SecItem methods fail with -34018

Question

I use code below to safely store strings on iOS. Sometimes SecItemCopyMatching() and then also SecItemAdd() fail and return error code -34018. I've not been able to find this code; what does it mean?

NSMutableDictionary* query = [NSMutableDictionary dictionary];

[query setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass];
[query setObject:account forKey:(__bridge id)kSecAttrAccount];
[query setObject:(__bridge id)kSecAttrAccessibleAlways forKey:(__bridge id)kSecAttrAccessible];

OSStatus error = SecItemCopyMatching((__bridge CFDictionaryRef)query, NULL);
if (error == errSecSuccess)
{
    // Do update.
    NSDictionary* attributesToUpdate;
    attributesToUpdate = [NSDictionary dictionaryWithObject:[inputString dataUsingEncoding:NSUTF8StringEncoding]
                                                     forKey:(__bridge id)kSecValueData];

    error = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributesToUpdate);
    if (error != errSecSuccess)
    {
        NBLog(@"SecItemUpdate failed: %d", (int)error);
        result = NO;
    }
}
else if (error == errSecItemNotFound)
{
    // Do add.
    [query setObject:[inputString dataUsingEncoding:NSUTF8StringEncoding] forKey:(__bridge id)kSecValueData];

    error = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
    if (error != errSecSuccess)
    {
        NBLog(@"SecItemAdd failed: %d", (int)error);
        result = NO;
    }
}

@zaph On a device. Any idea what this particular (probably Apple internal) error code means? — meaning-matters
– meaning-matters, Commented Jun 12, 2015 at 21:09

Claus Jørgensen · Accepted Answer · 2019-06-16 13:51:11Z

1

-34018 is errSecMissingEntitlement according to osstatus.com

Internal error when a required entitlement isn't present.

For iOS 10+ you need a .entitlements file to access the keychain. Something like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.keystore.access-keychain-keys</key>
    <true/>
    <key>com.apple.keystore.device</key>
    <true/>
</dict>
</plist>

answered Jun 16, 2019 at 13:51

Claus Jørgensen

26.4k9 gold badges95 silver badges163 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

SecItem methods fail with -34018

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related