I'm writing an app on macOS that stores passwords in the Keychain and later retrieves them using SecItemCopyMatching(). This works fine 90% of the time. However, occasionally, the call to SecItemCopyMatching() fails with errSecAuthFailed (-25293). When this occurs, simply restarting the app resolves the issue; otherwise, it will consistently fail with errSecAuthFailed.
What I suspect is that the Keychain access permission has a time limitation for a process. This issue always seems to arise when I keep my app running for an extended period.
So I think I'm using the file - based keychain.
OK.
Should I update to the data protection keychain?
My general advice is that you should use the data protection keychain where possible. Earlier you wrote:
I'm writing an app on macOS that stores passwords in the Keychain
If this is:
- A standard GUI app
- And you’re writing new code
- And your deployment target in 10.15 or later
then I can’t see anything blocking you from using the data protection keychain, so my general advice is “Yes.”
do I just need to set kSecUseDataProtectionKeychain to true … ?
Yes.
do I just need to set … kSecAttrSynchronizable to false?
If you don’t want syncing then just omit that key entirely. kSecUseDataProtectionKeychain is sufficient.
Regardless of what keychain implementation you’re using, see the following for lots of info on how to une it correctly:
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"