Why am I getting errSecParam (-50) back from trying to save a key to keychain?

Question

I have the following code following this storing_keys_in_the_keychain.

func generateInitialKey() -> Data {
    let key = AES256.randomKey()
    let addQuery: Dictionary<String, Any> = [
        kSecClass as String: kSecClassKey,
        kSecAttrApplicationTag as String: applicationTag,
        kSecValueRef as String: key
    ]
    let status = SecItemAdd(addQuery as CFDictionary, nil)
    print(errSecParam, status)
    guard status == errSecSuccess else { fatalError("Can't save Key") }
    return key
}

The function AES256.randomKey() generates Data of 64 bytes. The applicationTag is Data too:

let applicationTag = "example".data(using: .utf8)!

However, I do end up receiving the errSecParam(-50) error. Can someone help me out?

score 1 · Accepted Answer · answered Apr 26 '19 at 15:14

Read the documentation carefully. errSecParam(-50) means one or more parameters passed to the function were not valid. The link leads you to the site where you can see the description of the status.

At a minimum, you specify the type and size of keys to create using the kSecAttrKeyType and kSecAttrKeySizeInBits parameters, respectively.

This will result in you having the next problem: there is no kSecAttrKeyTypeAES. This is already discussed and answered on the Apple developer forums. The advice there is to use kSecClassGenericPassword.

Why am I getting errSecParam (-50) back from trying to save a key to keychain?

1 Answers1