Xojo Conferences
XDCMay2019MiamiUSA

Platforms to show: All Mac Windows Linux Cross-Platform

KeychainAccessControlMBS class

Type Topic Plugin Version macOS Windows Linux Console & Web iOS
class Keychain MBS MacClassic Plugin 18.5 Yes No No Yes, macOS only No
Function: Defines access rights for items.
Notes: This is an abstract class. You can't create an instance, but you can get one from various plugin functions.

Feedback, Comments & Corrections

Control Flags

Constant Value Description
kSecAccessControlAnd &h8000 Constraint logic operation: when using more than one constraint, all must be satisfied.
kSecAccessControlApplicationPassword &h80000000 Application provided password for data encryption key generation. This is not a constraint but additional item encryption mechanism.
kSecAccessControlBiometryAny 2 Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
kSecAccessControlBiometryCurrentSet 8 Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated.
kSecAccessControlDevicePasscode 16 Device passcode
kSecAccessControlOr &h4000 Constraint logic operation: when using more than one constraint, at least one of them must be satisfied.
kSecAccessControlPrivateKeyUsage &h40000000 Create access control for private key operations (i.e. sign operation)
kSecAccessControlTouchIDAny 2 Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
kSecAccessControlTouchIDCurrentSet 8 Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated.
kSecAccessControlUserPresence 1 User presence policy using biometry or Passcode. Biometry does not have to be available or enrolled. Item is still accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.

This class has no sub classes.


The items on this page are in the following plugins: MBS MacClassic Plugin.


JSValueMBS   -   KeychainItemMBS




Links
MBS Xojo Plugins