Where does iOS-style-enabled keychain on MacOS stored?

Privacy & Security General
peterLeeMS OP
Created Apr ’21
Replies 3
Boosts 0
Views 718
Participants 2
I know that traditional ACL-style MacOS keychain objects are stored in login keychain.

When I enable kSecUseDataProtectionKeychain (I don't want to sync this to iCloud) & specify kSecAttrAccessGroup during keychain write through SecItemAdd, status returns errSecSuccess,
and I can retrieve this keychain object later on using SecItemCopyMatching.

However, I can't seem to find them in the keychain access - whether it be login keychain or system keychain.

where do these MacOS keychain items go when we enable iOS-style keychain sharing on them? I know that above attribute allows you to use iOS-style keychain without syncing to iCloud.


Thank you,
Peter
Replies  3
Boosts  0
Views  718
Participants  2
DTS Engineer OP
Apple
Apr ’21
To see to iOS-style keychain items in Keychain Access, select the iCloud item in the sidebar on the left (this will be called Local Items if iCloud Keychain is disabled).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
peterLeeMS OP
Apr ’21
Thanks, eskimo, but my understanding was that having kSecUseDataProtectionKeychain allows you to use iOS style keychain without being synced to the iCloud. would keychain items using this flag also appear on the iCloud section?
Just wanted to make sure I understood your response correctly.

Thanks,
Peter
0
DTS Engineer OP
Apple
Apr ’21

would keychain items using this flag also appear on the iCloud section?

Yes. I just tested this on a Mac here in my office (running 11.2.3). I put this code in a Mac app with the iOS-style keychain enabled:

Code Block  
let err = SecItemAdd([
    kSecClass: kSecClassGenericPassword,
    kSecUseDataProtectionKeychain: true,
    kSecAttrService: "Test678497",
    kSecAttrAccount: "mrgumby",
    kSecValueData: Data("opendoor".utf8),
] as NSDictionary, nil)


Running Keychain Access I see the Test678497 item under iCloud.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
Where does iOS-style-enabled keychain on MacOS stored?
First post date Last post date
 
 
Q