Simple Objective-C wrapper for the keychain that works on Mac and iOS

How can i get the evernote Token from an user with iOS SDK?

I'm trying to get the user token after the authentication succeeded with the

ENCredentials *credential = [[ENCredentials alloc] init];
NSLog(@"%@", credential.authenticationToken);

and i got this error

Error getting password from keychain: Error Domain=com. samsoffes.ENSSKeychain Code=-1001 "ENSSKeychainErrorBadArguments" UserInfo={NSLocalizedDescription=ENSSKeychainErrorBadArguments

anybody got this error yet? thanks

Source: (StackOverflow)

How to save CFUUID in keychain

I'm developing an iPhone application.
The application access some web service that aboug other things should recognize the device ID.

Since UDID is deprecated, I need to call CFUUIDCreate to generate my own UUID for this purpose.

The ID is security-sensitive: all my network communication is encrypted, and I don't want nobody but my certificate-authenticated server to know that UUID.
Besides, I want this identifier to survive re-install.
Using the keychain to store that UUID seems like an obvious solution.

How do I do that?

On the internets, there're some samples how to store user name & password in keychain. I have neither user nor password, just 16 bytes UUID (or a single NSString).

Which kSecClass do I need to use?
Which attributes do I need to set and retrieve?
Which attributes are optional and which are mandatory?

What header/framework defines the CSSM_ALGORITHMS?
The doc mentions cssmtype.h, xcode autocompletion has <Security/cssmtype.h> however the xcode compiler says "file not found".

From the common sense, "Identity" should fit best. The docs however say "an identity is the combination of a private key and a certificate", I have neither of them. Also, I don't see the "key bytes" attribute.

Thanks in advance!

Source: (StackOverflow)


SSKeyChain access group

I'm trying to figure out how to use SSKeyChain with KeyChain access groups (a cann't find any method to work with). For example, I add some records to KeyChain:

[SSKeychain setPassword:@"1111111" forService:@"MyDemoApp" account:@"access_token-1"];
[SSKeychain setPassword:@"22222222" forService:@"MyDemoApp" account:@"access_token-2"];
[SSKeychain setPassword:@"3333333" forService:@"MyDemoApp" account:@"access_token-3"];

after executing (NSLog(@"%@",[SSKeychain allAccounts]);) I see:

    acct = "access_token-1";
    agrp = test;
    cdat = "2015-11-24 14:45:30 +0000";
    mdat = "2015-11-24 14:45:30 +0000";
    pdmn = ak;
    svce = MyDemoApp;
    sync = 0;
    tomb = 0;
    acct = "access_token-2";
    agrp = test;
    cdat = "2015-11-24 14:45:30 +0000";
    mdat = "2015-11-24 14:45:30 +0000";
    pdmn = ak;
    svce = MyDemoApp;
    sync = 0;
    tomb = 0;
    acct = "access_token-3";
    agrp = test;
    cdat = "2015-11-24 14:45:30 +0000";
    mdat = "2015-11-24 14:45:30 +0000";
    pdmn = ak;
    svce = MyDemoApp;
    sync = 0;
    tomb = 0;

Where from item "agrp" = "test" appears? I don't want any unknown "tests" )) But I want to set access group to use it in future.

Tank you for your replies!

Source: (StackOverflow)

Tracking user without account, installation persistent

I wonder how I can track a user nowadays without user account. From what I have seen, the best solution is to store an id into an SSKeychain. From this post: http://stackoverflow.com/a/21097282/3722523, the user stores the NSUUID in the keychain. Do you think Apple will validate my application with that solution?
If yes, if I have a database, can I store the NSUUID in my database?

Thank you.

Edit: For a purpose, I need to allow user to add only 1 pin on the Map per day. My app has a database, but I don't want to set user account for now. So I have to track the user, even if he unistalls and reinstalls the app.

Source: (StackOverflow)

The unique number of the device, which remains the same after reinstalling the app from the AppStore and Apple's policy

Can I use this code in your application, provided that it does not show advertising banners (absolutely no ads)? Not will I get a rejection from Apple?

Also, the result I want to send to my server to compare its value.

-(NSString *)getUniqueDeviceIdentifierAsString

 NSString *appName=[[[NSBundle mainBundle] infoDictionary] objectForKey:(NSString*)kCFBundleNameKey];

 NSString *strApplicationUUID = [SSKeychain passwordForService:appName account:@"incoding"];

 if (strApplicationUUID == nil)
     strApplicationUUID  = [[[UIDevice currentDevice] identifierForVendor] UUIDString];
     [SSKeychain setPassword:strApplicationUUID forService:appName account:@"incoding"];

 return strApplicationUUID;

Policy Apple constantly changed in this matter, therefore, interested in how things are currently.

ps. I need a permanent unique number of the device user, provided that the application can be reinstalled.

Source: (StackOverflow)

Distinguish session and system items in Mac OS X keychain

How can I query the Mac OS X keychain to retrieve only session items ?

When I try to get all items like this :

[SSKeychain accountsForService:nil];

A session item and a system item have exactly the same attributes for the keys : acct, cdat, class, crtr, labl, mdat, svce

How can y query the keychain to get only session items or distinguish them ?

Thank you for your help !

Source: (StackOverflow)

STKeychain fails to retrieve password after AppStore Update


  • Our app stores the backend token in the device's keychain (STKeychain, ex SFHFKeychainUtils).
  • Background fetch is disabled.
  • An upgrade was recently released.

We're getting reports of users having to re-sign in. This seems to be an issue during STKeychain token-retrieval (stored password is being retrieved as nil).

Is it there any known bugs in STKeychain (or iOS keychain itself) that would cause this kind of issue?

Thanks in advance, any leads will be very welcome!

Source: (StackOverflow)

KeyChain - what is it?

I'm writing my first app for iOS. In it conceived some protection from repetitive actions of the same user device (few, if apple account. Login "login-password" at the application level as such does not exist, therefore it was necessary to implement a hidden identification. Convenient would it be to generate a random number that would be stored somewhere in the user, and remained unchanged even when reinstalling the app.

Started to read it. Learned about SSKeyChain. But just do not have enough experience to understand your logic... Please explain in accessible language!

My assumptions: (please correct if I'm wrong!)

1) each user single Apple account that is attached all apps to one of the device, and thus the storage on the device. Or is the cloud for one account and multiple devices for this account (which is called keychain)?

2) has a free Access to the library SSKeyChain (via the security framework), which I for your application can write any data with their keys (the password to the app, login, color scheme)... so if you reinstall the app, it could check "are there any settings in KeyChain for me?" and take data from there. Similar to NSUserDefaults/SharedPreferences (ios/android), not receding after reinstalling the app.

3) the Possibility of losing data from KeyChain the user device is only shift Apple account any action by Apple.

So? :)

Source: (StackOverflow)

How to create/end run loop to properly deallocate memory?

In my ARC iOS app I am running a for loop that ends up with a large memory allocation overhead. I want to somehow end my for loop with minimal/no extra memory allocated. In this instance I am using the SSKeychain library which lets me fetch things from a keychain. I usually just use autorelease pools and get my memory removed properly but here I don't know what is wrong because I end up with 70 mb + of memory allocated at the end of the loop. I have been told that I should start/end a run loop to properly deal with this. Thoughts?

for (int i = 0; i < 10000; ++i) {
            @autoreleasepool {
                NSError *  error2 = nil;
                SSKeychainQuery*  query2 = [[SSKeychainQuery alloc] init];
                query2.service = @"Eko";
                query2.account = @"loginPINForAccountID-2";
                query2.password = nil;
                [query2 fetch:&error2];

Source: (StackOverflow)

How to create Unique Identifier and save it to identify user(device)

I want to create unique identifier on iOS 5 and use it for identifying user (user device) every time app is started. I am able to create a unique identifier by following code

 CFStringRef string = CFUUIDCreateString(NULL, theUUID);

But unable to save it on user device so that particular identifier is not deleted even when app is uninstalled. I tried using SSKeychain approach but it gives Apple Mach-o Linker error.

Please let me know the the way I can accomplish the same.

Any help is appreciated.

Source: (StackOverflow)

Why SSKeychain returns different result with the same parameters for different iOS apps

I tried to use SSKeychain to reserve UUID on iOS

and the sample code is below

NSString *retrieveuuid = [SSKeychain passwordForService:@"tempApp" account:@"tempUser"];
if (retrieveuuid == nil) {
    //Generate UUID
    CFUUIDRef cfuud = CFUUIDCreate(kCFAllocatorDefault);
    NSString *uuid = CFBridgingRelease(CFUUIDCreateString(kCFAllocatorDefault, cfuuid));
    //save in keychain
    [SSKeychain setPassword:uuid forService:@"tempApp" account:@"tempUser"];
    return uuid;
} else {
    return retrieveuuid;

My question is that I run the first app and then generate a UUID, and then run the second app which has the same parameters, so that the retrieveduuid should not be null, then why the second App returns a different UUID? I think that will return the same UUID as first app because I have saved the UUID in the keychain in App1 and try to retrieve it by the same parameters in App2.

Thanks for help

Source: (StackOverflow)

Evernote sdk for mac can't write to keychain anymore

I wrote a Mac OSX application using the Evernote Mac OSX SDK. It ran for over a year without issues, but now all of the sudden I can't get my Evernote authentication credentials stored. Every time I log in through the popup in my app I see the following in the logs:

OAuth Step 1 - Time Running is: 0.229743
OAuth Step 3 - Time Running is: 0.392775
Error saving to keychain: Error Domain=com.samsoffes.sskeychain Code=-25299 "The operation couldn’t be completed. (com.samsoffes.sskeychain error -25299.)" -25299

Has anyone got an idea what this might be? As far as I can tell their SDK hasn't changed in nearly 2 years so that can't be it.

Source: (StackOverflow)

SSKeyChain not retrieving accounts

I have two iOS applications (app "A" and app "B"), and I need to offer the user the posibility to access to app "B" with the login data stored in app "A" if the user is already loggued in app "A".

What I've done is to use the SSKeyChain library to store the login data of app "A" in the keychain. Something like this:

[SSKeychain setPassword:password forService:@"appA" account:username error:&error];

And then in App "B" I am retrieving this data in this way:

NSError *error;
NSArray *accounts = [SSKeychain accountsForService:@"appA" error:&error];

if (accounts.count > 0)
 // alert to the user

This is working perfect on the simulator, but this not working on my iPhone.

I already also added this line to my didFinishLaunchingWithOptions method:

[SSKeychain setAccessibilityType:kSecAttrAccessibleAlways];

Am I missing something?

Source: (StackOverflow)

What might be causing SecItemAdd or SecItemCopyMatching to fail?

I'm using this method in order to retrieve a saved value (and using SecItemAdd to add it originally):

+ (NSData *)passwordDataForService:(NSString *)service 
        account:(NSString *)account error:(NSError **)error {

    CFTypeRef result = NULL;    
    NSMutableDictionary *query = [self _queryForService:service account:account];

    [query setObject:(__bridge id)kCFBooleanTrue 
        forKey:(__bridge id)kSecReturnData];
    [query setObject:(__bridge id)kSecMatchLimitOne 
        forKey:(__bridge id)kSecMatchLimit];
    status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &result);

    if (status != noErr && error != NULL) {
        *error = [NSError errorWithDomain:kSSKeychainErrorDomain code:status 
        return nil;

    return (__bridge_transfer NSData *)result;

This code is working fine for most users, but a small percentage of my users (< 1%) are experiencing results indicating that either the read or write here is failing. My code unfortunately swallows any errors (i.e. doesn't log them anywhere when they occur) so I can't tell why it's failing out in the world, and I can't reproduce the problem at all on any of my development devices.

Does anyone know of any security/permissions settings that can be enabled on an iOS device that could cause SecItemAdd or SecItemCopyMatching to fail? I've tried turning on passcode locking, but that seems to have no effect.

Source: (StackOverflow)

SSKeychain: Accounts not stored in iCloud?

I'm using sskeychain (https://github.com/soffes/sskeychain) to store my accounts and passwords in the IOS keychain. I assume, that if I store an account, it should be available on my other device. But it doesn't appear there.

I read my accounts with this code:

NSArray *arr=[SSKeychain accountsForService:@"Login"];
for (NSString *s in arr) {
    NSLog(@"Account: %@",s);

and get this (only shown one entry, the others are similar):

Account: {
acct = "friXXXXXter@XXXX.com";
agrp = "3B4384Z34A.de.gondomir.LocalButler";
cdat = "2014-05-09 22:55:08 +0000";
mdat = "2014-05-09 22:55:08 +0000";
pdmn = ak;
svce = Login;
sync = 0;
tomb = 0;

But this doesn't appear on the other device. Both devices have IOS 7.1.1. I store the password with this line:

  [SSKeychain setPassword:self.passwortField.text forService:@"Login" account:self.userField.text];

I have switched on keychain sharing in Xcode and have a keychain group "de.gondomir.LocalButler" listed there.

Am I missing something? Must the service name something special?


Source: (StackOverflow)