2.4.0

Enhancements

• Compile-time checks for EC and RSA keys conversions from SecKeyCopyExternalRepresentation to SecKeyConvertible
• Improves type-checking for SecItemQuery

Compatibility

• Replaces SecKeyConvertible's property var secKeyDescriptor: SecKeyDescriptor with static var keyDescriptor: SecKeyDescriptor

2.3.0

Enhancements

• Adds capability to retrieve RSA keys (#2)

2.2.1

Enhancements

• Fixes warnings that were related to not marking some types as Sendable

2.2.0

Enhancements

• Retrieve items using reference or persistent reference:

if case let .reference(secKey) = try keychain.retrieve(.reference, matching: SecValue<SecKey>.persistentReference(data)) {
    // handle result
}

• Remove items using reference or persistent reference:

try keychain.remove(matching: .reference(secKey))

• Improves type-safety for SecValue. It now returns SecKey/SecCertificate/SecIdentity instead of AnyObject.
• Improves documentation
• Deprecates attributes related to legacy file-based keychain from OS X

Compatibility

• Moves PKCS #12 from keychain.import() to PKCS12.import()

2.1.1

Enhancements

• Supports public key storage for Elliptic Curves algorithms from CryptoKit
• Supports private and public key storage for RSA algorithms

Compatibility

• Renames .privateKey(for:) query to .key(for:)
• Renames Identity to DigitalIdentity
• Removes KeyType.symmetric as not supported type for SecKey storage. On Cryptographic Key Formats
• Removes PRFHmacAlg as it is deprecated since macOS 12.0 and not longer supported

2.0.1

Fixes

• Removes build warnings

Enhancements

• Updates README

2.0.0

Enhancements

• Significantly improves functionality for X.509 certificates and identities
• Enables compatibility with swift-certificates library for storage/retrieval of X509.Certificate
• Improves overall documentation
• Returns data / reference / persistent reference on storage:

if case let .persistentReference(data) = try keychain.store(
    privateKey,
    returning: .persistentReference,
    query: .privateKey(for: "Alice"))
{
    // Handle persistent reference
} 

Compatibility

• APIs are mostly backwards compatible with all previous releases in the 1.x.y series
• Renames .privateKey(tag:) to .privateKey(for:)
• Deprecates .credential(for:service) in favor of .credential(for:space:). Replace deprecation with:

var query = SecItemQuery<GenericPassword>()
query.account = account
query.service = service

1.4.0

• Retrieves persistent reference after storing SecDataConvertible:

if case let .persistentReference(data) = try keychain.store(
    "8e9c0a7f",
    returning: .persistentReference, 
    query: .credential(for: "VPN")
) {
    // Handle persistent reference
}

• Improves Error Handling:

do {
    let token: String? = try keychain.store("8e9c0a7f", query: .credential(for: "OpenAI"))
} catch {
    switch error as? SwiftSecurityError {
    case .duplicateItem:
        // handle duplicate
    default:
        // unhandled
    }
}

1.3.0

• Store and retrieve private keys from CryptoKit with keychain.store(key, query: .privateKey(tag: "Alice"))
• Retrieve persistent reference via keychain.retrieve(.persistentReference, query: .credential(for: "VPN"))
• Retrieve all items matching query keychain.retrieveAll([.data, .reference], query: ...)

1.2.1

• Fix of itemKeyID, certChain accessors for PKCS12.SecImportItem
• New destinations for TestHost: watchOS, visionOS (Designed for iPad), Mac (Mac Catalyst)
• Refactoring within internal implementation
• Updated documentation