0 Replies
      Latest reply: Jan 17, 2017 7:10 AM by eskimo RSS
      eskimo Apple Staff Apple Staff (7,005 points)

        I can never remember which key attributes perform which function, so I’ve created a summary and I’m posting it here for the benefit of Future Quinn™ (and possibly others :-).


        • kSecAttrLabel ('labl')

          • CFString

          • Is not a component of key uniqueness

          • kSecKeyPrintName (1) in the legacy keychain on macOS

          • This is the user-visible description of the key; this is not particularly useful on iOS but super handy on macOS because it shows up in the Name column in Keychain Access

        • kSecAttrApplicationLabel ('klbl')

          • CFData (but may be CFString containing UUID)

          • Is a component of key uniqueness

          • kSecKeyLabel (6) in the legacy keychain on macOS

          • Not user visible

          • For asymmetric keys this holds the public key hash which allows digital identity formation (to form a digital identity, this value must match the kSecAttrPublicKeyHash ('pkhh') value in the certificate)

        • kSecAttrApplicationTag ('atag')

          • CFData

          • Is a component of key uniqueness

          • kSecKeyApplicationTag (7) in the legacy keychain on macOS

          • On macOS this shows up in the Comments field in the info window in Keychain Access (accessed via File > Get Info)

          • The content of this is entirely up to the app

        Share and Enjoy

        Quinn “The Eskimo!”
        Apple Developer Relations, Developer Technical Support, Core OS/Hardware
        let myEmail = "eskimo" + "1" + "@apple.com"