Changing a Keychain's password with Security.framework

Question

halcyon-ike OP

Created Jul ’15

Replies 3

Boosts 0

Views 1.1k

Participants 3

I'm able to create a custom keychian using:

OSStatus SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychain);

Once that keychain is created however, I want to be able to change the password used to unlock the keychain periodically. So far, I have not found the corresponding SecKeychain* method to do that.

The following command works in terminal "/usr/bin/security set-keychain-password ...." but how to in the Security framework?

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’15

Once that keychain is created however, I want to be able to change the password used to unlock the keychain periodically.

Looking at the source for the

security

tool, it seems to do this with

SecKeychainChangePassword

, which is not public API.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

skappdevloper OP

Nov ’21

SecKeychainChangePassword function is throwing error 100022 if the app is build with XCode 12. Any input on this?

0

Answer 3

DTS Engineer OP

Apple

Nov ’21

Any input on this?

Three things:

If you get an obscure error from Security framework, the security tool has your back:
```
% security error 100022
Error: 0x000186B6 100022 UNIX[Invalid argument]
```
Regarding that specific error code, QA1499 Security Framework Error Codes explains that it maps to the BSD-level EINVAL. That’s good to know in general, but not helpful in this case )-:
Beyond that I can’t provide further help; SecKeychainChangePassword is not public API and thus outside of DTS’s remit.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0