Reject LA if new fingerprint added

Something I entirely overlooked in the release nots for iOS 9 is


[quote]A new Touch ID constraint that invalidates keychain items when a fingerprint is added or removed.[/quote]


Can someone point me to where and how to use this? I'm probably just failing to search the documentation properly, but I can't find out how to set such constraints.

Accepted Reply

This thread has been deleted

Thank you, KMT. That pointed me to what I needed. It appears that this is documented (only?) in SecAccessControl.h


kSecAccessControlTouchIDCurrentSet      CF_ENUM_AVAILABLE(NA, 9_0)    = 1 << 3,   // Constraint: Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated.

Replies