[][src]Crate keychain_services

macOS Keychain Services wrapper for accessing the system and user's cryptographic keychains, as well as keys stored in the Secure Enclave Processor (SEP).

This crate provides a thin, low-level binding with a safe, mostly idiomatic Rust API. Ideally however, it should be wrapped up in higher level, easy-to-use libraries, as the API it presents is rather complicated and arcane.

For more information on Keychain Services`, see: https://developer.apple.com/documentation/security/keychain_services/keychains

Code Signing

The Keychain Service API requires signed code to access much of its functionality. Accessing many APIs from an unsigned app will return an error with a kind of ErrorKind::MissingEntitlement.

Follow the instructions here to create a self-signed code signing certificate: https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

You will need to use the codesign command-line utility (or XCode) to sign your code before it will be able to access most Keychain Services API functionality. When you sign, you will need an entitlements file which grants access to the Keychain Services API. Below is an example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>keychain-access-groups</key>
<array>
    <string>$(AppIdentifierPrefix)com.example.MyApplication</string>
</array>
</dict>
</plist>

Re-exports

pub use crate::key::*;
pub use crate::keychain::*;

Modules

keychain

Keychains

Structs

AccessControl

Access control policy (a.k.a. ACL) for a keychain item, combining both a set of AccessControlFlags and a AttrAccessible restriction.

AccessControlFlags

Access control restrictions for a particular keychain item.

AttrApplicationLabel

Application-specific key labels, i.e. key fingerprints.

AttrApplicationTag

Application-specific tags for keychain items.

AttrLabel

Human readable/meaningful labels for keychain items.

Error

Error type.

Signature

Cryptographic signatures

Enums

AccessConjunction

Conjunctions (and/or) on keychain item access.

AccessConstraint

Constraints on keychain item access.

AccessOption

Options for keychain item access.

AttrAccessible

Keychain item accessibility restrictions (from most to least restrictive).

AttrKeyClass

Classes of keys supported by Keychain Services (not to be confused with SecClass, SecAttrClass or SecAttrKeyType)

AttrKeyType

Types of keys supported by Keychain Services (not to be confused with AttrKeyClass)

AttrProtocol

Internet protocols optionally associated with SecClass::InternetPassword keychain items.

AttrTokenId

Identifiers for external storage tokens for cryptographic keys (i.e. Secure Enclave).

ErrorKind

Kinds of errors.

Traits

AccessControlFlag

Marker trait for types which can be used as AccessControlFlags.