Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SecItemAdd always returns error -34018 in Xcode 8 in iOS 10 simulator

Update: This issue has been fixed in Xcode 8.2. Keychain works in the simulator without enabling keychain sharing.

Why am I always receiving error -34018 when calling SecItemAdd function in Xcode 8 / iOS 10 simulator?

Steps to Reproduce

Create a new Single page iOS app project in Xcode 8. Run the following code in viewDidLoad (or open this Xcode project).

let itemKey = "My key"
let itemValue = "My secretive bee 🐝"

// Remove from Keychain
// ----------------

let queryDelete: [String: AnyObject] = [
  kSecClass as String: kSecClassGenericPassword,
  kSecAttrAccount as String: itemKey as AnyObject
]

let resultCodeDelete = SecItemDelete(queryDelete as CFDictionary)

if resultCodeDelete != noErr {
  print("Error deleting from Keychain: \(resultCodeDelete)")
}


// Add to keychain
// ----------------

guard let valueData = itemValue.data(using: String.Encoding.utf8) else {
  print("🐣🐣🐣🐣🐣🐣🐣🐣🐣🐣 Error saving text to Keychain")
  return
}

let queryAdd: [String: AnyObject] = [
  kSecClass as String: kSecClassGenericPassword,
  kSecAttrAccount as String: itemKey as AnyObject,
  kSecValueData as String: valueData as AnyObject,
  kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlocked
]

let resultCode = SecItemAdd(queryAdd as CFDictionary, nil)

if resultCode != noErr {
  print("🐝🐝🐝🐝🐝🐝🐝🐝🐝 Error saving to Keychain: \(resultCode).")
} else {
  print("πŸ€πŸ€πŸ€πŸ€πŸ€πŸ€πŸ€πŸ€πŸ€ Saved to keychain successfully.")
}

Expected Results

Item is added to Keychain.

Actual Results

Function SecItemAdd returns the following error code: -34018.

Version

Xcode version 8.1 (8B62), macOS Sierra 10.12.1.

Configuration

Always occurs in Xcode 8 since Beta 2 when testing in an iOS 10 simulator.

Does NOT occur in Xcode 8 when testing in an iOS 9.3 simulator.

Demo

https://dl.dropboxusercontent.com/u/11143285/2016/07/KeychainBugDemo.zip

References

Radar: https://openradar.appspot.com/27422249

Apple Developer Forums: https://forums.developer.apple.com/message/179846

This issue is different from the following post because it occurs consistently in Xcode 8. SecItemAdd and SecItemCopyMatching returns error code -34018 (errSecMissingEntitlement)

like image 293
Evgenii Avatar asked Jul 19 '16 10:07

Evgenii


4 Answers

I was able to work around this in my app by adding Keychain Access Groups to the Entitlements file. I turned on the Keychain Sharing switch in the Capabilities section in your test app, and it is working for me as well.

Screenshot of turning on the switch

Item to add to entitlements:

<key>keychain-access-groups</key>
<array>
    <string>$(AppIdentifierPrefix)com.evgenii.KeychainBugDemo</string>
</array>

I have only tried this on macOS Sierra (10.12), so I'm not sure if it will work for you on 10.11.5.

like image 77
Deyton Avatar answered Nov 08 '22 20:11

Deyton


In Xcode 8.1 GM Release Notes Apple acknowledged the problem and suggested a cleaner workaround:

Keychain APIs may fail to work in the Simulator if your entitlements file doesn’t contain a value for the application-identifier entitlement. (28338972) Workaround: Add a user-defined build setting to your target named ENTITLEMENTS_REQUIRED and set the value to YES. This will cause Xcode to automatically insert an application-identifier entitlement when building.

Note that from what I have tried, it only works in Xcode 8.1. Although the text can mislead you into a build setting, what you need to do is add this to your Environment Variables, in your scheme.

enter image description here

Xcode 8.2 will solve this:

Resolved in Xcode 8.2 beta - IDE Keychain APIs work correctly in Simulator. (28338972)

like image 41
Tiago Almeida Avatar answered Nov 08 '22 20:11

Tiago Almeida


This can happen if you have a test target that does not have a host app. To fix

  1. add a dummy host app : enter image description here

  2. Enable automatic code signing and add a team :

enter image description here

  1. Enable keychain sharing in capabilities

enter image description here

like image 12
Mustafa Avatar answered Nov 08 '22 22:11

Mustafa


I got an error while signing with email, creating a new user or with sign out using firebase.

The error was:

firauth error domain code 17995

I turned on the Keychain Sharing switch in the Capabilities section in your test app, and it is working for me as well.

like image 5
kavita patel Avatar answered Nov 08 '22 20:11

kavita patel