【问题标题】:iOS/Swift: SecItemCopyMatching yields errSecParam (-50) status for access control of biometryCurrentSetiOS/Swift:SecItemCopyMatching 为 biometryCurrentSet 的访问控制产生 errSecParam (-50) 状态
【发布时间】:2019-08-09 06:33:15
【问题描述】:

我目前正在尝试使我的应用程序的用户能够使用生物特征身份验证从钥匙串中添加和检索数据。向钥匙串添加项目时,对SecItemAdd 的调用返回成功状态,但是当通过SecItemCopyMatching 从钥匙串中检索项目时,我得到-50 OSStatus (errSecParam),这表明我的一个参数是错误的。

调试时,我从查询中删除了kSecAttrAccessControlkSecAttrAccessible 参数,从而消除了错误。但是,现在我面临一个不同的问题,即系统在没有先提示用户的情况下从钥匙串中检索值。

导致 errSecParam (-50) 结果或无身份验证提示的代码:

let query: [String: Any] = [
    kSecClass as String: kSecClassGenericPassword,
    kSecAttrService as String: "MyApp",
    kSecAttrAccount as String: "BiometricLogin",
    // removing this key from the SecItemCopyMatching query gets rid of the error but results in no authentication prompt
    kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
    kSecReturnAttributes as String: kCFBooleanTrue,
    kSecReturnData as String: kCFBooleanTrue,
    // removing this key from the SecItemCopyMatching query gets rid of the error but results in no authentication prompt
    kSecAttrAccessControl as String: SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)!,
    kSecUseAuthenticationUI as String: kSecUseAuthenticationUIAllow,
    kSecUseOperationPrompt as String: "Authenticate with Biometrics"
]

let addQuery = query.merging([(kSecValueData as String, "Hi".data(encoding: .utf8)!)], uniquingKeysWith: { $1 })
let status = SecItemAdd(query as CFDictionary, nil)
print(status) // prints 0, success

let retrieveQuery = query
var queryResult: AnyObject?
let status = SecItemCopyMatching(retrieveQuery as CFDictionary, &queryResult)
print(status) // prints -50 if both kSecAttrAccessible and kSecAttrAccessControl are in the query, and prints 0 if either of those attributes are removed but the result is no authentication prompt

所以我的问题是:如何让用户收到身份验证提示以从钥匙串中检索数据?重申一下,我使用的是kSecClassGenericPasswordkSecAttrAccessibleWhenUnlockedThisDeviceOnly.biometryCurrentSet

【问题讨论】:

    标签: ios swift keychain


    【解决方案1】:
    kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,  
    

    导致问题的上述密钥。这需要删除,因为它已经作为

    的一部分添加
    SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)!
    

    【讨论】:

      猜你喜欢
      • 2020-05-21
      • 1970-01-01
      • 2011-01-27
      • 2019-01-27
      • 1970-01-01
      • 2021-08-27
      • 2016-02-05
      • 1970-01-01
      • 2022-11-10
      相关资源
      最近更新 更多