Skip to content

Feature Request: Add support for iCloud keychain? #33

New issue
New issue
Open
Open
Feature Request: Add support for iCloud keychain?#33
@kissfro

Description

@kissfro
kissfro
opened on Aug 15, 2014

Believe in iOS7.01, Apple allowed you to store the keychain in iCloud if the user has it enabled. I think all you need to do is add kSecAttrSynchronizable in certain areas.

Activity

kissfro

kissfro commented on Aug 15, 2014

@kissfro
kissfro
on Aug 15, 2014
Author

Found this also:

 @constant kSecAttrSynchronizable Specifies a dictionary key whose value is
 a CFBooleanRef indicating whether the item in question can be synchronized.
 To add a new item which can be synced to other devices, or to obtain
 synchronizable results from a query, supply this key with a value of
 kCFBooleanTrue. If the key is not supplied, or has a value of
 kCFBooleanFalse, then no synchronizable items will be added or returned.
 A predefined value, kSecAttrSynchronizableAny, may be provided instead of
 kCFBooleanTrue if both synchronizable and non-synchronizable results are
 desired.

 IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats:

     - Updating or deleting items using the kSecAttrSynchronizable key will
       affect all copies of the item, not just the one on your local device.
       Be sure that it makes sense to use the same password on all devices
       before deciding to make a password synchronizable.
     - Only password items can currently be synchronized. Keychain syncing
       is not supported for certificates or cryptographic keys.
     - Items stored or obtained using the kSecAttrSynchronizable key cannot
       specify SecAccessRef-based access control with kSecAttrAccess. If a
       password is intended to be shared between multiple applications, the
       kSecAttrAccessGroup key must be specified, and each application
       using this password must have a 'keychain-access-groups' entitlement
       with the specified access group value.
     - Items stored or obtained using the kSecAttrSynchronizable key may
       not also specify a kSecAttrAccessible value which is incompatible
       with syncing (namely, those whose names end with "ThisDeviceOnly".)
     - Items stored or obtained using the kSecAttrSynchronizable key cannot
       be specified by reference. You must pass kSecReturnAttributes and/or
       kSecReturnData to retrieve results; kSecReturnRef is currently not
       supported for synchronizable items.
     - Persistent references to synchronizable items should be avoided;
       while they may work locally, they cannot be moved between devices,
       and may not resolve if the item is modified on some other device.
     - When specifying a query that uses the kSecAttrSynchronizable key,
       search keys are limited to the item's class and attributes.
       The only search constant which may be used is kSecMatchLimit; other
       constants using the kSecMatch prefix are not supported at this time.
granoff

granoff commented on Aug 15, 2014

@granoff
granoff
on Aug 15, 2014
Owner

Looks like this has application to passwords. Rather than apply this to all of Lockbox, perhaps a specific set of password/setPassword interfaces would be useful, along with the ability to specify whether the value should be synchronized or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @granoff@kissfro

        Issue actions
          Feature Request: Add support for iCloud keychain? · Issue #33 · granoff/Lockbox