Loosing keychain entries on upgrade to iOS 11

Our app has an encryption key that is saved in the keychain, which goes missing after the device is upgraded to iOS 11 resulting in user login issues.


Some of the attributes that are used while writing to the keychain are as follows:


NSMutableDictionary * = [[NSMutableDictionary alloc] init];
    [symmetricKeyAttr setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
    [symmetricKeyAttr setObject:self.applicationTag forKey:(__bridge id)kSecAttrApplicationTag];
    [symmetricKeyAttr setObject:[NSNumber numberWithUnsignedInt:CSSM_ALGID_AES] forKey:(__bridge id)kSecAttrKeyType];
    [symmetricKeyAttr setObject:[NSNumber numberWithUnsignedInt:(unsigned int)(kCCKeySizeAES256 << 3)] forKey:(__bridge id)kSecAttrKeySizeInBits];
    [symmetricKeyAttr setObject:[NSNumber numberWithUnsignedInt:(unsigned int)(kCCKeySizeAES256 << 3)]    forKey:(__bridge id)kSecAttrEffectiveKeySize];
    [symmetricKeyAttr setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecAttrCanEncrypt];
    [symmetricKeyAttr setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecAttrCanDecrypt];
    [symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanDerive];
    [symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanSign];
    [symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanVerify];
    [symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanWrap];
    [symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanUnwrap];
  
    [symmetricKeyAttr setObject:(__bridge id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(__bridge id)kSecAttrAccessible];

These attributes haven't been changed in a few years and we never had problems during any prior upgrades. I am curious if there is something that changed in iOS 11 which effected us.

Appreciate any help.


Thanks!

Replies

Could you please file a bug report about this at <https://developer.apple.com/bug-reporting> and post the bug number here?


Thanks,

--gc

Did you ever get to the bottom of this? I am also seeing some users having to re login to our applications following an iOS 11 upgrade

We're also seeing this, and was able to confirm - if the app is installed and creates the keychain key in iOS 10, then we upgrade to iOS 12, the public key is no longer readable and hence our app is no longer usable.

Fortunately the private key is still prevent and the public key can be extracted from it with a different API, but it doesn't help existing users.