SecItemAdd results in 34018

Code Signing Entitlements
Chandra Sekhar M
Chandra Sekhar M OP
Created Dec ’22
Replies 2
Boosts 0
Views 804
Participants 2

SecItemAdd() with kSecAttrAccessControl set to SecAccessControlCreateWithFlags(nil,kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,userPresence, nil) results in 34018.

As of now, this App has NO entitlements and NO provisioning profiles set, and has been working good with KeyChain operations across Catalina to Ventura.Issue started when we brought in biometric support to the existing App with additional kSecAttrAccessControl attribute as detailed in https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id.

1.Please note, keychain entires operated by this App should be exclusive to it (need not be shared to another App), so, KeyChain sharing entitlement shouldn't be an option to consider?

2.The App is signed by a Developer ID Application: certificate.

Please let me know if you need any logs.

Replies  2
Boosts  0
Views  804
Participants  2
Chandra Sekhar M
Chandra Sekhar M OP
Dec ’22

Build Env: Monterey 12.6, Xcode 14.1. Output from codesign:

chandra@MacBookPro2019 Nix % codesign -d -vvv --entitlements /Applications/XXXXXxxxxx.app/Contents/MacOS/XXXXXxxxxx   Executable=/Applications/XXXXXxxxxx.app/Contents/MacOS/XXXXXxxxxx Identifier=com.xxxxxx.xxxxXXXXX Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=32518 flags=0x10000(runtime) hashes=1005+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=305a0269cc061ccab23a57dab753d7eb771fc82f CandidateCDHashFull sha256=305a0269cc061ccab23a57dab753d7eb771fc82f1ae43d03f5ae75ee0f1dfe03 Hash choices=sha256 CMSDigest=305a0269cc061ccab23a57dab753d7eb771fc82f1ae43d03f5ae75ee0f1dfe03 CMSDigestType=2 CDHash=305a0269cc061ccab23a57dab753d7eb771fc82f Signature size=8999 Authority=Developer ID Application: XXXXXxxxxx (XXXXXxxxxx) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=11-Dec-2022 at 11:14:12 PM Info.plist entries=30 TeamIdentifier=XXXXXXXX Runtime Version=13.0.0 Sealed Resources=none Internal requirements count=1 size=220 [Dict]

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
Dec ’22

Securing an item with a SecAccessControl attribute requires that the item be stored in the data protection keychain. It looks like your app isn’t signed with the entitlements need to use the keychain implementation. See TN3127 Inside Code Signing: Requirements for a lot more background on this issue.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
SecItemAdd results in 34018
First post date Last post date
 
 
Q