What would happen if kSecAttrIsPermanent is set to NO?

StackOverflow https://stackoverflow.com/questions/21604225

  •  07-10-2022
  •  | 
  •  

Question

What is the usage of the kSecAttrIsPermanent attribute when using Apples libcommonCrypto.dylib on iOS?

Apples documentation says:

The corresponding value is of type CFBooleanRef and indicates whether this cryptographic key is to be stored permanently.

What is the reason not to store something permanently in the keychain and how long will it be stored then? (until reboot? until app is closed? until app is uninstalled?)

Was it helpful?

Solution

It's a parameter used within SecKeyGeneratePair when generating keys.

From the Certificate, Key, and Trust Services Reference

kSecAttrIsPermanent — If this key is present and has a Boolean value of true, the key or key pair is added to the default keychain.

In this context, if you provide this parameter and it is false, then you'll receive the keys in memory, but it won't be persisted to the keychain (on disk). It'll last for however long you keep a hold of it whilst the application is still running, unless you persist it yourself afterwards.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top