5

I am trying to access keychain data set by an application from another application with the same identifier(same profile). I used this link to achieve this.

The saving of keychain data is happening properly, I get errSecSuccess for the below statment (both in simulator and device)

OSStatus status = SecItemAdd((CFDictionaryRef)dictionary, NULL);

So far so good, but when I am trying to fetch back the credentials that my app A saved in another app B it works differently in simulator and device.

In iOS simulator 6.1 I get status as '0' for the below statement.

 OSStatus status = SecItemCopyMatching((CFDictionaryRef)searchDictionary, &foundDict);

In any iOS device I get the status as '-25300'.

I know these are the error codes that are in the security framework:

//errSecSuccess                = 0,       /* No error. */
//errSecUnimplemented          = -4,      /* Function or operation not implemented. */
//errSecParam                  = -50,     /* One or more parameters passed to a function where not valid. */
//errSecAllocate               = -108,    /* Failed to allocate memory. */
//errSecNotAvailable           = -25291,  /* No keychain is available. You may need to restart your computer. */
//errSecDuplicateItem          = -25299,  /* The specified item already exists in the keychain. */
//errSecItemNotFound           = -25300,  /* The specified item could not be found in the keychain. */
//errSecInteractionNotAllowed  = -25308,  /* User interaction is not allowed. */
//errSecDecode                 = -26275,  /* Unable to decode the provided data. */
//errSecAuthFailed             = -25293,  /* The user name or passphrase you entered is not correct. */

and I get it the item is not found, but why different in device and simulator.

halfer
  • 19,824
  • 17
  • 99
  • 186
Satheesh
  • 10,998
  • 6
  • 50
  • 93
  • Hi I am facing issue using keychain access in app extension. On simulator it works but not on device. This is the raised question for the same: https://stackoverflow.com/questions/60126864/sharing-keychain-data-between-app-and-extension. Please look into this if possible, thanks. – Sharad Chauhan Feb 08 '20 at 14:11

1 Answers1

3

To my knowledge the Keychain groups you deal with in your application are not shared by default across other Apps on the system. If this were the case it would mean that if you managed to find the group of another App you could steal their private Keychain items invalidating the security that Keychain provides.

As a result, there is a concept knows as Keychain Access Groups that allows for the public definition of a keychain group that you would like to share across your Apps. The documentation states:

Enabling keychain sharing allows your app to share passwords in the keychain with other apps developed by your team

So be aware that you can only share keychain items with other applications from the same developer (i.e. your other Apps).

Daniel Galasko
  • 23,617
  • 8
  • 77
  • 97
  • To add to this answer. I ran into this same problem. In the simulator it doesn't appear that you need to setup the keychain access group. Just using the same group ID in the `kSecAttrAccessGroup` attribute is sufficient. This won't work on a real device, however. The entitlements must be setup properly for the keychain access group to work on the device. This bit me while testing where (shame on me) I hadn't tested on a real device and had a typo in the group name. – stuckj May 01 '19 at 19:25
  • @stuckj I am facing problem using keychain sharing. Can you please look at this question : https://stackoverflow.com/questions/60126864/sharing-keychain-data-between-app-and-extension – Sharad Chauhan Feb 08 '20 at 13:54