SecItemCopyMatching returns notFound (-25300) on app upgrade

Hi,

I am working on a large upgrade to my Mac app and when the user has setup to authenticate via TouchID in the shipping version and then runs my upgrade, SecItemCopyMatching returns not found instead of displaying the Touch ID authentication view. I'm using the exact same code to retrieve the users password which is:

NSDictionary *query = @{ (id)kSecClass: (id)kSecClassGenericPassword, (id)kSecAttrService:@"sameKeychainStringAsBefore", (id)kSecReturnData:@YES,         (id)kSecUseOperationPrompt: @"my message", }; CFTypeRef dataTypeRef = NULL; OSStatus status = SecItemCopyMatching((CFDictionaryRef)(query), &dataTypeRef);

Since it's the same code to retrieve it in the old and new app, it would appear that the system doesn't think it's the same app. However, I can retrieve other keychain items from the new app so it appears to be signed properly.

In addition, I have a different build of this app that uses a different bundle ID (same app but for testing purposes) and it is able to retrieve the password using the test app's kSecAttrService identifier so it's almost as if the system thinks it's the other app even though the bundle id is different.

The bottom line is what is the keychain api using about the app (other than bundle ID) to determine if it should have access? Thanks! //Ray

So I somewhat have figured out my situation. In the new release, I added keychain sharing and added a new identifier in the Keychain Groups in the Keychain Sharing entitlements. This appears to remove access from the keychain item that was stored using my bundle ID. According to the documentation, it says that using keychain sharing would still allow access to my private keychain. However, if I don't put my app's bundle ID in the Keychain Groups entitlement, the app can't see it. Since the apps that I need to share the keychain with are just smaller apps within my bundle and only need access to one keychain item, I think the solution is to just have my bundle ID in Keychain Groups and use that as the shared ID. I do want the upgraded app and it's new components to have access to the previously stored keychain item as well.

SecItemCopyMatching returns notFound (-25300) on app upgrade
 
 
Q