iPhone writing to KeyChain none standard error

StackOverflow https://stackoverflow.com/questions/2370357

  •  24-09-2019
  •  | 
  •  

Question

I'm trying to write an entry to the keychain, but it fails with a return code of -25243, the documentation only lists the "common" error codes and points you in the direction of "The Open Group" for help. I've downloaded the document but haven't got a clue where to look, the document is over 1000 pages long and just appears to list a load of #define.

Can anyone help?

Was it helpful?

Solution 2

OK, the problem appeared to be that I was trying to store a value in kSecAttrAccessGroup, changed it to kSecAttrDescription and all is well

OTHER TIPS

There are some reasons why you could be seeing this error when running on a device. Both cases I have seen happen when attempting to store a value to the keychain using an access group.

  • Entitlements are not enabled
  • Entitlements ARE enabled, but the access group does not exist

To make sure you have all of these things set up properly:

  1. Select your app target in Xcode
  2. Select the Summary tab
  3. In the Entitlements section, verify that the Enable Entitlements checkbox is checked.
  4. Verify that Keychain Access Groups includes the group you are attempting to write to.

A little late but it's worth answering properly. This error occurs when attempting to use an access group with the keychain from the simulator.

Note this snippet from the GenericKeychain example.

#if TARGET_IPHONE_SIMULATOR
        // Ignore the access group if running on the iPhone simulator.
        // 
        // Apps that are built for the simulator aren't signed, so there's no keychain access group
        // for the simulator to check. This means that all apps can see all keychain items when run
        // on the simulator.
        //
        // If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
        // simulator will return -25243 (errSecNoAccessForItem).
#else           
        [genericPasswordQuery setObject:accessGroup forKey:(id)kSecAttrAccessGroup];
#endif

I ran into this issue recently, it turned out to be that I have multiple developer accounts and Xcode chose the "wrong" Developer Certificate to sign my debug build with. This certificate didn't belong to the same Developer as the App Id, so the app didn't have access to that Keychain group anymore.

Once I forced the code signing to use the right Developer Cert then the error went away.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top