keychain-services.rs

Keychain Services for Rust 🔐 iqlusion

Crate Build Status Apache 2.0 Licensed Maintenance Status: Experimental

Rust binding for macOS Keychain Services, including TouchID-guarded access to cryptographic keys stored in the Secure Enclave Processor (SEP).

This binding aims to provide a thin wrapper using largely the same type names as Keychain Services itself, but also provide a safe, mostly idiomatic API which does not rely on e.g. Core Foundation types.

NOTE: This is an unofficial binding which is in no way affiliated with Apple!

Documentation

Status

This crate is experimental and may have bugs/memory safety issues. USE AT YOUR OWN RISK!

Below is a rough outline of the Keychain Service API and what is supported by this crate:

Tests

This crate has two suites of tests:

Code Signing

The Keychain Service API requires signed code to access much of its functionality. Accessing many APIs from an unsigned app will return an ErrorKind::MissingEntitlement.

Follow the instructions here to create a self-signed code signing certificate: https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

You will need to use the codesign command-line utility (or XCode) to sign your code before it will be able to access most Keychain Services API functionality.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.