While I can help you with the keychain API itself, I’m not familiar with KeychainItemWrapper so you’ll have to dig into that code to understand how it’s using the various SecItem calls.
In my experience the most common mistake made by folks dealing with the SecItem API is that they fail to understand which attributes contribute to uniqueness within a particular keychain item class. You can find that info in this old DevForums post.
IMPORTANT That post was created before
kSecAttrSynchronizable
existed; it should be included in all of those lists.
This is particularly tricky because some SecItem APIs take a query (
SecItemCopyMatching
,
SecItemDelete
), some take an attribute set (
SecItemAdd
), and some take both (
SecItemUpdate
). If you take the attribute set you intend to pass to
SecItemAdd
and pass it as a query to
SecItemCopyMatching
, you can get very confused.
You might want to read the following posts, where I dug into two examples of this confusion:
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"