Keychain #

On Apple systems (MacOS, iOS, iPadOS), keychains are used to securely store, access and manage passwords, security certificates, private keys, passkeys, and secure notes. On MacOS there are severals Keychains. There is only one keychain in iOS. This keychain is protected by the Secure Enclave, and it’s designed to be stored in iCloud.

Unlike MacOS file-based keychains, the Secure Enclave protecting the keychain , allows it to be protected by biometrics (Touch ID, Face ID).

Keychain items #

User’s entries, such as password or cryptographic keys stored in the keychains, are called items. In addition with the data itself, the item contains publicly visible attributes to control item’s accessibility and to make it searchable.

As shown in this figure from Apple Documentation, keychain services handles the data encryption and the on disk storage.

Apple API #

The main API function to communicate with the keychain are :