Keychain Services的文档非常不完整,每当我尝试使用SecItem*()函数时,总是会收到没有帮助的错误信息。目前,我正在尝试删除我之前添加到钥匙串中的一个身份标识:
// Identity ref is a persistent reference to the identity I want to delete.
NSData *identityRef = ...
NSDictionary *query = @{ (id)kSecClass: (id)kSecClassIdentity,
(id)kSecValuePersistentRef: identityRef };
OSStatus status = SecItemDelete((CFDictionaryRef)query);
// Fails with errSecParam (-50) under iOS 6
// Fails with errSecNotAvailable (-25291) under iOS 7
然而,据我所知,各种安全项目类别所需的(和建议的)参数似乎没有任何文件记录。为了成功地使用钥匙串中的身份标识,我应该指定什么?
编辑
我也尝试使用文档中记录的 kSecMatchItemList
:
NSDictionary *query = @{ (id)kSecClass: (id)kSecClassIdentity,
(id)kSecMatchItemList: @[identityRef] };
OSStatus status = SecItemDelete((CFDictionaryRef)query);
// Fails with errSecParam (-50)
我也尝试了从这个SO问题中提供的建议主键:
NSDictionary *attrs = nil;
NSDictionary *attrsQuery = @{ (id)kSecClass: (id)kSecClassIdentity,
(id)kSecValuePersistentRef: identityRef };
SecItemCopyMatching(attrsQuery, (CFTypeRef *)&attrs);
NSDictionary *query = @{ (id)kSecClass: (id)kSecClassIdentity,
(id)kSecAttrCertificateType: attrs[(id)kSecAttrCertificateType],
(id)kSecAttrIssuer: attrs[(id)kSecAttrIssuer],
(id)kSecAttrSerialNumber: attrs[(id)kSecAttrSerialNumber],
(id)kSecAttrApplicationLabel: attrs[(id)kSecAttrApplicationLabel],
(id)kSecAttrApplicationTag: attrs[(id)kSecAttrApplicationTag],
(id)kSecAttrKeyType: attrs[(id)kSecAttrKeyType],
(id)kSecAttrKeySizeInBits: attrs[(id)kSecAttrKeySizeInBits],
(id)kSecAttrEffectiveKeySize: attrs[(id)kSecAttrEffectiveKeySize] };
OSStatus status = SecItemDelete(query);
// Still fails with errSecParam (-50)
kSecValueRef
指定多个值。我已尝试按链接帖子所述指定kSecAttrCertificateType
、kSecAttrIssuer
、kSecAttrSerialNumber
、kSecAttrApplicationLabel
、kSecAttrApplicationTag
、kSecAttrKeyType
、kSecAttrKeySizeInBits
和kSecAttrEffectiveKeySize
,但仍然收到errSecParam
错误。 - Greg