![]() There is only one database, and the securityd daemon determines which keychain items each process or app can access. The keychain is implemented as a SQLite database, stored on the file system. The secret key always requires a round trip through the Secure Enclave. The metadata key is protected by the Secure Enclave but is cached in the Application Processor to allow fast queries of the keychain. Keychain metadata (all attributes other than kSecValue) is encrypted with the metadata key to speed searches, and the secret value (kSecValueData) is encrypted with the secret key. Keychain items are encrypted using two different AES-256-GCM keys: a table key (metadata) and a per-row key (secret key).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |