Reputation: 5245
Default kSecAttrAccessible value for keychain items?
Does anyone know the default value of the kSecAttrAccessible attribute for iOS keychain items (see reference)? I'm just now upgrading an app to use stricter security, and I'm curious about how accessible my old keychain items–which didn't specify the kSecAttrAccessible key-value pair–are.
Upvotes: 13
Views: 9747
Answers (4)
Reputation: 28242
Update: As of a few years ago, the default is now kSecAttrAccessibleWhenUnlocked.
According to the Session 209 (Securing Application Data) video from last year's WWDC, the existing data defaults to kSecAttrAccessibleAlways (so you'll need to update the accessibility class as necessary).
Upvotes: 9
Reputation: 32137
The documentation for kSecAttrAccessibleWhenUnlocked says:
This is the default value for keychain items added without explicitly setting an accessibility constant.
Upvotes: 1
Reputation: 1447
I've tested this on IOS 8.1 and default value is kSecAttrAccessibleWhenUnlocked.
Upvotes: 10
Reputation:
I've just tested this on iOS 5.1 and 6.0, the default is now kSecAttrAccessibleWhenUnlocked.
However, I think it is always better to set an explicit kSecAttrAccessible, rather than relying on defaults to be secure enough for you.
Upvotes: 16
Related Questions
- kSecAttrAccount and kSecAttrGeneric
- Relevance of kSecAttrIsInvisible in iOS
- SecItemCopyMatching and kSecAttrAccessible in Keychain
- iOS Keychain Services: only specific values allowed for kSecAttrGeneric Key?
- How do you set the keychain's access to be kSecAttrAccessibleAfterFirstUnlock in Swift?
- Where is kSecAttrTokenIDSecureEnclave documented?
- Is it possible to update a Keychain item's kSecAttrAccessible value?
- iOS keychain, store more kSecValueData items
- Converting NSUserDefaults to Keychain?
- Keychain kSecValueData with weird not-showing characters at last