开发者

Do not restore passwords inserted in iOS Keychain issue

I'm developing an application for an iPad2 that needs to write some items in Keychain but I don't want it replicates in every computer I plug, doing a backup/restore of the device. I'm using kSecAttrAccessible key to select the kind of accesibility I want with kSecAttrAccessibleWhenUnlockedThisDeviceOnly value to be sure that if I do a backup of all things that are in the device, the Keychain is not going to be present in that backup.

So I proceed in this way: I reset the Keychain, insert a item in Keychain and dump all the content of Keychain, so I see that the item is there. Then I do a backup of the iPad. I reset the Keychain and restore the backup so no key should be in the Keychain as long as the restore procedure doesn't deal with the Keychain. Next time I run the application, I dump the contents of the Keychain and the key is there, so it's not working as it should. I'm using iphone-lib (http://code.google.com/p/iphone-lib/) to dump and reset credentials in my iPad. My SDK version is 4.3.

The code I use to insert the item in the Keychain is the following:

NSMutableDictionary *dic = [NSM开发者_运维百科utableDictionary dictionary];
NSData* identifier = [@"mypassword" dataUsingEncoding: NSASCIIStringEncoding];
[dic setObject:(id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(id)kSecAttrAccessible];
[dic setObject:identifier forKey:(id)kSecAttrGeneric];
[dic setObject:@"myaccount" forKey:(id)kSecAttrAccount];
[dic setObject:@"myservice" forKey:(id)kSecAttrService];
[dic setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
[dic setObject:identifier forKey:(id)kSecValueData];
OSStatus error = SecItemAdd((CFDictionaryRef)dic, NULL);

Thank you!


There two cool examples (with working sample code) from Apple, that helped me to understand how keychain service works on iOS. I suggest you to look at them, and hope they will help you to resolve your issue:

  1. Generic Keychain : This sample shows how to add, query for, remove, and update a keychain item of generic class type. Also demonstrates the use of shared keychain items. All classes exhibit very similar behavior so the included examples will scale to the other classes of Keychain Item: Internet Password, Certificate, Key, and Identity.
  2. AdvancedURLConnections : This sample demonstrates various advanced networking techniques with NSURLConnection. Specifically, it demonstrates how to respond to authentication challenges, how to modify the default server trust evaluation (for example, to support a server with a self-signed certificate), and how to provide client identities.


kSecAttrAccessibleWhenUnlockedThisDeviceOnly maybe the reason.
Can you try something else?

eg. kSecAttrAccessibleWhenUnlocked

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜