Lockbox
Lockbox copied to clipboard
granoff
Feature Request: Add support for iCloud keychain?
Believe in iOS7.01, Apple allowed you to store the keychain in iCloud if the user has it enabled. I think all you need to do is add kSecAttrSynchronizable in certain areas.
Found this also:
@constant kSecAttrSynchronizable Specifies a dictionary key whose value is
a CFBooleanRef indicating whether the item in question can be synchronized.
To add a new item which can be synced to other devices, or to obtain
synchronizable results from a query, supply this key with a value of
kCFBooleanTrue. If the key is not supplied, or has a value of
kCFBooleanFalse, then no synchronizable items will be added or returned.
A predefined value, kSecAttrSynchronizableAny, may be provided instead of
kCFBooleanTrue if both synchronizable and non-synchronizable results are
desired.
IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats:
- Updating or deleting items using the kSecAttrSynchronizable key will
affect all copies of the item, not just the one on your local device.
Be sure that it makes sense to use the same password on all devices
before deciding to make a password synchronizable.
- Only password items can currently be synchronized. Keychain syncing
is not supported for certificates or cryptographic keys.
- Items stored or obtained using the kSecAttrSynchronizable key cannot
specify SecAccessRef-based access control with kSecAttrAccess. If a
password is intended to be shared between multiple applications, the
kSecAttrAccessGroup key must be specified, and each application
using this password must have a 'keychain-access-groups' entitlement
with the specified access group value.
- Items stored or obtained using the kSecAttrSynchronizable key may
not also specify a kSecAttrAccessible value which is incompatible
with syncing (namely, those whose names end with "ThisDeviceOnly".)
- Items stored or obtained using the kSecAttrSynchronizable key cannot
be specified by reference. You must pass kSecReturnAttributes and/or
kSecReturnData to retrieve results; kSecReturnRef is currently not
supported for synchronizable items.
- Persistent references to synchronizable items should be avoided;
while they may work locally, they cannot be moved between devices,
and may not resolve if the item is modified on some other device.
- When specifying a query that uses the kSecAttrSynchronizable key,
search keys are limited to the item's class and attributes.
The only search constant which may be used is kSecMatchLimit; other
constants using the kSecMatch prefix are not supported at this time.
Looks like this has application to passwords. Rather than apply this to all of Lockbox, perhaps a specific set of password/setPassword interfaces would be useful, along with the ability to specify whether the value should be synchronized or not.
