Hi,
I'm developing an app that saved some passwords in login keychain. There is a requirement that we need to provide an IT tool to help management. One of the IT tool feature is regenerate the app keychain passwords of ALL users.
The IT tool is designed to run as root, so permission is not a problem. I studied keychain API and found this is most likely one:
OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef _Nullable *keychain);
But it is deprecated from 10.10. The app is designed to on macOS 11 - 14.
What is the proper way to access login keychain of all users as root? Thanks.
But it is deprecated from 10.10.
That API is deprecated because the whole concept of file-based keychain is effectively deprecated. The future of keychains on the Mac is the data protection keychain. See TN3137 On Mac keychain APIs and implementations for more background on this.
Given that, it’s fine to use SecKeychainOpen
for your current task. It’ll continue to work for any file-based keychains.
However, this speaks to a larger problem, namely that this won’t work for your user’s data protection keychain. There is no API to manipulate another user’s data protection keychain and, honestly, I think it’s unlikely that we’ll add one. In the long term you’ll have to explore an alternative approach to this overall task.
How do you achieve this goal on iOS?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"