ios_keychain_test
Validate private key storage patterns with iOS Keychain to test encryption and secure data handling for Lightning wallet development.
Instructions
Validate private key storage patterns with iOS Keychain
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| keyType | Yes | Type of key to test | seed |
| testValue | No | Test value to store (will be encrypted) |
Implementation Reference
- src/tools/iosKeychainTest.ts:25-60 (handler)The execute function implementing the core tool logic: generates test value, calls iosService.testKeychain, formats response with success status, Swift code example, and security recommendations.execute: async (args: any): Promise<ToolResult> => { try { const testValue = args.testValue || `test_${args.keyType}_${Date.now()}`; const result = await iosService.testKeychain(args.keyType, testValue); return { content: [{ type: 'text', text: JSON.stringify({ success: result.success, message: result.message, swiftExample: result.swiftCode, keyType: args.keyType, recommendations: [ 'Use kSecAttrAccessibleWhenUnlockedThisDeviceOnly for maximum security', 'Enable biometric protection for sensitive operations', 'Implement secure key deletion on app uninstall', 'Use unique identifiers for each key type', 'Consider using Secure Enclave for key generation' ] }, null, 2) }] }; } catch (error) { return { content: [{ type: 'text', text: JSON.stringify({ success: false, error: error instanceof Error ? error.message : 'Unknown error' }, null, 2) }], isError: true }; } }
- src/tools/iosKeychainTest.ts:9-24 (schema)Input schema defining parameters: keyType (required enum: seed/privateKey/channelSecrets) and optional testValue.inputSchema: { type: 'object', properties: { keyType: { type: 'string', enum: ['seed', 'privateKey', 'channelSecrets'], description: 'Type of key to test', default: 'seed' }, testValue: { type: 'string', description: 'Test value to store (will be encrypted)' } }, required: ['keyType'] },
- src/index.ts:18-18 (registration)Import of the keychainTestTool from its implementation file.import { keychainTestTool } from './tools/iosKeychainTest.js';
- src/index.ts:44-44 (registration)Registration of the tool by inclusion in the central tools array used by the MCP server.keychainTestTool,
- src/services/iosService.ts:4-57 (helper)Supporting method in IOSService that simulates keychain operations by returning Swift code examples for secure storage/retrieval using SecItemAdd/Delete/CopyMatching with high security attributes.async testKeychain(key: string, value: string): Promise<{ success: boolean; message: string; swiftCode: string; }> { const swiftCode = ` import Security import Foundation func saveToKeychain(key: String, value: Data) -> Bool { let query: [String: Any] = [ kSecClass as String: kSecClassGenericPassword, kSecAttrAccount as String: key, kSecValueData as String: value, kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly ] // Delete any existing item SecItemDelete(query as CFDictionary) // Add new item let status = SecItemAdd(query as CFDictionary, nil) return status == errSecSuccess } func loadFromKeychain(key: String) -> Data? { let query: [String: Any] = [ kSecClass as String: kSecClassGenericPassword, kSecAttrAccount as String: key, kSecReturnData as String: true, kSecMatchLimit as String: kSecMatchLimitOne ] var result: AnyObject? let status = SecItemCopyMatching(query as CFDictionary, &result) if status == errSecSuccess { return result as? Data } return nil } // Example usage with LDK seed let seedKey = "ldk_node_seed" let seed = Data(/* 32 bytes of entropy */) let saved = saveToKeychain(key: seedKey, value: seed) print("Seed saved: \\(saved)")`.trim(); return { success: true, message: `Keychain test for key '${key}' completed successfully`, swiftCode }; }