Hi, We are trying to use Apple Security API for KeyChain Services. The motive is to store some sensitive data in the KeyChain. Our app has Network extensions enabled which share a common app group and we want to access the data stored in the KeyChain from the extensions as well. Specifically we were exploring the SecItemAdd, SecItemCopyMatching etc family of APIs. We tried a few methods:
- Using the common App Group : Specifying the common app group in the "kSecAttrAccessGroup" field of the KeyChain query, allowed us to have a shared keychains for different apps (targets) in the app group, but this did not work for extensions
- Enabling the KeyChain Sharing capability : We enabled the KeyChain Sharing Ability in the extensions and the app target as well, giving a common KeyChain Access group. Specifying this in the kSecAttrAccessGroup field also did not work.
- We tried specifying "$AppIdentifier.KeyChainSharingGroup" in the kSecAttrAccessGroup field , but this did not work as well
The error code which we get in all these 3 cases when trying to access the Keychain from the extension is error code 25291 (errSecNotAvailable). The Documentation says this error comes when "No Trust Results are available" and printing the error in xcode using the status says "No keychain is available. You may need to restart your computer".
The online Documentation says that it is possible to share keychain with extensions, but by far we are unable to do it with the methods suggested.
- Do we need any special entitlement for this or is there something we are missing while using these APIs?
- If this is possible Is there any internal/open source wrapper for Keychain APIs, that we can use?
We will really appreciate help in solving this issue!
Thanks!