是否可以更新kSecAttrAccessibleKeychain中现有项的属性值?项目被添加到钥匙串后似乎无法更改.以下步骤支持我的假设.
将新项添加到钥匙串:
NSData *encodedIdentifier = [@"BUNDLE_IDENTIFIER"
dataUsingEncoding:NSUTF8StringEncoding];
NSData *encodedPassword = [@"PASSWORD"
dataUsingEncoding:NSUTF8StringEncoding];
// Construct a Keychain item
NSDictionary *keychainItem =
[NSDictionary dictionaryWithObjectsAndKeys:
kSecClassGenericPassword, kSecClass,
encodedIdentifier, kSecAttrGeneric,
encodedIdentifier, kSecAttrService,
@"USERNAME", kSecAttrAccount,
kSecAttrAccessibleWhenUnlocked, kSecAttrAccessible,
encodedPassword, kSecValueData
nil];
// Add item to Keychain
OSStatus addItemStatus = SecItemAdd((CFDictionaryRef)keychainItem, NULL);
在稍后的时间,该属性改变kSecAttrAccessible从kSecAttrAccessibleWhenUnlocked到kSecAttrAccessibleAfterFirstUnlock:
NSData *encodedIdentifier = [@"BUNDLE_IDENTIFIER"
dataUsingEncoding:NSUTF8StringEncoding];
NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
kSecClassGenericPassword, kSecClass,
encodedIdentifier, kSecAttrGeneric,
encodedIdentifier, kSecAttrService,
nil];
NSDictionary *updatedAttributes =
[NSDictionary dictionaryWithObject:kSecAttrAccessibleAfterFirstUnlock
forKey:kSecAttrAccessible];
OSStatus updateItemStatus = …在iOS上,Certificate,Key和Trust Services API包含以下填充类型:
kSecPaddingNonekSecPaddingPKCS1kSecPaddingPKCS1MD2kSecPaddingPKCS1MD5kSecPaddingPKCS1SHA1在对用户苹果CDSA邮件列表中称,"kSecPaddingPKCS1 [...]是一样的PKCS#1 1.5".证书,密钥和信任服务参考注释后三种填充类型(kSecPaddingPKCS1MD2,kSecPaddingPKCS1MD5和kSecPaddingPKCS1SAH),"标准ASN.1填充将完成,以及底层RSA操作的PKCS1填充".
kSecPaddingPKCS1?kSecPaddingPKCS1仅仅根据RFC 3447的基本RSA运算的原料填充?SecKeyRawSign(),开发人员是否需要自己使用kSecPaddingPKCS1并执行ASN.1填充?是否需要ASN.1填充或是否可以省略?任何暗示我指向正确方向的提示都受到高度赞赏.