Retrieving stored passwords from keychain fails outside XCode

Question

I am storing generic passwords in the keychain following Apple's example code in the "Keychain Services Programming Guide".

Everything works fine as long as I am running the App in Debug mode from Xcode. However when I archive and export the app, it will still store passwords (visible in Keychain Access) but is not able to retrieve them.

The keychain constantly returns errSecAuthFailed (-25293). This occurs on Mountain Lion but not on Snow Leopard. My App is code signed and sandboxed. To me it seems that when retrieving the password, keychain does not recognize the App as the same one that stored the password, because when I set the password to be accessible by any application it also works well.

I use the following code:

+ (NSString*) retrievePasswordFromKeychainWithKey: (NSString*) theKey {    
    SecKeychainUnlock(NULL, 0, NULL, FALSE);
    const char* userNameUTF8 = [NSUserName() UTF8String];
    uint32_t userNameLength = (uint32_t)strlen(userNameUTF8);
    uint32_t serviceNameLength = (uint32_t)strlen([theKey UTF8String]);

    uint32_t pwLength = 0; 
    void* pwBuffer = nil; 
    SecKeychainItemRef itemRef = nil;
    OSStatus status1 = SecKeychainFindGenericPassword (NULL, serviceNameLength,  serviceNameUTF8, userNameLength, userNameUTF8, &pwLength, &pwBuffer, &itemRef);

    if (status1 == noErr) {
        NSData* pwData = [NSData dataWithBytes:pwBuffer length:pwLength];
        SecKeychainItemFreeContent (NULL,     //No attribute data to release
                                    pwBuffer    //Release data buffer allocated by SecKeychainFindGenericPassword
                                    );
        return [NSString stringWithCString:[pwData bytes] encoding:NSUTF8StringEncoding];
    }
    //status1 is always -25293
    return nil;   
}

Answer 1

OK, I just learnt that this is an open bug in Mac OS 10.8.0. Apps signed with a Developer ID cannot access data from the keychain. I hope this will be fixed in 10.8.1...

A workaround is not to sign the App with your Developer ID. (I have also read that Apps built under Lion are not affected by this bug, but I could not test this, yet)