Access sharing model with keychain item created by Secure Enclave on MacOS

Question

Created May ’21

Replies 2

Boosts 0

Participants 2

Hi,
I can't find any document about the access sharing model of keychain items created by the Secure Enclave (follow this article: Storing Keys in the Secure Enclave )
My testing shows that it follows the iOS keychain sharing model (Sharing model on iOS) for both iOS and MacOS.
Can anyone confirm that theory is correct?
Thank you.

Boost

Answer 1

DTS Engineer OP

Apple

May ’21

Accepted Answer

Can anyone confirm that theory is correct?

That’s basically correct. macOS supports two types of keychain, the traditional file-based keychain and the modern iOS-style keychain. Secure Enclave protected keys only work in the iOS-style keychain and, when you use the iOS-style keychain on macOS, you get iOS-style access control (keychain access groups and so on).

The only gotcha relates the doc you referenced. It lists three ways to make a keychain access group available to your app. These all work on the Mac except for App Groups. App Groups work very differently on the Mac and, because of this, they can’t be used as keychain access groups.

There is, I believe, an exception to this exception, namely Mac Catalyst, where App Groups work just like they do on iOS, starting with… oh gosh, I’m being vague here… but I think that changed with macOS 11.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 2

hieund910 OP

May ’21

Thank you @eskimo for your confirmation!

0