Login/Register
How to share keychain data between iOS applications
Asked Answered
Solved iphoneipadios4sharedkeychain
P

2

55

I am describing a problem for which it took me quite some time to learn the answer.

The "GenericKeychain" example is a good start at providing a wrapper for sharing keychain data between applications when using the accessGroup in the init.

However, implementing this in my app yielded an obscure error code (which took forever to locate) -25243, which means: No access control.

I ran Apple's example app (GenericKeychain) on my iPad only to get the same error. Huh?

Does Apple's documentation fail to deliver on what is necessary to accomplish this?

Plod answered 6/11, 2010 at 23:36 Comment(6)
@GtotheB, nice answer! If you want, separate your answer from the question and post it as an "answer" to this question.Mathura
@GtotheB: What happened when you tried to post an answer? There might be a minimum reputation required, but if so, I wasn't aware of it. If that's the case, it'd be worth it to come back to this question and post an answer once you've earned more rep.Highbred
@GtotheB: Could you answer your own question now?Afterthought
Clicking "Answer" resulted in nothing. However, it does seem it was reputation-related. I had cleared all of my cookies and lost all of my previous rep, so I started from scratch it seems. Now the answer is separated. Cheers.Plod
Is it necessary for the apps to be uploaded to the app store for sharing data through keychain between the apps.How can we check this for our development purpose.Suburbanize
See shaune.com.au/ios-keychain-sharing-data-between-appsMelinamelinda
P
53

After some (a lot of) digging throughout the web, I found the answer. The access Group that you use when constructing your KeychainItemWrapper class must ALSO be specified in each of your application's Entitlements.plist file in the "keychain-access-groups" section.

It seems almost obvious now that I see "keychain-access-groups". However, I had no idea to even look there. Hope this helps others.

Plod answered 15/11, 2010 at 21:49 Comment(9)
I found the following link quite useful for giving more details. useyourloaf.com/blog/2010/04/03/keychain-group-access.htmlOvermatch
Be careful, in new XCode (4.5.2), there is a setting for keychain groups in app summary tab in settings. You can set the group name there, but smart XCode prepends $(AppIdentifierPrefix) but does not show it in the summary. You can see it in actual plist file and edit there. In short, if you are setting keychain group from summary page, do NOT write bundle seed ID, XCode adds it automatically. And hides it in the summary page, because it is, well, apple software.Implacable
I have a follow up question: Do your apps have the same bundle/developer seed ID? Or you just used the Entitlements.plist to share the data between keychain groups?Fazio
Is it possible to share keychain-access-groups with another company ? Let's say I create an app with and access group, but I want an app from another company to be able to share informations as well ?Oenomel
If anyone still has a problem with error -25243 and trying to share same keychain between several apps, what worked for me is to set the keychain seed id hardcoded in the entitlements plist file instead of $(AppIdentifierPrefix) being automatically appended by XCode [url=postimg.org/image/52m2p4aor/][img=http://s9.postimg.org/…Hibernia
Also, be sure to use the AppIdentifierPrefix in the accessGroup, if you just use the bundle identifier is won't work.Diction
Is it necessary for the apps to be uploaded to the app store for sharing data through keychain between the apps.How can we check this for our development purpose.Suburbanize
@Suburbanize Keychain is at the device level, so the app store is irrelevant. However, Apple has added the "Keychain Sharing" capability to projects since this topic was created, so you can review that on Apple's website.Plod
Just a note for those looking for keychain sharing between iOS and watchOS 2+. Keychain sharing is NOT available between the WatchKit extension (on watchOS 2+) and its companion iOS app, so you will need to use another way to transfer data between those devices, like the new WatchConnectivity framework. forums.developer.apple.com/thread/5938Basiliabasilian
S
14

Actually it's not hard to do. Please follow the steps.

App1:

  1. Open your App's target Capabilities and enable KeyChain Sharing.
  2. Add a identifier. (eg : com.example.sharedaccess)
  3. Add "UICKeyChainStore" to your project.
  4. Be sure you have a team id added to your App1 project.
  5. Add Security.framework to your App1 project.

  6. And add these codes to somewhere you need.

    [UICKeyChainStore setString:@"someValue" forKey:@"someKey" service:@"someService"];

App2:

  • Open your App's target Capabilities and enable KeyChain Sharing.
  • Add a identifier. (eg : com.example.sharedaccess)
  • Add "UICKeyChainStore" to your project.
  • Be sure you have a team id added to your App2 project.
  • Add Security.framework to your App2 project.

  • And add these codes to somewhere you need.

    NSString *string = [UICKeyChainStore stringForKey:@"someKey" service:@"someService"];

  • Your TeamIDs should be same for both projects.

  • I tried these steps on a real iPhone device.
  • I also tried these steps with Automatic and iOs Development provisioning profile.
  • My apps' bundle identifiers were like that : com.example.app1, com.example.app2.
Scape answered 8/5, 2015 at 6:11 Comment(4)
Note that "As you can see we are not specifying the accessGroup. By default it will pick the first access-group specified in your Entitlements.plist when writing and will search across all access-groups when none is specified."Melinamelinda
@alicanbatur, great ! One thing to notice, above process didn't work if "service" was not specified.Valma
you save me alot @alicabatur. Thanks.Maomaoism
not work for my I did same steps but [UICKeyChainStore stringForKey:@"someKey" service:@"someService"] return nilReshape

© 2022 - 2024 — McMap. All rights reserved.