Keychain Query Always Returns errSecItemNotFound After Upgrading to iOS 13

I've had a similar issue where I was getting errSecItemNotFound with any Keychain-related action but only on a simulator. On real device it was perfect, I've tested with latest Xcodes (beta, GM, stable) on different simulators and the ones that were giving me a hard time were iOS 13 ones.

The problem was that I was using kSecClassKey in query attribute kSecClass, but without the 'required' values (see what classes go with which values here) for generating a primary key:

  • kSecAttrApplicationLabel
  • kSecAttrApplicationTag
  • kSecAttrKeyType
  • kSecAttrKeySizeInBits
  • kSecAttrEffectiveKeySize

And what helped was to pick kSecClassGenericPassword for kSecClass and provide the 'required' values for generating a primary key:

  • kSecAttrAccount
  • kSecAttrService

See here on more about kSecClass types and what other attributes should go with them.

I came to this conclusion by starting a new iOS 13 project and copying over the Keychain wrapper that was used in our app, as expected that did not work so I've found this lovely guide on using keychain here and tried out their wrapper which no surprise worked, and then went line by line comparing my implementation with theirs.

This issue already reported in radar: http://openradar.appspot.com/7251207

Hope this helps.


After half a day of experimentation I discovered that using a pretty basic instance of kSecClassGenericPassword I had the problem on both the simulator and real hardware. After having a read over of the docs I noticed that kSecAttrSynchronizable has a kSecAttrSynchronizableAny. To accept any value for any other attribute, you simply don't include it in the query. That's a clue.

I found that when I included kSecAttrSynchronizable set to kSecAttrSynchronizableAny the queries all worked. Of course I could also set it to either kCFBooleanTrue (or *False) if I actually do want to filter on that value.

Given that attribute everything seems to work as expected for me. Hopefully this will save some other people a half day of mucking around with test code.

Tags:

Ios

Keychain

Ios13

Security Framework

Related

SwiftUI: Putting multiple BindableObjects into Environment What is the difference between Java intrinsic and native methods? Equivalence of slicing tensor in Pytorch/ATen C++ Why is this NuGet dependency missing when compiling .NET Framework project depending on .NET Standard? How to fix (node:12388) [DEP0066] DeprecationWarning: OutgoingMessage.prototype._headers is deprecated in windows How to fix "Call requires API level 26 (current min is 25) " error in Android Duplicated classes found in modules classes.jar Using list.count to sort a list in-place using .sort() does not work. Why? Why does a pipe remove the branch names from git log? Fill NAs in R with zero if the next valid data point is more than 2 intervals away Why is C++ initial allocation so much larger than C's? VBA: Workaround To Emulate AddressOf Operator In A Class Module

Recent Posts