShift + 10), kCertUsageRootAskAndAdd = 1 << (kCertUsageShift + 11), kCertUsageSSLAdd = 1 << (kCertUsageShift + 12), kCertUsageSSLAskAndAdd = 1 << (kCertUsageShift + 13), kCertUsageAllAdd = 0x7FFFFF00 };
Identify the verification criteria for use when displaying certificates to the user.
typedef UInt16 KCVerifyStopOn; enum { kPolicyKCStopOn = 0, kNoneKCStopOn = 1, kFirstPassKCStopOn = 2, kFirstFailKCStopOn = 3 };
kPolicyKCStopOn
Indicates that the function KCChooseCertificate
should use the trust
policy options currently in effect.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kNoneKCStopOn
Indicates that the function KCChooseCertificate
completes after
examining all available certificates.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kFirstPassKCStopOn
Indicates that the function KCChooseCertificate
when one certificate meeting
the verification criteria is found.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kFirstFailKCStopOn
Specifies that the function KCChooseCertificate
completes when one certificate
that fails to meet the verification criteria is found.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCVerifyStopOn
enumeration
defines constants your application can use to identify the verification
criteria to use in selecting certificates. You can pass a constant
of this type in the stopOn
parameter
of the function KCChooseCertificate
.
Represent the internet ports available.
enum { kAnyPort = 0 };
kAnyPort
Indicates that any Internet port can be used.
Available in Mac OS X v10.1 and later.
Declared in KeychainCore.h
.
Represent the internet protocols and authentication types available.
enum { kAnyProtocol = 0, kAnyAuthType = 0 };
kAnyProtocol
Indicates that any Internet protocol can be used.
Available in Mac OS X v10.1 and later.
Declared in KeychainCore.h
.
kAnyAuthType
Indicates that any Internet authentication type can be used.
Available in Mac OS X v10.1 and later.
Declared in KeychainCore.h
.
Identify keychain events.
typedef UInt16 KCEvent; enum { kIdleKCEvent = 0, kLockKCEvent = 1, kUnlockKCEvent = 2, kAddKCEvent = 3, kDeleteKCEvent = 4, kUpdateKCEvent = 5, kPasswordChangedKCEvent = 6, kSystemKCEvent = 8, kDefaultChangedKCEvent = 9, kDataAccessKCEvent = 10, kKeychainListChangedKCEvent = 11 };
kIdleKCEvent
Indicates a NULL
event.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kLockKCEvent
Indicates that the keychain was locked.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kUnlockKCEvent
Indicates that the keychain was unlocked.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kAddKCEvent
Indicates that an item was added to a keychain.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDeleteKCEvent
Indicates that an item was deleted from a keychain.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kUpdateKCEvent
Indicates that a keychain item was updated.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kPasswordChangedKCEvent
Indicates that the identity of the keychain was changed.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSystemKCEvent
Indicates that the keychain client can process events.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDefaultChangedKCEvent
Indicates that the default keychain has changed.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDataAccessKCEvent
Indicates that a process has called the function KCGetData
to access
a keychain item’s data.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKeychainListChangedKCEvent
Indicates that the list of keychains has changed.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCEvent
enumeration
defines constants that identify the Keychain-related events your callback
function wishes to receive. The Keychain Manager tests a mask that
you pass in the eventMask
parameter
of the function KCAddCallback
to
determine the data transfer events your notification callback function
wishes to receive. It passes these events in the keychainEvent
parameter
of the function InvokeKCCallbackUPP
.
For a description of the Keychain-related event masks, see Keychain Events Mask
.
Identify a mask that you can use to set the keychain events you wish to receive.
typedef UInt16 KCEventMask; enum { kIdleKCEventMask = 1 << kIdleKCEvent, kLockKCEventMask = 1 << kLockKCEvent, kUnlockKCEventMask = 1 << kUnlockKCEvent, kAddKCEventMask = 1 << kAddKCEvent, kDeleteKCEventMask = 1 << kDeleteKCEvent, kUpdateKCEventMask = 1 << kUpdateKCEvent, kPasswordChangedKCEventMask = 1 << kPasswordChangedKCEvent, kSystemEventKCEventMask = 1 << kSystemKCEvent, kDefaultChangedKCEventMask = 1 << kDefaultChangedKCEvent, kDataAccessKCEventMask = 1 << kDataAccessKCEvent, kEveryKCEventMask = 0xFFFF };
kIdleKCEventMask
If the bit specified by this mask is set, your
callback function will be invoked during a NULL
event.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kLockKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when the keychain is locked.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kUnlockKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when the keychain is unlocked.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kAddKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when an item is added to the keychain.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDeleteKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when an item is removed from the keychain.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kUpdateKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kPasswordChangedKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when the keychain identity is changed.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSystemEventKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when the keychain client processes an event.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDefaultChangedKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when the default keychain is changed.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDataAccessKCEventMask
If the bit specified by this mask is set, your
callback function will be invoked when a process calls the function KCGetData
.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kEveryKCEventMask
If the bit specified by this mask is set, your callback function will be invoked when any of the above Keychain-related events occur.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCEventMask
enumeration
defines masks your application can use to set Keychain event bits.
You pass this mask in the
eventMask
parameter
of the function KCAddCallback
, thereby
defining the Keychain-related events to which your callback will
respond. The Keychain Manager uses this mask to test which events
your callback function will handle. It passes these events in the keychainEvent
parameter
of the function InvokeKCCallbackUPP
. For
a description of Keychain-related events, see Keychain Events Constants
.
Represent tags that identify keychain item attribute values.
enum { kClassKCItemAttr = 'clas', kCreationDateKCItemAttr = 'cdat', kModDateKCItemAttr = 'mdat', kDescriptionKCItemAttr = 'desc', kCommentKCItemAttr = 'icmt', kCreatorKCItemAttr = 'crtr', kTypeKCItemAttr = 'type', kScriptCodeKCItemAttr = 'scrp', kLabelKCItemAttr = 'labl', kInvisibleKCItemAttr = 'invi', kNegativeKCItemAttr = 'nega', kCustomIconKCItemAttr = 'cusi', kAccountKCItemAttr = 'acct', kServiceKCItemAttr = 'svce', kGenericKCItemAttr = 'gena', kSecurityDomainKCItemAttr = 'sdmn', kServerKCItemAttr = 'srvr', kAuthTypeKCItemAttr = 'atyp', kPortKCItemAttr = 'port', kPathKCItemAttr = 'path', kVolumeKCItemAttr = 'vlme', kAddressKCItemAttr = 'addr', kSignatureKCItemAttr = 'ssig', kProtocolKCItemAttr = 'ptcl', kSubjectKCItemAttr = 'subj', kCommonNameKCItemAttr = 'cn ', kIssuerKCItemAttr = 'issu', kSerialNumberKCItemAttr = 'snbr', kEMailKCItemAttr = 'mail', kPublicKeyHashKCItemAttr = 'hpky', kIssuerURLKCItemAttr = 'iurl', kEncryptKCItemAttr = 'encr', kDecryptKCItemAttr = 'decr', kSignKCItemAttr = 'sign', kVerifyKCItemAttr = 'veri', kWrapKCItemAttr = 'wrap', kUnwrapKCItemAttr = 'unwr', kStartDateKCItemAttr = 'sdat', kEndDateKCItemAttr = 'edat' }; typedef FourCharCode KCItemAttr;
kClassKCItemAttr
Identifies the class attribute. You use this
tag to set or get a value of type KCItemClass
that
indicates whether the item is an AppleShare, Internet, or generic
password, or a certificate. See “KCPublicKeyHash” for a description
of possible values.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kCreationDateKCItemAttr
Identifies the creation date attribute. You
use this tag to set or get a value of type UInt32
that
indicates the date the item was created.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kModDateKCItemAttr
Identifies the modification date attribute.
You use this tag to set or get a value of type UInt32
that
indicates the last time the item was updated.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDescriptionKCItemAttr
Identifies the description attribute. You use
this tag to set or get a value of type string
that
represents a user-visible string describing this item.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kCommentKCItemAttr
Identifies the comment attribute. You use this
tag to set or get a value of type string
that
represents a user-editable string containing comments for this item.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kCreatorKCItemAttr
Identifies the creator attribute. You use this
tag to set or get a value of type OSType
that
represents the item’s creator.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kTypeKCItemAttr
Identifies the type attribute. You use this
tag to set or get a value of type OSType
that
represents the item’s type.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kScriptCodeKCItemAttr
Identifies the script code attribute. You use
this tag to set or get a value of type ScriptCode
that
represents the script code for all strings.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kLabelKCItemAttr
Identifies the label attribute. You use this
tag to set or get a value of type string
that
represents a user-editable string containing the label for this item.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kInvisibleKCItemAttr
Identifies the invisible attribute. You use
this tag to set or get a value of type Boolean
that
indicates whether the item is invisible.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kNegativeKCItemAttr
Identifies the negative attribute. You use
this tag to set or get a value of type Boolean
that
indicates whether there is a valid password associated with this
keychain item. This is useful if your application doesn't want a password
for some particular service to be stored in the keychain, but prefers
that it always be entered by the user. The item (typically invisible and
with zero-length data) acts as a placeholder to say “don't use
me.”
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kCustomIconKCItemAttr
Identifies the custom icon attribute. You use
this tag to set or get a value of type Boolean
that
indicates whether the item has an application-specific icon. To
do this, you must also set the attribute value identified by the
tag kTypeKCItemAttr to a file type for which there is a corresponding
icon in the desktop database, and set the attribute value identified
by the tag kCreatorKCItemAttr
to
an appropriate application creator type. If a custom icon corresponding
to the item's type and creator can be found in the desktop database,
it will be displayed by Keychain Access. Otherwise, default icons
are used.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kAccountKCItemAttr
Identifies the account attribute. You use this
tag to set or get a value of type Str63
that
represents the user account. It also applies to generic and AppleShare
passwords.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kServiceKCItemAttr
Identifies the service attribute for a generic
password. You use this tag to set or get a value of type Str63
that
represents the service.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kGenericKCItemAttr
Identifies the generic attribute for a generic password. You use this tag to set or get a value of untyped bytes that represents a user-defined attribute.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSecurityDomainKCItemAttr
Identifies the security domain attribute for
an internet password. You use this tag to set or get a value of
type Str63
that represents
the Internet security domain.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kServerKCItemAttr
Identifies the server attribute for an internet
password. You use this tag to set or get a value of type string
that
represents the Internet server’s domain name or IP address.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kAuthTypeKCItemAttr
Identifies the authentication type attribute
for an internet password. You use this tag to set or get a value
of type KCAuthType
that
represents the Internet authentication scheme.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kPortKCItemAttr
Identifies the port attribute for an internet
password. You use this tag to set or get a value of type UInt16
that
represents the Internet port.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kPathKCItemAttr
Identifies the path attribute for an internet
password. You use this tag to set or get a value of type Str255
that
represents the path.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kVolumeKCItemAttr
Identifies the volume attribute for an AppleShare
password. You use this tag to set or get a value of type Str63
that
represents the AppleShare volume.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kAddressKCItemAttr
Identifies the address attribute for an AppleShare
password. You use this tag to set or get a value of type string
that
represents the zone name, or the IP or domain name that represents
the server address.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSignatureKCItemAttr
Identifies the server signature attribute for
an AppleShare password. You use this tag to set or get a value of
type KCPublicKeyHash
that
represents the server signature block.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kProtocolKCItemAttr
Identifies the protocol attribute for an AppleShare
or internet password. You use this tag to set or get a value of
type KCProtocolType
that
represents the Internet protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSubjectKCItemAttr
Identifies the subject attribute for a certificate.
You use this tag to set or get DER
-encoded
data that represents the subject distinguished name.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kCommonNameKCItemAttr
Identifies the common name attribute for a
certificate. You use this tag to set or get a UTF8
-encoded
string that represents the common name.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kIssuerKCItemAttr
Identifies the issuer attribute for a certificate.
You use this tag to set or get a DER
-encoded
data that represents the issuer distinguished name.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSerialNumberKCItemAttr
Identifies the serial number attribute for
a certificate. You use this tag to set or get a DER
-encoded
data that represents the serial number.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kEMailKCItemAttr
Identifies the email attribute for a certificate.
You use this tag to set or get an ASCII
-encoded
string that represents the issuer’s email address.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kPublicKeyHashKCItemAttr
Identifies the public key hash attribute for
a certificate. You use this tag to set or get a value of type KCPublicKeyHash
that
represents the hash of the public key.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kIssuerURLKCItemAttr
Identifies the issuer URL attribute for a certificate.
You use this tag to set or get an ASCII
-encoded
string that represents the URL of the certificate issuer.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kEncryptKCItemAttr
Identifies the encrypt attribute for a certificate
or key. You use this tag to set or get a value of type Boolean
that
indicates whether the item can encrypt.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kDecryptKCItemAttr
Identifies the decrypt attribute for a certificate
or key. You use this tag to set or get a value of type Boolean
that
indicates whether the item can decrypt.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kSignKCItemAttr
Identifies the sign attribute for a certificate
or key. You use this tag to set or get a value of type Boolean
that
indicates whether the item can sign.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kVerifyKCItemAttr
Identifies the verify attribute for a certificate
or key. You use this tag to set or get a value of type Boolean
that
indicates whether the item can verify.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kWrapKCItemAttr
Identifies the wrap attribute for a certificate
or key. You use this tag to set or get a value of type Boolean
that
indicates whether the item can wrap.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kUnwrapKCItemAttr
Identifies the unwrap attribute for a certificate
or key. You use this tag to set or get a value of type Boolean
that
indicates whether the item can unwrap.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kStartDateKCItemAttr
Identifies the start date attribute for a certificate
or key. You use this tag to set or get a value of type UInt32
that
indicates the start date.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kEndDateKCItemAttr
Identifies the end date attribute for a certificate
or key. You use this tag to set or get a value of type UInt32
that
indicates the end date.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCItemAttr
enumeration
defines the Apple-defined tag constants that identify keychain item
attribute values. Your application can use one of these tags in
the tag
field of the
structure KCAttribute
to
identify the keychain item attribute value you wish to set or retrieve.
Your application can create application-defined tags of type KCAttrType
.
Identify the type of keychain item.
enum { kCertificateKCItemClass = 'cert', kAppleSharePasswordKCItemClass = 'ashp', kInternetPasswordKCItemClass = 'inet', kGenericPasswordKCItemClass = 'genp' }; typedef FourCharCode KCItemClass;
kCertificateKCItemClass
Specifies that the item is a digital certificate.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kAppleSharePasswordKCItemClass
Specifies that the item is an AppleShare password.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kInternetPasswordKCItemClass
Specifies that the item is an Internet password.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kGenericPasswordKCItemClass
Specifies that the item is a generic password.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCItemClass
enumeration
defines constants your application can use to specify the type of
the keychain item you wish to create, dispose, add, delete, update,
copy, or locate. You pass a constant of this type to the functions KCNewItem
, KCReleaseItem
, KCAddItem
, KCDeleteItem
, KCUpdateItem
, KCCopyItem
, and KCGetKeychain
. You
can also use these constants with the tag constant kClassKCItemAttr
,
described in Keychain Item Attribute Tag Constants
.
Identify the protocol to use in storing and retrieving Internet passwords.
enum { kKCProtocolTypeFTP = 'ftp ', kKCProtocolTypeFTPAccount = 'ftpa', kKCProtocolTypeHTTP = 'http', kKCProtocolTypeIRC = 'irc ', kKCProtocolTypeNNTP = 'nntp', kKCProtocolTypePOP3 = 'pop3', kKCProtocolTypeSMTP = 'smtp', kKCProtocolTypeSOCKS = 'sox ', kKCProtocolTypeIMAP = 'imap', kKCProtocolTypeLDAP = 'ldap', kKCProtocolTypeAppleTalk = 'atlk', kKCProtocolTypeAFP = 'afp ', kKCProtocolTypeTelnet = 'teln' }; typedef FourCharCode KCProtocolType;
kKCProtocolTypeFTP
Specifies the File Transfer Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeFTPAccount
Specifies the File Transfer Protocol Account.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeHTTP
Specifies the HyperText Transfer Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeIRC
Specifies the Internet Relay Channel Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeNNTP
Specifies the Network News Transfer Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypePOP3
Specifies the Post Office 3 Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeSMTP
Specifies the Simple Mail Transfer Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeSOCKS
Specifies the Secure Proxy Server Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeIMAP
Specifies the Internet Message Access Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeLDAP
Specifies the Lightweight Directory Access Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeAppleTalk
Specifies the AppleTalk Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeAFP
Specifies the AppleTalk File Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kKCProtocolTypeTelnet
Specifies the Telnet Protocol.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The KCProtocolType
enumeration
defines constants you can use to identify the type of authentication
to use in storing and retrieving Internet passwords. You can pass
a constant of this type in the protocol
parameter
of the functions KCAddInternetPassword
, KCAddInternetPasswordWithPath
, KCFindInternetPassword
,
and KCFindInternetPasswordWithPath
.
Identify the keychain status.
enum { kUnlockStateKCStatus = 1, kRdPermKCStatus = 2, kWrPermKCStatus = 4 };
kUnlockStateKCStatus
If the bit specified by this mask is set (bit 0), the keychain is unlocked.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kRdPermKCStatus
If the bit specified by this mask is set (bit 1), the keychain is unlocked with read permission.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
kWrPermKCStatus
If the bit specified by this mask is set (bit 2), the keychain is unlocked with write permission.
Available in Mac OS X v10.0 and later.
Declared in KeychainCore.h
.
The most common result codes returned by Keychain Manager are listed below.
© 2001, 2005 Apple Computer, Inc. All Rights Reserved. (Last updated: 2005-07-07)