{"id":37562,"date":"2022-11-03T16:35:04","date_gmt":"2022-11-03T20:35:04","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=37562"},"modified":"2022-11-03T16:35:04","modified_gmt":"2022-11-03T20:35:04","slug":"mac-keychain-apis-and-implementations","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/11\/03\/mac-keychain-apis-and-implementations\/","title":{"rendered":"Mac Keychain APIs and Implementations"},"content":{"rendered":"<p><a href=\"https:\/\/developer.apple.com\/documentation\/technotes\/tn3137-on-mac-keychains\">TN3137<\/a>:<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/documentation\/technotes\/tn3137-on-mac-keychains\">\n<p>The <code>Keychain<\/code> and <code>SecKeychain<\/code> APIs always target the file-based keychain. The <code>SecItem<\/code> API can target either implementation. It defaults to targeting the file-based keychain. [&#8230;] The file-based keychain is on the road to deprecation.<\/p>\n<p>[&#8230;]<\/p>\n<p>The <code>SecItem<\/code> API is well aligned with the data protection keychain. However, when you use it to target the file-based keychain it operates through a shim. That shim has limitations. Some of those limitations are inherent to the keychain implementation. For example, the access control model of the file-based keychain is completely different than that of the data protection keychain, and the shim can&rsquo;t make up for that. However, some limitations are just bugs. To avoid such problems, target the data protection keychain. This is particularly important when you&rsquo;re porting keychain code from iOS.<\/p>\n<p>[&#8230;]<\/p>\n<p>The data protection keychain can hold all keychain item classes (Internet password, generic password, certificate, key). macOS 11 and later synchronize all classes; earlier versions synchronize only the password classes.<\/p>\n<p>[&#8230;]<\/p>\n<p>The Keychain Access application supports both file-based keychains and the data protection keychain.  The keychain list shows all the file-based keychains in the search list for the current user&mdash;typically this is just <em>login<\/em> and <em>System<\/em>&mdash;and the data protection keychain.<\/p>\n<\/blockquote>\n<p>Note that Keychain Access now requires <a href=\"https:\/\/twitter.com\/mjtsai\/status\/1579567741085700098\">manual access granting<\/a> for additional keychain files that you ask it to open.<\/p>","protected":false},"excerpt":{"rendered":"<p>TN3137: The Keychain and SecKeychain APIs always target the file-based keychain. The SecItem API can target either implementation. It defaults to targeting the file-based keychain. [&#8230;] The file-based keychain is on the road to deprecation. [&#8230;] The SecItem API is well aligned with the data protection keychain. However, when you use it to target the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-11-03T20:35:07Z","apple_news_api_id":"60c0be99-632b-46b3-ab0d-5a36e63b3955","apple_news_api_modified_at":"2022-11-03T20:35:07Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AYMC-mWMrRrOrDVo25js5VQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[1417,1583,30,2223,71,1960],"class_list":["post-37562","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-icloud-keychain","tag-keychain","tag-mac","tag-macos-13-ventura","tag-programming","tag-transparency-consent-and-control-tcc"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=37562"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37562\/revisions"}],"predecessor-version":[{"id":37563,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37562\/revisions\/37563"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=37562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=37562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=37562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}