Platforms to show: All Mac Windows Linux Cross-Platform
Back to KeychainManagerMBS module.
KeychainManagerMBS.FindInternetPassword(keychain as KeychainMBS, serverName as string, securityDomain as string, accountName as string, path as string, port as Integer, protocol as string, authenticationType as string, byref password as memoryblock) as KeychainItemMBS
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ❌ No | Desktop, Console & Web |
keychain: A single keychain or nil to search the user's default keychain search list.
serverName: The server name.
securityDomain: The security domain. This parameter is optional, as not all protocols require it. Pass "" if it is not required.
accountName: The account name.
path: The string representing the path.
port: The TCP/IP port number. Pass 0 to ignore the port number.
protocol: The protocol associated with this password. See Keychain Protocol Type Constants for a description of possible values.
authenticationType: The authentication scheme used. See Keychain Authentication Type Constants for a description of possible values. Pass the constant kSecAuthenticationTypeDefault, to specify the default authentication scheme.
password: On return, a memoryblock containing the password data.
Returns the item object of the Internet password.
Lasterror is set.
This function finds the first Internet password item that matches the attributes you provide. This function optionally returns a reference to the found item.
This function decrypts the password before returning it to you. If the calling application is not in the list of trusted applications, the user is prompted before access is allowed. If the access controls for this item do not allow decryption, the function returns the errSecAuthFailed result code.
This function automatically calls the function Unlock to display the Unlock Keychain dialog box if the keychain is currently locked.
Available in OS X v10.2 and later.
KeychainManagerMBS.GetPassword(Query as dictionary, byref result as Memoryblock) as boolean
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
This is a variant of CopyMatching which uses kSecReturnData to query the data of one keychain item.
Returns password of first item found in result parameter. If you expect text, be sure to use DefineEncoding to define as encodings.UTF8.
Item Class Key Constant
KeychainManagerMBS.kSecClassCertificate as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Certificate item.
The following attribute types ("Attribute Item Keys and Values") can be used with an item of this type:
kSecAttrAccessible
kSecAttrAccessGroup
kSecAttrCertificateType
kSecAttrCertificateEncoding
kSecAttrLabel
kSecAttrSubject
kSecAttrIssuer
kSecAttrSerialNumber
kSecAttrSubjectKeyID
kSecAttrPublicKeyHash
Available in OS X v10.7 and later.
KeychainManagerMBS.kSecClassGenericPassword as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Generic password item.
The following attribute types ("Attribute Item Keys and Values") can be used with an item of this type:
kSecAttrAccessible
kSecAttrAccessGroup
kSecAttrCreationDate
kSecAttrModificationDate
kSecAttrDescription
kSecAttrComment
kSecAttrCreator
kSecAttrType
kSecAttrLabel
kSecAttrIsInvisible
kSecAttrIsNegative
kSecAttrAccount
kSecAttrService
kSecAttrGeneric
Available in OS X v10.7 and later.
Some examples using this method:
KeychainManagerMBS.kSecClassIdentity as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Identity item.
An identity is a certificate together with its associated private key. Because an identity is the combination of a private key and a certificate, this class shares attributes of both kSecClassKey and kSecClassCertificate.
Available in OS X v10.7 and later.
KeychainManagerMBS.kSecClassInternetPassword as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Internet password item.
The following attribute types ("Attribute Item Keys and Values") can be used with an item of this type:
kSecAttrAccessible
kSecAttrAccessGroup
kSecAttrCreationDate
kSecAttrModificationDate
kSecAttrDescription
kSecAttrComment
kSecAttrCreator
kSecAttrType
kSecAttrLabel
kSecAttrIsInvisible
kSecAttrIsNegative
kSecAttrAccount
kSecAttrSecurityDomain
kSecAttrServer
kSecAttrProtocol
kSecAttrAuthenticationType
kSecAttrPort
kSecAttrPath
Available in OS X v10.6 and later.
Some examples using this method:
KeychainManagerMBS.kSecClassKey as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Cryptographic key item.
The following attribute types ("Attribute Item Keys and Values") can be used with an item of this type:
kSecAttrAccessible
kSecAttrAccessGroup
kSecAttrKeyClass
kSecAttrLabel
kSecAttrApplicationLabel
kSecAttrIsPermanent
kSecAttrApplicationTag
kSecAttrKeyType
kSecAttrKeySizeInBits
kSecAttrEffectiveKeySize
kSecAttrCanEncrypt
kSecAttrCanDecrypt
kSecAttrCanDerive
kSecAttrCanSign
kSecAttrCanVerify
kSecAttrCanWrap
kSecAttrCanUnwrap
Available in OS X v10.7 and later.
KeychainManagerMBS.ItemFromPersistentReference(data as memoryblock) as KeychainItemMBS
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ❌ No | Desktop, Console & Web |
Returns a keychain item reference for the item for which you provided a persistent reference.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAccess as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
A SecAccessRef object describing the access control settings for this item.
Available in OS X v10.7 and later.
KeychainManagerMBS.kSecAttrAccessControl as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Available on Mac OS X 10.10 and newer.
IMPORTANT: This attribute is mutually exclusive with kSecAttrAccess attribute.
See KeychainAccessControlMBS class.
Some examples using this method:
KeychainManagerMBS.kSecAttrAccessGroup as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Available on Mac OS X 10.9 and newer.
The access groups that a particular application has membership in are determined by two entitlements for that application. The application-identifier entitlement contains the application's single access group, unless there is a keychain-access-groups entitlement present. The latter has as its value a list of access groups; the first item in this list is the default access group. Unless a specific access group is provided as the value of kSecAttrAccessGroup when SecItemAdd is called, new items are created in the application's default access group. Specifying this attribute in SecItemCopyMatching, SecItemUpdate, or SecItemDelete calls limits the search to the specified access group (of which the calling application must be a member to obtain matching results.) To share keychain items between multiple applications, each application must have a common group listed in its keychain-access-groups entitlement, and each must specify this shared access group name as the value for the kSecAttrAccessGroup key in the dictionary passed to SecItem functions.
For iOS please define a keychain access group in Xojo build settings. Then prefix it with your developer ID as you can see it in the generated entitlement file inside your app. Pass the prefixed string to our functions with kSecAttrAccessGroup key.
Some examples using this method:
KeychainManagerMBS.kSecAttrAccessible as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
You should choose the most restrictive option that meets your application's needs to allow the system to protect that item in the best way possible. See the kSecAttrAccessible* methods for a list of values which can be specified.
IMPORTANT: This attribute is currently not supported for OS X keychain items, unless the kSecAttrSynchronizable attribute is also present. If both attributes are specified on either OS X or iOS, the value for the kSecAttrAccessible key may only be one whose name does not end with "ThisDeviceOnly", as those cannot sync to another device.
Some examples using this method:
KeychainManagerMBS.kSecAttrAccessibleAfterFirstUnlock as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can only be accessed once the device has been unlocked after a restart. This is recommended for items that need to be accesible by background applications. Items with this attribute will migrate to a new device when using encrypted backups.
KeychainManagerMBS.kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can only be accessed once the device has been unlocked after a restart.
This is recommended for items that need to be accessible by background applications. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device these items will be missing.
Available on Mac OS X 10.9 and newer.
KeychainManagerMBS.kSecAttrAccessibleAlways as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can always be accessed regardless of the lock state of the device. This is not recommended for anything except system use. Items with this attribute will migrate to a new device when using encrypted backups.
Available on Mac OS X 10.9 and newer.
KeychainManagerMBS.kSecAttrAccessibleAlwaysThisDeviceOnly as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can always be accessed regardless of the lock state of the device. This option is not recommended for anything except system use. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing.
Available on Mac OS X 10.9 and newer.
KeychainManagerMBS.kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can only be accessed while the device is unlocked. This is recommended for items that only need to be accessible while the application is in the foreground and requires a passcode to be set on the device. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing. This attribute will not be available on devices without a passcode. Disabling the device passcode will cause all previously protected items to be deleted.
Available on Mac OS X 10.9 and newer.
KeychainManagerMBS.kSecAttrAccessibleWhenUnlocked as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can only be accessed while the device is unlocked. This is recommended for items that only need be accesible while the application is in the foreground. Items with this attribute will migrate to a new device when using encrypted backups.
Available on Mac OS X 10.9 and newer.
KeychainManagerMBS.kSecAttrAccessibleWhenUnlockedThisDeviceOnly as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 15.0 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Item data can only be accessed while the device is unlocked. This is recommended for items that only need be accesible while the application is in the foreground. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing.
Available on Mac OS X 10.9 and newer.
KeychainManagerMBS.kSecAttrAccount as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Account attribute key.
The corresponding value is of type String and contains an account name. Items of class kSecClassGenericPassword and kSecClassInternetPassword have this attribute.
Available in OS X v10.6 and later.
Some examples using this method:
KeychainManagerMBS.kSecAttrApplicationLabel as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Application label attribute key.
The corresponding value is of type String and contains a label for this item. This attribute is different from the kSecAttrLabel attribute, which is intended to be human-readable. This attribute is used to look up a key programmatically; in particular, for keys of class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of this attribute is the hash of the public key.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrApplicationTag as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Private tag attribute key.
The corresponding value is of type Memoryblock and contains private tag data.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationType as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Authentication type attribute key.
The corresponding value is of type integer and denotes the authentication scheme for this item (see "Authentication Type Values").
Available in OS X v10.6 and later.
Some examples using this method:
KeychainManagerMBS.kSecAttrAuthenticationTypeDefault as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
The default authentication type.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeDPA as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Distributed Password authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeHTMLForm as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
HTML form based authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeHTTPBasic as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
HTTP Basic authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeHTTPDigest as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
HTTP Digest Access authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeMSN as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Microsoft Network default authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeNTLM as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Windows NT LAN Manager authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrAuthenticationTypeRPA as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Remote Password authentication.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanDecrypt as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Decryption attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to decrypt data.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanDerive as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Derivation attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to derive another key.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanEncrypt as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Encryption attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to encrypt data.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanSign as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Signature attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to create a digital signature.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanUnwrap as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Unwrap attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to unwrap another key.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanVerify as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Signature verification attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to verify a digital signature.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCanWrap as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Wrap attribute key.
The corresponding value is of type Boolean and indicates whether this cryptographic key can be used to wrap another key.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCertificateEncoding as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Certificate encoding attribute key.
The corresponding value is of type integer and denotes the certificate encoding (see the CSSM_CERT_ENCODING enumeration in cssmtype.h). Items of class kSecClassCertificate have this attribute. Read only.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCertificateType as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Certificate type attribute key.
The corresponding value is of type integer and denotes the certificate type (see the CSSM_CERT_TYPE enumeration in cssmtype.h). Items of class kSecClassCertificate have this attribute. Read only.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrComment as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Comment attribute key.
The corresponding value is of type string and contains the user-editable comment for this item.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCreationDate as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Creation date key.
The corresponding value is of type date and represents the date the item was created. Read only.
Available in OS X v10.6 and later.
KeychainManagerMBS.kSecAttrCreator as string
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
method | Keychain | MBS MacClassic Plugin | 13.1 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
Creator attribute key.
The corresponding value is of type integer and represents the item's creator. This number is the unsigned integer representation of a four-character code (for example, 'aCrt').
Available in OS X v10.6 and later.
The items on this page are in the following plugins: MBS MacClassic Plugin.