You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So I have changed kSecAttrAccessibleWhenUnlocked to kSecAttrAccessibleAfterFirstUnlock in Strongbox and am resubmitting the app to see if it goes through. Something you might want to change in the library too as kSecAttrAccessibleWhenUnlocked is too restrictive imo.
Docs say:
kSecAttrAccessibleAfterFirstUnlock Item data can only be
accessed once the device has been unlocked after a restart. This is
recommended for items that need to be accesible by background
applications. Items with this attribute will migrate to a new device
when using encrypted backups.
kSecAttrAccessibleWhenUnlocked Item data can only be accessed
while the device is unlocked. This is recommended for items that only
need be accesible while the application is in the foreground. Items
with this attribute will migrate to a new device when using encrypted
backups.
So kSecAttrAccessibleWhenUnlocked might cause issues for developers who try to access strongbox when the device is not unlocked (think of notification center widgets, notifications etc).
The text was updated successfully, but these errors were encountered:
Interesting. Thanks for pointing this out. You can, of course, pass in whatever accessibility value you like in your call to unarchive() as your needs require. I'll consider making the change permanent though.
@granoff Yes, I think for majority of the people, kSecAttrAccessibleAfterFirstUnlock is a better setting. Might be worth adding a note regarding this in the docs.
My AppDelegate's
didFinishLaunchingWithOptions
only has this code:In testing this has worked mostly fine. But sometimes I have noticed a bit slowness but haven't been able to consistently reproduce this.
Today, my app got rejected with this crashlog:
It seems that the unarchiving is taking too long.
I read through a few issues on SO and keychain related slowness is apparently a common issue. This one in particular seemed interesting:
https://stackoverflow.com/questions/10536859/ios-keychain-not-retrieving-values-from-background
So I have changed
kSecAttrAccessibleWhenUnlocked
tokSecAttrAccessibleAfterFirstUnlock
in Strongbox and am resubmitting the app to see if it goes through. Something you might want to change in the library too askSecAttrAccessibleWhenUnlocked
is too restrictive imo.Docs say:
So
kSecAttrAccessibleWhenUnlocked
might cause issues for developers who try to access strongbox when the device is not unlocked (think of notification center widgets, notifications etc).The text was updated successfully, but these errors were encountered: