Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to share keychain data between iOS applications

I am describing a problem for which it took me quite some time to learn the answer.

The "GenericKeychain" example is a good start at providing a wrapper for sharing keychain data between applications when using the accessGroup in the init.

However, implementing this in my app yielded an obscure error code (which took forever to locate) -25243, which means: No access control.

I ran Apple's example app (GenericKeychain) on my iPad only to get the same error. Huh?

Does Apple's documentation fail to deliver on what is necessary to accomplish this?

like image 625
GtotheB Avatar asked Nov 06 '10 23:11

GtotheB


People also ask

What is keychain sharing in iOS?

Sharing keychain items between multiple targets of the same app, or between different apps that belong to the same developer, relies on the concept of an access group — a collection of targets that all share a common keychain group.

What is app groups in iOS?

App groups allow multiple apps produced by a single development team to access shared containers and communicate using interprocess communication (IPC). Apps may belong to one or more app groups. Apps within an app group share access to a group container.

What is SecItemCopyMatching?

SecItemCopyMatching(_:_:) Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.

Is iOS keychain secure?

Everything stored in iCloud Keychain is secure—it's protected by industry-standard encryption. Your iCloud Keychain can't be set up on another Mac or iOS or iPadOS device unless you approve it.


2 Answers

After some (a lot of) digging throughout the web, I found the answer. The access Group that you use when constructing your KeychainItemWrapper class must ALSO be specified in each of your application's Entitlements.plist file in the "keychain-access-groups" section.

It seems almost obvious now that I see "keychain-access-groups". However, I had no idea to even look there. Hope this helps others.

like image 157
GtotheB Avatar answered Sep 19 '22 22:09

GtotheB


Actually it's not hard to do. Please follow the steps.

App1:

  1. Open your App's target Capabilities and enable KeyChain Sharing.
  2. Add a identifier. (eg : com.example.sharedaccess)
  3. Add "UICKeyChainStore" to your project.
  4. Be sure you have a team id added to your App1 project.
  5. Add Security.framework to your App1 project.
  6. And add these codes to somewhere you need.

    [UICKeyChainStore setString:@"someValue" forKey:@"someKey" service:@"someService"]; 

App2:

  • Open your App's target Capabilities and enable KeyChain Sharing.
  • Add a identifier. (eg : com.example.sharedaccess)
  • Add "UICKeyChainStore" to your project.
  • Be sure you have a team id added to your App2 project.
  • Add Security.framework to your App2 project.
  • And add these codes to somewhere you need.

    NSString *string = [UICKeyChainStore stringForKey:@"someKey" service:@"someService"]; 
  • Your TeamIDs should be same for both projects.

  • I tried these steps on a real iPhone device.
  • I also tried these steps with Automatic and iOs Development provisioning profile.
  • My apps' bundle identifiers were like that : com.example.app1, com.example.app2.
like image 20
alicanbatur Avatar answered Sep 23 '22 22:09

alicanbatur