Platforms to show: All Mac Windows Linux Cross-Platform
KeychainAccessControlMBS class
Type | Topic | Plugin | Version | macOS | Windows | Linux | iOS | Targets |
class | Keychain | MBS MacClassic Plugin | 18.5 | ✅ Yes | ❌ No | ❌ No | ✅ Yes | All |
This is an abstract class. You can't create an instance, but you can get one from various plugin functions.
- property Handle as Integer
- method Constructor Private
- 8 shared methods
- shared method CreateWithFlags(protection as String, Flags as Integer, byref error as Variant) as KeychainAccessControlMBS
- shared method kSecAttrAccessibleAfterFirstUnlock as String
- shared method kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly as String
- shared method kSecAttrAccessibleAlways as String
- shared method kSecAttrAccessibleAlwaysThisDeviceOnly as String
- shared method kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly as String
- shared method kSecAttrAccessibleWhenUnlocked as String
- shared method kSecAttrAccessibleWhenUnlockedThisDeviceOnly as String
- 10 constants
Control Flags
Constant | Value | Description |
---|---|---|
kSecAccessControlAnd | &h8000 |
Constraint logic operation: when using more than one constraint, all must be satisfied. |
kSecAccessControlApplicationPassword | &h80000000 |
Application provided password for data encryption key generation. This is not a constraint but additional item encryption mechanism. |
kSecAccessControlBiometryAny | 2 |
Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled. |
kSecAccessControlBiometryCurrentSet | 8 |
Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated. |
kSecAccessControlDevicePasscode | 16 |
Device passcode |
kSecAccessControlOr | &h4000 |
Constraint logic operation: when using more than one constraint, at least one of them must be satisfied. |
kSecAccessControlPrivateKeyUsage | &h40000000 |
Create access control for private key operations (i.e. sign operation) |
kSecAccessControlTouchIDAny | 2 |
Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled. |
kSecAccessControlTouchIDCurrentSet | 8 |
Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated. |
kSecAccessControlUserPresence | 1 |
User presence policy using biometry or Passcode. Biometry does not have to be available or enrolled. Item is still accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled. |
This class has no sub classes.
Blog Entries
- MonkeyBread Software Releases the MBS Xojo Plugins in version 18.5
- MBS Xojo Plugins, version 18.5pr5
Release notes
- Version 18.5
- Added KeychainAccessControlMBS class for using TouchID on MacOS to secure data.
The items on this page are in the following plugins: MBS MacClassic Plugin.
