iOS/Swift: SecItemCopyMatching yields errSecParam (-50) 状态用于 biometryCurrentSet 的访问控制
iOS/Swift: SecItemCopyMatching yields errSecParam (-50) status for access control of biometryCurrentSet
我目前正在尝试让我的应用程序的用户能够使用生物识别身份验证从钥匙串中添加和检索数据。将项目添加到钥匙串时,调用 SecItemAdd
returns 成功状态,但是当通过 SecItemCopyMatching
从钥匙串检索项目时,我得到 -50 OSStatus (errSecParam),这表明我的一个参数是错误的。
调试时,我从查询中删除了 kSecAttrAccessControl
或 kSecAttrAccessible
参数,从而消除了错误。但是,现在我遇到了一个不同的问题,系统在没有首先提示用户的情况下从钥匙串中检索值。
导致 errSecParam (-50) 结果或无身份验证提示的代码:
let query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
kSecAttrService as String: "MyApp",
kSecAttrAccount as String: "BiometricLogin",
// removing this key from the SecItemCopyMatching query gets rid of the error but results in no authentication prompt
kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecReturnAttributes as String: kCFBooleanTrue,
kSecReturnData as String: kCFBooleanTrue,
// removing this key from the SecItemCopyMatching query gets rid of the error but results in no authentication prompt
kSecAttrAccessControl as String: SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)!,
kSecUseAuthenticationUI as String: kSecUseAuthenticationUIAllow,
kSecUseOperationPrompt as String: "Authenticate with Biometrics"
]
let addQuery = query.merging([(kSecValueData as String, "Hi".data(encoding: .utf8)!)], uniquingKeysWith: { })
let status = SecItemAdd(query as CFDictionary, nil)
print(status) // prints 0, success
let retrieveQuery = query
var queryResult: AnyObject?
let status = SecItemCopyMatching(retrieveQuery as CFDictionary, &queryResult)
print(status) // prints -50 if both kSecAttrAccessible and kSecAttrAccessControl are in the query, and prints 0 if either of those attributes are removed but the result is no authentication prompt
所以我的问题是:如何让用户收到身份验证提示以从钥匙串中检索数据?重申一下,我使用的是 kSecClassGenericPassword
、kSecAttrAccessibleWhenUnlockedThisDeviceOnly
和 .biometryCurrentSet
.
kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
上述密钥导致了问题。这需要删除,因为它已作为
的一部分添加
SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)!
我目前正在尝试让我的应用程序的用户能够使用生物识别身份验证从钥匙串中添加和检索数据。将项目添加到钥匙串时,调用 SecItemAdd
returns 成功状态,但是当通过 SecItemCopyMatching
从钥匙串检索项目时,我得到 -50 OSStatus (errSecParam),这表明我的一个参数是错误的。
调试时,我从查询中删除了 kSecAttrAccessControl
或 kSecAttrAccessible
参数,从而消除了错误。但是,现在我遇到了一个不同的问题,系统在没有首先提示用户的情况下从钥匙串中检索值。
导致 errSecParam (-50) 结果或无身份验证提示的代码:
let query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
kSecAttrService as String: "MyApp",
kSecAttrAccount as String: "BiometricLogin",
// removing this key from the SecItemCopyMatching query gets rid of the error but results in no authentication prompt
kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecReturnAttributes as String: kCFBooleanTrue,
kSecReturnData as String: kCFBooleanTrue,
// removing this key from the SecItemCopyMatching query gets rid of the error but results in no authentication prompt
kSecAttrAccessControl as String: SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)!,
kSecUseAuthenticationUI as String: kSecUseAuthenticationUIAllow,
kSecUseOperationPrompt as String: "Authenticate with Biometrics"
]
let addQuery = query.merging([(kSecValueData as String, "Hi".data(encoding: .utf8)!)], uniquingKeysWith: { })
let status = SecItemAdd(query as CFDictionary, nil)
print(status) // prints 0, success
let retrieveQuery = query
var queryResult: AnyObject?
let status = SecItemCopyMatching(retrieveQuery as CFDictionary, &queryResult)
print(status) // prints -50 if both kSecAttrAccessible and kSecAttrAccessControl are in the query, and prints 0 if either of those attributes are removed but the result is no authentication prompt
所以我的问题是:如何让用户收到身份验证提示以从钥匙串中检索数据?重申一下,我使用的是 kSecClassGenericPassword
、kSecAttrAccessibleWhenUnlockedThisDeviceOnly
和 .biometryCurrentSet
.
kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
上述密钥导致了问题。这需要删除,因为它已作为
的一部分添加SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)!