Skip to content
This repository has been archived by the owner on Aug 24, 2019. It is now read-only.

How to change accessibilityType for keychain entires that have already been created? #185

Open
pdxchance opened this issue Nov 17, 2017 · 1 comment
Open

How to change accessibilityType for keychain entires that have already been created? #185

pdxchance opened this issue Nov 17, 2017 · 1 comment

Comments

@pdxchance
Copy link

Initially created keychain entries with the default setting which from my understanding is when device is unlocked. This has caused access problems reading from the keychain when the device is locked. We've now changed that to access always by setting this SAMKeychain.setAccessibilityType(_:) . However, what we are wondering is there a way to update the accessibilityType for existing keychain entry on users device that were initially created with a different accessibility type?

Thanks in advance.
@danielpetroianu
Copy link

danielpetroianu commented Nov 23, 2018
edited
Loading

For whoever ends up in this situation, and to validate this solution, i did as follows:

pseudocode

var desiredAccessibilityType = ...

if SAMKeychain.accessibilityType == desiredAccessibilityType {
    // allready upgrated to the desiredAccessibilityType, nothing to do
    return
}

// 1. check if we have something set in keychain

var query = SAMKeychainQuery()
query.service = ...
query.accessGroup = ...

query.fetchAll(&error1)
if error1 == errSecItemNotFound {
    // Keychain is empty, nothing to do. Settings the desired AccessibilityType
    SAMKeychain.setAccessibilityType(desiredAccessibilityType);
    return
}
if error1 == errSecInteractionNotAllowed {
    // could not access keychain, aborting, call all this code later, maybe on UIApplicationProtectedDataDidBecomeAvailable
    return
}

// 2. check if we need to migrate the keychain values

var currentSavedValues = // get current saved values from keychain


SAMKeychain.setAccessibilityType(desiredAccessibilityType)

query.fetchAll(&error2)
if error2 == nil {
    // All keys have the desired AccessibilityType, nothing to do.
    return
}

if error2 == errSecItemNotFound {
    // No values found with the desired AccessibilityType need to update
    var query = SAMKeychainQuery() 
    ... // set the values from 'currentSavedValues'
    query.save(&saveError) // save internally, sets `kSecAttrAccessible` and calls `SecItemUpdate` 
   // you are done
}
// nothing to do

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielpetroianu @pdxchance