As is, if a manual backup is made, without a password, an attacker can access the encrypted Keychain Items, and with some degree of effort, decrypt them.
Adding support for the kSecAttrAccessible key would allow to better restrict when a "keychain item is accessible."
Values you use with the kSecAttrAccessible attribute key.
let kSecAttrAccessibleAfterFirstUnlock: CFString
The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
let kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly: CFString
The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
let kSecAttrAccessibleAlways: CFString
The data in the keychain item can always be accessed regardless of whether the device is locked.
let kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly: CFString
The data in the keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
let kSecAttrAccessibleAlwaysThisDeviceOnly: CFString
The data in the keychain item can always be accessed regardless of whether the device is locked.
let kSecAttrAccessibleWhenUnlocked: CFString
The data in the keychain item can be accessed only while the device is unlocked by the user.
let kSecAttrAccessibleWhenUnlockedThisDeviceOnly: CFString
The data in the keychain item can be accessed only while the device is unlocked by the user.
As is, if a manual backup is made, without a password, an attacker can access the encrypted Keychain Items, and with some degree of effort, decrypt them.
Adding support for the kSecAttrAccessible key would allow to better restrict when a "keychain item is accessible."
Values you use with the kSecAttrAccessible attribute key.
Source: Item Attribute Keys and Values
Is it possible to add support for this?
Thank you.