Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Add support for iCloud keychain? #33

Open
kissfro opened this issue Aug 15, 2014 · 2 comments
Open

Feature Request: Add support for iCloud keychain? #33

kissfro opened this issue Aug 15, 2014 · 2 comments

Comments

@kissfro
Copy link

kissfro commented Aug 15, 2014

Believe in iOS7.01, Apple allowed you to store the keychain in iCloud if the user has it enabled. I think all you need to do is add kSecAttrSynchronizable in certain areas.

@kissfro
Copy link
Author

kissfro commented Aug 15, 2014

Found this also:

 @constant kSecAttrSynchronizable Specifies a dictionary key whose value is
 a CFBooleanRef indicating whether the item in question can be synchronized.
 To add a new item which can be synced to other devices, or to obtain
 synchronizable results from a query, supply this key with a value of
 kCFBooleanTrue. If the key is not supplied, or has a value of
 kCFBooleanFalse, then no synchronizable items will be added or returned.
 A predefined value, kSecAttrSynchronizableAny, may be provided instead of
 kCFBooleanTrue if both synchronizable and non-synchronizable results are
 desired.

 IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats:

     - Updating or deleting items using the kSecAttrSynchronizable key will
       affect all copies of the item, not just the one on your local device.
       Be sure that it makes sense to use the same password on all devices
       before deciding to make a password synchronizable.
     - Only password items can currently be synchronized. Keychain syncing
       is not supported for certificates or cryptographic keys.
     - Items stored or obtained using the kSecAttrSynchronizable key cannot
       specify SecAccessRef-based access control with kSecAttrAccess. If a
       password is intended to be shared between multiple applications, the
       kSecAttrAccessGroup key must be specified, and each application
       using this password must have a 'keychain-access-groups' entitlement
       with the specified access group value.
     - Items stored or obtained using the kSecAttrSynchronizable key may
       not also specify a kSecAttrAccessible value which is incompatible
       with syncing (namely, those whose names end with "ThisDeviceOnly".)
     - Items stored or obtained using the kSecAttrSynchronizable key cannot
       be specified by reference. You must pass kSecReturnAttributes and/or
       kSecReturnData to retrieve results; kSecReturnRef is currently not
       supported for synchronizable items.
     - Persistent references to synchronizable items should be avoided;
       while they may work locally, they cannot be moved between devices,
       and may not resolve if the item is modified on some other device.
     - When specifying a query that uses the kSecAttrSynchronizable key,
       search keys are limited to the item's class and attributes.
       The only search constant which may be used is kSecMatchLimit; other
       constants using the kSecMatch prefix are not supported at this time.

@granoff
Copy link
Owner

granoff commented Aug 15, 2014

Looks like this has application to passwords. Rather than apply this to all of Lockbox, perhaps a specific set of password/setPassword interfaces would be useful, along with the ability to specify whether the value should be synchronized or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants