How can I use a keychain item with access control ".userPresence" in a VPN Network extension

I am building a NEPacketTunnelProvider, and in its configuration I set a SecIdentity persistent reference. That reference is passed to the tunnel provider but when I try to use it there, I get an errSecInteractionNotAllowed error. The private key for that identity is protected by .userPresence. If I remove the protection, the network extension can access the identity and the private key.

Is there any way that a VPN network extension can use a keychain item protected by .userPresence?

Platform? And if it’s macOS, are you using appex or sysex packaging?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

That's on iOS.

How can I use a keychain item with access control ".userPresence" in a VPN Network extension
 
 
Q