| Protection Domain (pdmn) | Keychain Accessibility Values |
|---|---|
ck |
kSecAttrAccessibleAfterFirstUnlock |
cku |
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly |
dk |
kSecAttrAccessibleAlways |
akpu |
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly |
dku |
kSecAttrAccessibleAlwaysThisDeviceOnly |
ak |
kSecAttrAccessibleWhenUnlocked |
aku |
kSecAttrAccessibleWhenUnlockedThisDeviceOnly |
Source(s):
In the iOS keychain, all the keychain items are stored in 4 tables
| Table | kSecClass |
|---|---|
genp |
kSecClassGenericPassword |
inet |
kSecClassInternetPassword |
cert |
kSecClassCertificate |
key |
kSecClassKey |
kSecClassIdentity = kSecClassCertificate + kSecClassKey
Keychain tables column names mapped to the corresponding keychain item class attributes
| Column | Attribute | Description |
|---|---|---|
cdat |
kSecAttrCreationDate |
Item creation date in Unix epoch time format |
mdat |
kSecAttrModificationDate |
Item modification date in Unix epoch time format |
desc |
kSecAttrDescription |
User visible string that describes the item |
icmt |
kSecAttrComment |
User editable comment for the item |
crtr |
kSecAttrCreator |
Application created (4 char) code |
type |
kSecAttrType |
Item type |
scrp |
kSecAttrScriptCode |
String script code (such as encoding type) |
labl |
kSecAttrLabel |
Label to be displayed to the user (print name) |
alis |
kSecAttrAlias |
Item alias |
invi |
kSecAttrIsInvisible |
Invisible |
nega |
kSecAttrIsNegative |
Invalid item |
cusi |
kSecAttrHasCustomIcon |
Existence of application specific icon (Boolean) |
prot |
kSecProtectedDataItemAttr |
? Item’s data is protected (Boolean) |
acct |
kSecAttrAccount |
Account key (such as user id) |
svce |
kSecAttrService |
Service name (such as Application identifier) |
gena |
kSecAttrGeneric |
User defined attribute |
data |
kSecValueData |
Actual data (such as password, crypto key…) |
agrp |
kSecAttrAccessGroup |
Keychain access group |
pdmn |
kSecAttrAccessible |
Access restrictions (Data protection classes) |
Source(s):