Developer --> Technical Publications

     


What is a Keychain?

A keychain is a secure, transparent database for multiple passwords, digital keys, and cryptographic certificates belonging to one owner. Note that the database is not restricted to being a file: it may be a network database, a smart card, or other storage media. Secure means that no one but the keychain's owner can access or modify the items contained in the keychain. Transparent authentication , or single sign-on , means that the user can access their passwords, keys, and certificates to all the applications and services attached to the keychain by entering one passphrase.

The user can open multiple keychains simultaneously and drag and drop items between keychains.

All keychains are locked at system startup and remains locked until the user enters the keychain passphrase to unlock the keychain. A locked keychain is inaccessible and cannot be accessed until it is unlocked by the keychain owner. Only at this time are the passwords and other keychain items contained in the keychain accessible to your application.

Users can create more than one keychain, but the first keychain a user creates is the default keychain . New items are always added to the default keychain. The user can change the default keychain by calling the function KCSetDefaultKeychain (page 42). When the Keychain Manager cannot find a default keychain, the Keychain Manager prompts the user to create one.

If there is no preference file for the default keychain in the InternetConfig application, the user is prompted to choose among the locked keychains. When an unspecified keychain is to be unlocked, the default keychain is automatically selected for the user. The user can modify the preference file of the default keychain using Keychain Access.


© 2000 Apple Computer, Inc. (Last Updated 20 July 2000)