HI,
I have a daemon which has created the symmetric encryption/decryption key in the keychain and added some dependant apps and itself to the ACL. I am trying to verify the ACL of this key later in the code but it fails.
Looking up the key in keychain:
let getquery: [String: Any] = [kSecClass as String: kSecClassKey,
kSecAttrApplicationLabel as String: keychainApplicationLabel,
kSecAttrKeyType as String: kSecAttrKeyTypeAES,
kSecReturnRef as String: true]
var item: CFTypeRef?
let status = SecItemCopyMatching(getquery as CFDictionary, &item)
let key = item as! SecKey
To get the ACL of this key:
let keychainItem = item as! SecKeychainItem
var secAccess : SecAccess?
var status = SecKeychainItemCopyAccess(keychainItem, &secAccess)
guard status == errSecSuccess, secAccess != nil else {
DLog(message: "Could not get SecAccess : \(SecCopyErrorMessageString(status, nil)! as String)")
return false
}
var aclList : CFArray?
status = SecAccessCopyACLList(secAccess!, &aclList)
if status == errSecSuccess, aclList != nil {
DLog(message: "Could not get ACLList : \(SecCopyErrorMessageString(status, nil)! as String)")
return false
}
As per documentation of "SecKey", "A
SecKey
instance that represents a key that is stored in a keychain can be safely cast to a SecKeychainItem
for manipulation as a keychain item."But in our case "item as! SecKeychainItem" crashes even when "item" is looked up successfully in the keychain.
Any suggestions how to achieve this?
Thanks.