Keychain access in Background

App & System Services Notifications
eldarfromastana OP
Created Feb ’21
Replies 1
Boosts 0
Views 2.3k
Participants 2
Hi Folks.
Bit help needed guys.

We have app, which stores device ids (identifierForVendor) inside Keychain.
We added some logic, handling background 'silent' pushes, working in background mode.
But yesterday i faced issue with getting access to Keychain when app is in background (was awaken up from background 'silent' push).
I found the solution, which tells to write values to Keychain with 'always' (or 'afterFirstUnlock') flag for 'kSecAttrAccessible' attribute.

So, the question is:
1) Should i rewrite all necessary values with this option for making them available in background?
2) Or i can i just read necessary value with option ''always"("afterFirstUnlock")?
Replies  1
Boosts  0
Views  2.3k
Participants  2
DTS Engineer OP
Apple
Feb ’21
Option 1. The kSecAttrAccessible value is set when you create the keychain item. If you didn’t specify a value then, you’ll get the default. Setting the value on the query operation (SecItemCopyMatching) will just restrict the query to finding items that have the value set that way. If you’re unable to read the value because the device is locked, you’ll still be unable to read the value.

The reason for this is that iOS forgets the key required to access these values when the user locks the device. It is cryptographically impossible to access them. See Apple Platform Security for a technical explanation of this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
Keychain access in Background
First post date Last post date
 
 
Q