All geek questions in one place

Adding key sharing to a production application that already has users

We have an iOS app that has been released. IDE - XCode6. I want to add key sharing to access the session id that exists in the application from the iOS 8 sharing extension.

The problem is that when key sharing is used, a session identifier already exists.

Access to it is possible when disabling key exchange.

This dictionary is passed to SecItemCopyMatching, which always returns -25300 (not found) when key exchange is enabled, regardless of what β€œKeychain Groups” is:

[0] (null) @"svce" : @"SESSION_ID_KEY" [1] (null) @"r_Data" : @"1" [2] (null) @"m_Limit" : @"m_LimitOne" [3] (null) @"class" : @"genp" [4] (null) @"acct" : @"SESSION_ID_KEY" [5] (null) @"pdmn" : @"ck"

Any idea why key access might not work? I tried installing kSecAttrAccessGroup with the prefix and package name, and it still did not work on the simulator.

+6
source share
2 answers

Hope I got your reply and generosity :)

I had the same problem initially, and I came across this message, and I know that you mentioned that you tried to use the prefix and package name. But let him do a sanity check.

In MyApp.entitlements and MyApp Extension.entitlements , I have Keychain Access Groups to $(AppIdentifierPrefix)com.company.MyApp (this is the default value).

I turned to the value for ABCD1234 (aka AppIdentifierPrefix value) using this SO answer fooobar.com/questions/63651 / ... , however hard coded may not be the best practice here, so consider considering this solution as fooobar.com/questions/ 63654 / ...

Then, notice that in my application, everything I added to make my current code work is as follows: [keychainItem setObject:@"ABCD1234.com.company.MyApp" forKey:(__bridge id)kSecAttrAccessGroup]; before updating the item, and now I can access the keychain element in my extension for sharing.

+7
source

I had a similar problem when implementing interaction between applications in iOS 7 a couple of months ago. I found this remark in an example Apple GenericKeyChain example :

  // Apps that are built for the simulator aren't signed, so there no keychain access group // for the simulator to check. This means that all apps can see all keychain items when run // on the simulator. // // If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the // simulator will return -25243 (errSecNoAccessForItem).

So, if you are testing a simulator, you need to remove "kSecAttrAccessGroup".

On the device, it must work with this key.

+1
source

Source: https://habr.com/ru/post/976804/

More articles:


All Articles