I have an iOS app that stores a database encryption key in the iOS KeyChain. The problem I have is that when an iCloud restore is done to a new phone the app cannot find that KeyChain entry. Can anyone help with what exactly is neccessary to have KeyChain entries available on another device after an iCloud restore?
- I have confirmed that the devices have the KeyChain entry enabled in iCloud settings, so the KeyChain is included in the backup.
- When the KeyChain entry is created the
kSecAttrAccessible attribute of- Restoring from iCloud on the same device where the key was created works, but not different devices.
- My SecRecord is using a type of GenericPassword
- I am using Xamarin/Mono for this implementation.
Using both my app and a demo app, the only way I was able to make the KeyChain entry accessible on another device was to also set kSecAttrSynchronizable to true in both the KeyChain entry and in the query that searches for it.
I also tried using kSecAttrSynchronizableAny = true for the query to find the entries, but that didn't appear to work. I wanted to use this because I'll need to find KeyChain entries from before and after I used Synchronizable = true to deal with app versions that are already on customer devices.
I haven't found clear documentation yet that indicates definitively that you must use Synchronizable = true and kSecAttrAccessible for a KeyChain entry to restore to a new device.
Any help would be greatly appreciated.
