Changing a Keychain's password with Security.framework

I'm able to create a custom keychian using:


OSStatus SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychain);


Once that keychain is created however, I want to be able to change the password used to unlock the keychain periodically. So far, I have not found the corresponding SecKeychain* method to do that.


The following command works in terminal "/usr/bin/security set-keychain-password ...." but how to in the Security framework?

Once that keychain is created however, I want to be able to change the password used to unlock the keychain periodically.

Looking at the source for the

security
tool, it seems to do this with
SecKeychainChangePassword
, which is not public API.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

SecKeychainChangePassword function is throwing error 100022 if the app is build with XCode 12. Any input on this?

Any input on this?

Three things:

  • If you get an obscure error from Security framework, the security tool has your back:

    % security error 100022
    Error: 0x000186B6 100022 UNIX[Invalid argument]
    
  • Regarding that specific error code, QA1499 Security Framework Error Codes explains that it maps to the BSD-level EINVAL. That’s good to know in general, but not helpful in this case )-:

  • Beyond that I can’t provide further help; SecKeychainChangePassword is not public API and thus outside of DTS’s remit.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Changing a Keychain's password with Security.framework
 
 
Q