securityd_system

executablemacOS1011.4 KBx86_64, arm64

Secure Enclave and cryptographic key manager — handles hardware-backed encryption operations

Manages cryptographic operations using hardware security features including the Secure Enclave and device key bag. Reads and uses keychain encryption keys for protecting sensitive data, with direct hardware driver communication to access secure storage. Implements security framework extensions for code signing and certificate operations. Submits diagnostic reports about its operations through Apple's symptom reporting framework. Exposes 18 XPC services for system components to request cryptographic operations and key management, with protocol buffer serialization for inter-process communication.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 1011.4 KB
UUID: C98378A8-C584-3986-BE00-3F3C206C2911
Analyzed: 2026-04-09T10:03:23Z
CDHash: 80913854f0c3cbf5599374204bc7529bce3066caccf9e54bb88763731235da51

Capabilities

KeychainRead and use keychain encryption keys

com.apple.keystore.access-keychain-keys [object Object]

KeychainHardware key storage (Secure Enclave)

/System/Library/PrivateFrameworks/AppleKeyStore.framework/Versions/A/AppleKeyStore

KeychainDevice key bag (encryption keys)

/System/Library/PrivateFrameworks/MobileKeyBag.framework/Versions/A/MobileKeyBag

StoragePrivate storage area access

com.apple.private.security.storage.Keychains [object Object]

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

IpcProtocol buffer serialization

/System/Library/PrivateFrameworks/ProtocolBuffer.framework/Versions/A/ProtocolBuffer

AnalyticsSubmit symptom diagnostic reports

com.apple.symptom_diagnostics.report [object Object]

AnalyticsSymptom/diagnostic reporting framework

/System/Library/PrivateFrameworks/SymptomDiagnosticReporter.framework/Versions/A/SymptomDiagnosticReporter

SecuritySecurity framework extensions

/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks16

ProtocolBuffer SecurityFoundation CrashReporterSupport UserManagement AppleKeyStore MobileKeyBag SymptomDiagnosticReporter(weak)libicucore.A.dylib login Security IOKit libsqlite3.dylib Foundation libobjc.A.dylib libSystem.B.dylib CoreFoundation

Entitlements11

application-identifier com.apple.securityd.system

com.apple.application-identifier com.apple.securityd.system

com.apple.keystore.access-keychain-keystrue

com.apple.keystore.lockassertiontrue

com.apple.mkb.usersession.infotrue

com.apple.private.MobileGestalt.AllowedProtectedKeys

com.apple.private.applecredentialmanager.allowtrue

com.apple.private.security.storage.Keychainstrue

com.apple.private.sqlite.sqlite-encryptiontrue

com.apple.private.xpc.launchd.ios-system-sessiontrue

com.apple.symptom_diagnostics.reporttrue

Interesting Strings

Bundle IDs(110)

com.apple.application-identifier com.apple.keystore.lockassertion $com.apple.symptom_diagnostics.report 'com.apple.keystore.access-keychain-keys *com.apple.private.sqlite.sqlite-encryption

File Paths(23)

*com.apple.private.sqlite.sqlite-encryption /AppleInternal/Library/BuildRoots/4~B_wCugD1GT6JPDmhh1RrUK5pccLqhjehz9nqD_o/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager_ClientLibs/ACMLib/ACMLib.c /AppleInternal/Library/BuildRoots/4~B_wCugD1GT6JPDmhh1RrUK5pccLqhjehz9nqD_o/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager_ClientLibs/common/LibCall.c /Library/Keychains/TrustStore.sqlite3 /Library/Keychains/caissuercache.sqlite3

telemetry(3)

$com.apple.symptom_diagnostics.report <key>com.apple.symptom_diagnostics.report</key>NetworkingAnalyticsReport

URLs & Endpoints(6)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0 push.apple.com

Network Surface

Networking Frameworks

CoreFoundation Foundation SecurityFoundation

Endpoints(9)

HostnameSecurity-61901.40.77

Hostnamepush.apple.com

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

3

Network

0

Storage

1

Hardware

1

IPC

1

Analytics

2

Security

2

System

0

Behavioral Profile

URL Endpoints

6

Telemetry Strings

3

File Paths

23

Bundle IDs

110

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code4ef57b01ace5b24d983c481f9a5a9499168ed149afcfdfea5dd50f5fd2eff9c0

Imports4f96e7632349bd0f7c59817329fe27b9a6d96f113868207f704ee4d4717514f5

Frameworksdd0d19f93a3400d2895fa234c28d48ac7a7200f7940b507d399d190a0529e8ce

Classes023ecd73916ea7777b8764175e6f66bd22e333399550c8ac117e594a68836e39

Entitlements98595a63f3827d39a188e89add259248f22cc1e9cfd11711e921c1ede7184ef0

Symbols717426e94c63e9b20bfb7dc9c5eaa991bff372551d39b4bdd233ee774fe75a5a

Static Libraries0 / 1052 functions identified

Functions(1052)

0x100001340sub_100001340

0x100001350sub_100001350

0x10000135csub_10000135c

0x100001384+[KCSharingStubXPCListenerDelegate sharedInstance]

0x1000013c8sub_1000013c8

0x100001420-[KCSharingStubXPCListenerDelegate init]

0x1000014a8-[KCSharingStubXPCListenerDelegate listener:shouldAcceptNewConnection:]

0x1000014b0-[KCSharingStubXPCListenerDelegate .cxx_destruct]

0x1000014bcsub_1000014bc

0x10000150csub_10000150c

0x100001580sub_100001580

0x1000015d4sub_1000015d4

0x100001604sub_100001604

0x10000160csub_10000160c

0x100001614sub_100001614

0x100001650sub_100001650

0x10000168csub_10000168c

0x10000169csub_10000169c

0x100001760sub_100001760

0x100001840sub_100001840

Imports578 symbols from 15 dylibs

libSystem.B.dylib166 CoreFoundation148 Security126 libsqlite3.dylib34 libobjc.A.dylib32

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

bluetoothaudiod

securityuploadd

peakpowermanagerd

gamecontrolleragentd