9 Replies
      Latest reply: Dec 4, 2016 2:11 PM by eskimo RSS
      ashisha Level 1 Level 1 (0 points)

        I am trying to implement KeyChain sharing in my iOS app to share passwords between different iOS applications. I am using the library `UICKeyChainStore` for this purpose.

         

        I have added the same line of code in 2 places - inside applicationDidFinishLaunching and inside my ViewController. It works inside the AppDelegate but does not work inside the ViewController

         

        AppDelegate.m (this works)

         

            self.keychainStore = [UICKeyChainStore keyChainStoreWithService:@"PasswordService" accessGroup:@"group_name"];

            self.keychainStore[@"password"] = @"abcd1234";

            NSLog(@"%@", self.keychainStore[@"password"]);

         

         

        Inside my ViewController's ViewDidLoad method, the same code simply prints (null) in the console.

         

         

            AppDelegate *appDelegate = (AppDelegate *)[[UIApplication sharedApplication] delegate];

            appDelegate.keychainStore[@"p2"] = @"1234";

            NSLog(@"%@", appDelegate.keychainStore[@"p2"]);

         

         

        When I dug deeper into the library, the error message getting thrown is:


        Error Domain=com.kishikawakatsumi.uickeychainstore Code=-34018 "Security error has occurred." UserInfo=0x174e76540 {NSLocalizedDescription=Security error has occurred.}

        • Re: KeyChainStore returns 34018 error
          eskimo Apple Staff Apple Staff (7,505 points)

          Error -34018 is not publicly documented but it translates to errSecMissingEntitlement.  There are two causes of this error:

          • build-time entitlement problems

          • a hard-to-reproduce runtime bug

          The second problem is covered by a long-running thread elsewhere on DevForums.  However, it sounds like you're hitting this problem every time, in which case you have a build-time problem.  Run the following command over the app binary to confirm that it's built with the entitlements you're expecting.

          $ codesign -d --entitlements :- /path/to/your.app
          

          Share and Enjoy

          Quinn "The Eskimo!"
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: KeyChainStore returns 34018 error
              omarojo Level 1 Level 1 (0 points)

              so I run the command.

              1. $ codesign -d --entitlements :- /path/to/your.app

              and what? What is that useful for? how do I know I have the right entitlements, the my entitlements need special configuration so that KeyChain works? I dont understand.

                • Re: KeyChainStore returns 34018 error
                  Noami Level 1 Level 1 (0 points)

                  There is no way to solve this as its an Apple bug.

                  The only way is killing the app, cleaning your device memory (by closing other apps from background) and restarting the app again.

                  There is no future resolution for this bug.

                    • Re: KeyChainStore returns 34018 error
                      eskimo Apple Staff Apple Staff (7,505 points)

                      There is no way to solve this as its an Apple bug.

                      It’s more subtle than that.  There are actually two potential causes of this problem:

                      • If the problem is 100% reproducible, it’s likely that your entitlements are set up incorrectly.

                      • If your app works most of the time but you see this error on occasion, you’re hitting this OS bug.

                      Share and Enjoy

                      Quinn "The Eskimo!"
                      Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                      let myEmail = "eskimo" + "1" + "@apple.com"

                  • Re: KeyChainStore returns 34018 error
                    davidcc Level 1 Level 1 (0 points)

                    "However, it sounds like you're hitting this problem every time, in which case you have a build-time problem.  Run the following command over the app binary to confirm that it's built with the entitlements you're expecting."

                     

                    $ codesign -d --entitlements :- /path/to/your.app
                    
                    
                    
                    

                     

                    What IS the entitlement we should see in the Provisioning Profile and Entitlement plist to put this -34108 error away?

                     

                    I used your command line above and

                     

                    security cms -D -i /path/to/installed/.mobileprovision
                    
                    
                    
                    

                     

                    yet am not sure what I'm looking for.  (they are quite lengthy)  I am assuming they are the

                     

                    <key>keychain-access-groups</key>   (profile)
                    

                     

                    <key>com.apple.security.application-groups</key>   (plist)
                    
                    
                      • Re: KeyChainStore returns 34018 error
                        eskimo Apple Staff Apple Staff (7,505 points)

                        IMPORTANT Before looking into -34018 errors, make sure you read my Error -34018 errSecMissingEntitlement pinned post.

                        What IS the entitlement we should see in the Provisioning Profile and Entitlement plist …?

                        Ooo, you’re in luck, I just posted about this.

                        Share and Enjoy

                        Quinn “The Eskimo!”
                        Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                        let myEmail = "eskimo" + "1" + "@apple.com"

                          • Re: KeyChainStore returns 34018 error
                            davidcc Level 1 Level 1 (0 points)
                                Ooo, you’re in luck, I just posted about this.

                             

                            Thank you Quinn.  That post helped me to notice in the provisioning profile:

                             

                            <key>Entitlements</key>
                                <dict>
                                    <key>keychain-access-groups</key>
                                    <array>
                                        <string>NKRQBLSUY2.*</string>
                                    </array>
                            ....
                            
                            
                            
                            

                             

                            Is the value for keychain-access-groups correct or should the string match the value in the provisioning profile?   Which looks like:


                            <key>keychain-access-groups</key>
                            <array>
                                  <string>NKRQBLSUY2.com.theCompany.theAppName.apps.shared</string>
                            </array>