10

What is the usage of the kSecAttrIsPermanent attribute when using Apples libcommonCrypto.dylib on iOS?

Apples documentation says:

The corresponding value is of type CFBooleanRef and indicates whether this cryptographic key is to be stored permanently.

What is the reason not to store something permanently in the keychain and how long will it be stored then? (until reboot? until app is closed? until app is uninstalled?)

miho
  • 11,765
  • 7
  • 42
  • 85
  • Did you did some tries? Setting to NO, and watching if the data you stored still exist after the kill of the app? We can imagine that you want to store some secure data momentarily, and delete it after, which could be done once if you set the CFBooleanRef to no ? – Larme Feb 06 '14 at 13:57

1 Answers1

10

It's a parameter used within SecKeyGeneratePair when generating keys.

From the Certificate, Key, and Trust Services Reference

kSecAttrIsPermanent — If this key is present and has a Boolean value of true, the key or key pair is added to the default keychain.

In this context, if you provide this parameter and it is false, then you'll receive the keys in memory, but it won't be persisted to the keychain (on disk). It'll last for however long you keep a hold of it whilst the application is still running, unless you persist it yourself afterwards.

WDUK
  • 18,870
  • 3
  • 64
  • 72
  • Okay. It has been a bit confusing since the attributes are linked in docs for the save and load functions too. But your answer makes sense to me, thank you. – miho Feb 06 '14 at 18:09