Default kSecAttrAccessible value for keychain items?

A

4

13

Does anyone know the default value of the kSecAttrAccessible attribute for iOS keychain items (see reference)? I'm just now upgrading an app to use stricter security, and I'm curious about how accessible my old keychain items–which didn't specify the kSecAttrAccessible key-value pair–are.

Aloin answered 22/3, 2011 at 14:42 Comment(0)

B

9

Update: As of a few years ago, the default is now kSecAttrAccessibleWhenUnlocked.

According to the Session 209 (Securing Application Data) video from last year's WWDC, the existing data defaults to kSecAttrAccessibleAlways (so you'll need to update the accessibility class as necessary).

Bunton answered 22/3, 2011 at 18:51 Comment(4)

this might have changed in iOS6, I had to explicitly set it to kSecAttrAccessibleAlwaysin order to get this behavior – Bayern 11/10, 2012 at 14:29

I agree with Erik's answer in that it's best to be explicit about what you want. – Bunton 28/4, 2014 at 21:5

kSecAttrAccessibleWhenUnlocked is now the default, and probably was a while ago. – Larcher 20/6, 2018 at 21:12

Yeah I think it changed a couple of years ago. Not sure of the exact year. I’ll edit! – Bunton 20/6, 2018 at 22:5

P

16

I've just tested this on iOS 5.1 and 6.0, the default is now kSecAttrAccessibleWhenUnlocked.

However, I think it is always better to set an explicit kSecAttrAccessible, rather than relying on defaults to be secure enough for you.

Peoria answered 18/1, 2013 at 20:41 Comment(0)

C

10

I've tested this on IOS 8.1 and default value is kSecAttrAccessibleWhenUnlocked.

Camara answered 21/1, 2015 at 5:37 Comment(0)

B

9

Update: As of a few years ago, the default is now kSecAttrAccessibleWhenUnlocked.

According to the Session 209 (Securing Application Data) video from last year's WWDC, the existing data defaults to kSecAttrAccessibleAlways (so you'll need to update the accessibility class as necessary).

Bunton answered 22/3, 2011 at 18:51 Comment(4)

this might have changed in iOS6, I had to explicitly set it to kSecAttrAccessibleAlwaysin order to get this behavior – Bayern 11/10, 2012 at 14:29

I agree with Erik's answer in that it's best to be explicit about what you want. – Bunton 28/4, 2014 at 21:5

kSecAttrAccessibleWhenUnlocked is now the default, and probably was a while ago. – Larcher 20/6, 2018 at 21:12

Yeah I think it changed a couple of years ago. Not sure of the exact year. I’ll edit! – Bunton 20/6, 2018 at 22:5

L

1

The documentation for kSecAttrAccessibleWhenUnlocked says:

This is the default value for keychain items added without explicitly setting an accessibility constant.

Larcher answered 20/6, 2018 at 21:13 Comment(0)

Recommended topics

Hot tags