search

kishikawakatsumi / KeychainAccess

Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
MIT License
7.95k stars 789 forks source link

Fix macOS Access Groups #538

Open rivera-ernesto opened 2 years ago

rivera-ernesto commented 2 years ago

When using Access Groups on macOS kSecUseDataProtectionKeychain needs to be set to true:

https://developer.apple.com/documentation/security/ksecusedataprotectionkeychain

Set the value for this key to true in the query dictionary when accessing a macOS keychain item that behaves like an iOS keychain item. For example, use the data protection key when adding, searching for, or deleting an item to which the kSecAttrAccessible or kSecAttrAccessGroup attributes apply.

The data protection key affects operations only in macOS. Other platforms automatically behave as if the key is set to true, and ignore the key in the query dictionary. You can safely use the key on all platforms.

Tip It’s highly recommended that you set the value of this key to true for all keychain operations. This key helps to improve the portability of your code across platforms. Use it unless you specifically need access to items previously stored in a legacy keychain in macOS.

This pull request is a first fix for issues #438, #491 and #535

rivera-ernesto commented 2 years ago

There may be other places that also require setting UseDataProtectionKeychain to true

rivera-ernesto commented 1 year ago

unapproved

Could you elaborate? 🙃

kishikawakatsumi commented 1 year ago

@rivera-ernesto That comment was written by an unrelated person. Please ignore it.