New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error -34018 required entitlement #52

Closed
arnaudmeunier opened this Issue Feb 19, 2015 · 80 comments

Comments

Projects
None yet
@arnaudmeunier

arnaudmeunier commented Feb 19, 2015

Hello,

I'm frequently getting this error:

Error Domain=com.kishikawakatsumi.KeychainAccess.error Code=-34018 "Internal error when a required entitlement isn't present, client has neither application-identifier nor keychain-access-groups entitlements."

I noticed it tends to happen when the application comes back from Background. Any idea where this could come from?

@kishikawakatsumi

This comment has been minimized.

Owner

kishikawakatsumi commented Feb 22, 2015

Could you please show me your code that to get/set keychain items? I think some factors about the error, but I need more details to identify the cause.

@peacemoon

This comment has been minimized.

peacemoon commented Mar 20, 2015

I have the same issue with a mac app (running in agent mode). Here are my codes

    let bundleIdentifier = NSBundle.mainBundle().bundleIdentifier
    self.keychain = Keychain(service: bundleIdentifier!)
    if let password = self.keychain!.getString("password") {
        println("Found password = \(password)")
    }
    else {
        println("No password found in keychain")
    }

the issue only appears sporadically. I found some related SO questions here

http://stackoverflow.com/questions/22082996/testing-the-keychain-osstatus-error-34018?lq=1
http://stackoverflow.com/questions/20344255/secitemadd-and-secitemcopymatching-returns-error-code-34018-errsecmissingentit/22305193#22305193

@bgreenlee

This comment has been minimized.

bgreenlee commented Mar 30, 2015

I'm seeing this as well. It seems to happen only when updating the keychain item, not when initially creating it. The update succeeds, however.

Turning on the Keychain Sharing capability fixes the issue.

@arnaudmeunier

This comment has been minimized.

arnaudmeunier commented Apr 9, 2015

Interesting. I noticed I never had the issue on a production (archived) build. Did you? Might try turning on KeyChain sharing, just to be sure.

@uchuugaka

This comment has been minimized.

uchuugaka commented Jun 27, 2015

For security, and contrary to Apple's docs, don't update a keychain item, instead, remove it and create a replacement.

@wangshengjia

This comment has been minimized.

wangshengjia commented Jul 25, 2015

I never had this issue until I update to Swift 2 and test on iOS 9 today, is there something changed in new version?

@orschaef

This comment has been minimized.

orschaef commented Aug 19, 2015

@wangshengjia I experienced the same...after the Swift 2 update.

@pvegh

This comment has been minimized.

pvegh commented Aug 20, 2015

Swift 2 or Xcode 7, not sure which causes the issue, but they both go together.
Update: actually I have only seen this on an iOS9 device so far.

@jpaas

This comment has been minimized.

jpaas commented Aug 23, 2015

Same here. Swift2 + iOS9.

@kylejm

This comment has been minimized.

Contributor

kylejm commented Aug 24, 2015

I'm getting this issue with Swift 1.2 and iOS 8. Adding Keychain Sharing worked for fixed me too.

Is enabling Keychain Sharing the correct fix or a bit of a hack around the problem?

@kylejm

This comment has been minimized.

Contributor

kylejm commented Aug 26, 2015

I've just had this problem re-occue with Keychain Sharing enabled. @kishikawakatsumi any ideas on a Fix?

@kylejm

This comment has been minimized.

Contributor

kylejm commented Aug 27, 2015

This is becoming a really frustrating issue for us. I'm able to replicate quite consistently. When running our application after deleting it from the device, we run in to this issue when trying to access the keychain shortly after creating it. During the gap between creating the keychain and receiving this error on next access, the app is exited and re-entered.

@kishikawakatsumi I'm hoping you could advise me on a possible cause and/or fix shortly. I may have to consider finding another keychain wrapper/framework.

@kylejm

This comment has been minimized.

Contributor

kylejm commented Aug 27, 2015

...now able to replication without exiting the app.

@kylejm

This comment has been minimized.

Contributor

kylejm commented Aug 28, 2015

Done a fair bit of digging tonight. Looks like this is actually a bug in Security.framework:

https://forums.developer.apple.com/thread/4743

Last response from Apple was on Jul 27, 2015 1:22 AM. They still haven't confirmed on this thread that the bug has been resolved.

@paulbruneau

This comment has been minimized.

paulbruneau commented Aug 28, 2015

This makes sense (that it's an apple bug). Keychain is a mess.

@lfaoro

This comment has been minimized.

lfaoro commented Sep 11, 2015

This happens on Mac apps as well, Keychain Sharing fixes it but then you can't distribute the app outside the App Store if you use any of the features under Capabilities

@fabdarice

This comment has been minimized.

fabdarice commented Sep 23, 2015

I keep experiencing this as well.
You guys are mentioning that turning on Sharing Capability fixes it.
To turn it on, are you just adding ".synchronizable(true)" to keychain?

@nickvelloff

This comment has been minimized.

nickvelloff commented Sep 23, 2015

Same issue here as well. "Keychain Sharing" is enabled.

@lfaoro

This comment has been minimized.

lfaoro commented Sep 23, 2015

@fabdarice - select your project > Capabilities tab > set Keychain sharing to On

@andrew-knott

This comment has been minimized.

andrew-knott commented Oct 3, 2015

Can anyone else confirm that turning on Keychain sharing works? It's still failing for me.

@nickvelloff

This comment has been minimized.

nickvelloff commented Oct 4, 2015

What is the value for Keychain in your Info.plist?
My previous value of {AppID}.* did not work any longer after updating to SDK 9 Swift 2. I needed a fully qualified name like {AppID}.com.domain.app

@tomoyuki28jp

This comment has been minimized.

tomoyuki28jp commented Nov 6, 2015

Same issue here :(
Swift2 + iOS9

@tomoyuki28jp

This comment has been minimized.

tomoyuki28jp commented Nov 7, 2015

It seems like enabling keychain sharing solves this issue for me.

@AlexCatch

This comment has been minimized.

AlexCatch commented Nov 22, 2015

Error is still occurring occasionally.
Swift 2.0 + iOS9

@kishikawakatsumi

This comment has been minimized.

Owner

kishikawakatsumi commented Nov 22, 2015

I cannot reproduce such a problem. Can anyone share a reproducible project? Or could you please report this issue with your code snippets. "Same issue here" is nothing to help for me 🙇

@kishikawakatsumi

This comment has been minimized.

Owner

kishikawakatsumi commented Nov 22, 2015

And @kylejm's mentioned it https://forums.developer.apple.com/thread/4743 . Is it help for this problem?

@kylejm

This comment has been minimized.

Contributor

kylejm commented Nov 22, 2015

It still happens for me. It happens intermittently when the keychain is accessed after some time has passed since hitting a breakpoint.

In that thread an Apple employee has recently commented saying that we should all file a radar each so that not only can we see the status of the bug being fixed, but it will also go up on Apple's priority. I'm going to do so tomorrow morning when I'm at my desk.

@paulbruneau

This comment has been minimized.

paulbruneau commented Nov 22, 2015

You can't see the status of other bugs, even ones that you are a dupe of. That is one of the reasons why bugreporter is garbage.

@czechboy0

This comment has been minimized.

czechboy0 commented Jan 22, 2016

Just my 2c, I was having this issue in a Mac app and it went away when I ensured I never overwrite an existing value by using this little method:

extension Keychain {    
    func updateIfNeeded(key: String, value: String?) {
        if self[key] != value {
            self[key] = value
        }
    }
}
@twiedow

This comment has been minimized.

twiedow commented Sep 14, 2016

Any news for this?
It seems that with iOS 10 this problems always occurs. I just could reproduce the problem when opening the sample app for this project (using the master) and running it in the simulator (iPhone 7 / iPad with iOS 10).

Btw, the sample project has a bug when opening the input view controller. Xcode 8 messes with the connections of the IBActions. The app crashes with an error saying that there is no selector of name ... I fixed by changing by changing the method signature and re-connect the actions in the interface builder.

@kishikawakatsumi

This comment has been minimized.

Owner

kishikawakatsumi commented Sep 14, 2016

@twiedow

It seems that with iOS 10 this problems always occurs. I just could reproduce the problem when opening the sample app for this project (using the master) and running it in the simulator (iPhone 7 / iPad with iOS 10).

Please add code signing entitlements to the app. I've just fixed at fb4529d for the example project. From iOS 10, entitlements file is always needed for writing Keychain even without sharing.

screen shot 2016-09-14 at 22 48 41

screen shot 2016-09-14 at 22 53 24

@kishikawakatsumi

This comment has been minimized.

Owner

kishikawakatsumi commented Sep 14, 2016

@twiedow Also the example project has been fixed already in swift-3.0 branch 😉 Thanks!

@uchuugaka

This comment has been minimized.

uchuugaka commented Sep 14, 2016

Anything that touches security APIs must be code signed properly or it will cause weird failures by design.
This includes things that call them indirectly.
Just code sign everything and use proper entitlements.

On 14 Sep 2016, at 22:54, kishikawa katsumi notifications@github.com wrote:

@twiedow

It seems that with iOS 10 this problems always occurs. I just could reproduce the problem when opening the sample app for this project (using the master) and running it in the simulator (iPhone 7 / iPad with iOS 10).

Please add code signing entitlements to the app. I've just fixed at fb4529d for the example project. From iOS 10, entitlements file is always needed for writing Keychain even without sharing.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

@hons82

This comment has been minimized.

hons82 commented Sep 21, 2016

@tolkiana I've the same problem... I'm working on a framework with Keychain support, so there is no capabilities Tab... Did u find a solution already?

@tolkiana

This comment has been minimized.

tolkiana commented Sep 21, 2016

@hons82 not exactly, my solution was making my tests with mock objects, similar way you would do it with NSUserDefaults.

@indrajitsinh

This comment has been minimized.

indrajitsinh commented Sep 22, 2016

I was receiving this error in iOS 10 I did as @lfaoro suggested and I am no longer seeing it.

@haaakon

This comment has been minimized.

haaakon commented Sep 22, 2016

I'm struggling to find a sulotion to this when using Keychain in Unit tests. Anyone have any tips?

@petrdvorak

This comment has been minimized.

petrdvorak commented Sep 26, 2016

Guys, a little tiny note - are you sure you want to have "Keychain Sharing" feature on? For my project (related to security element of mobile banking) this is strongly undesired...

@tolkiana

This comment has been minimized.

tolkiana commented Sep 26, 2016

@petrdvorak that's a good point. I found in this thread that just having the entitlements is good enough (if you have at least one of the other capabilities). I just tested, created the entitlements for the Keychain Sharing, then turn it off and then turn on another capability like iCloud for example and still works! I know this is not ideal but I thought maybe is useful for somebody.

@tolkiana

This comment has been minimized.

tolkiana commented Sep 26, 2016

For those having problems with Frameworks, the only way I was able to workaround this was by creating a host App. I added a new target, enabled Keychain Sharing in capabilities and then in the test target I selected the Host Application, no need to add the test files to that target:

screen shot 2016-09-26 at 4 28 42 pm

@1b0t

This comment has been minimized.

1b0t commented Oct 1, 2016

If somebody is getting here desperately trying to get it to work without enabling Keychain Sharing. Just omit the accessGroup parameter when creating the Keychain object.

Explicitly passing my bundle id, then creating the entitlements file and adding the code signing entitlements always turned on Keychain sharing automatically. Turning it off again results in Xcode wiping these settings resulting in a deadlocking cycle.

Update: this seems to only work on a device and not in the simulator.

Update #2:
According to this thread it seems to be an Xcode bug related to code signing.

@ovidiomanteiga

This comment has been minimized.

ovidiomanteiga commented Oct 18, 2016

This error also occurs in a project I am currently working on.

Error

OSStatus error:[-34018] Internal error when a required entitlement isn't present, client has neither application-identifier nor keychain-access-groups entitlements.

NOTE: The error appears on Xcode console. The app does not crash.

Facts

  1. Xcode version is 8.0 (8A218a).
  2. Our project uses Swift version 2.3.
  3. Our project uses the version 2.4.0 of this library (https://github.com/kishikawakatsumi/KeychainAccess)
  4. The error occurs while running the app in an iOS 10 simulator instance.
  5. The error does not occur while running the app in an iOS 9.3 simulator instance.
  6. The error occurs either the Keychain instance is created without any arguments or setting just the "storeService" parameter.
  7. The error does not occur if the keychain-access-group entitlement is set for the target.
  8. The error occurs if the entitlements file is set but empty.
  9. The error DOES NOT OCCUR while running the app on an iPhone with iOS 10!!!

Hypothesis

iOS 10 simulator or Xcode bug. 😞 (Even maybe a regression bug...)

Related

@biku

This comment has been minimized.

biku commented Oct 21, 2016

if you use .synchronizable(true) try turning iCloud in Capabilities tab and selecting Services: CloudKit

For me, everything worked fine on simulator. If keychain-access-group entitlement is configured, everything works, remove it and it fails. That until I put it on a device.
After debugging it for hours, reading Apple's thread on devforums I arrived at a conclusion, that iCloud enabling the keychain with .synchronizable(true) is ignored in simulator, but not on device.
After turning iCloud in Capabilities tab and selecting Services: CloudKit, it started working. Turned it off and it still works. It appears that turning it on, allowed the keychain to be reset somehow.

Repeated the same on two different iOS10 devices with the same result -> initial crash with -34018 error. Turning iCloud entitlement on and it goes away, after which iCloud can be turned off.

@x4080

This comment has been minimized.

x4080 commented Oct 23, 2016

Here's my experience with it :

  • Background : Xcode 8, iOS 10 simulator, iPhone iOS 9.3.3, iPhone iOS 8, free developer certificate (6days limit)
  • keychain sharing : on
  • simple code : (on button click)
        let keychain = Keychain(service: "somewhere")
        keychain["kishikawakatsumi"] = "works"
        let token = keychain["kishikawakatsumi"]
        print(token)
        label.text=token

Result :

  • iOS simulator : works
  • iPhone iOS 8 : works
  • iPhone iOS 9.3.3 : works only when running from xcode, not working if the same app is running from device

Is it because of the free developer certificate in iOS 9 that cannot open key chain ? If so why it can work when running from Xcode

Maybe it can help somehow

@thebluepotato

This comment has been minimized.

thebluepotato commented Oct 24, 2016

@kishikawakatsumi From the Xcode 8.1 GM release notes :

Known Issues - Simulator
Keychain APIs may fail to work in the Simulator if your entitlements file doesn’t contain a value for the application-identifier entitlement. (28338972)
Workaround: Add a user-defined build setting to your target named ENTITLEMENTS_REQUIRED and set the value to YES. This will cause Xcode to automatically insert an application-identifier entitlement when building.

@ovidiomanteiga

This comment has been minimized.

ovidiomanteiga commented Oct 28, 2016

@thebluepotato Although "Xcode 8.1 Release Notes" say exactly the same, I could not make it work yet using Xcode Version 8.1 (8B62)...

@hons82

This comment has been minimized.

hons82 commented Oct 28, 2016

@tolkiana thanks a lot. I did both mocking for unit tests and sample app for graphical testing.

I'm using an enterprise profile, and I didn't need an entitlements file for devices running iOS 9 and 10. The only place I need that file is when I run it on simulator. There I need to switch on keychain sharing

@thebluepotato

This comment has been minimized.

thebluepotato commented Nov 1, 2016

@kishikawakatsumi From the Xcode 8.2 beta release notes :

Resolved in Xcode 8.2 beta - IDE
Keychain APIs work correctly in Simulator. (28338972)

@etayluz

This comment has been minimized.

etayluz commented Nov 18, 2016

@thebluepotato have you tried this yet on Xcode 8.2 beta and confirmed that the issue has been resolved?

@gothedistance

This comment has been minimized.

gothedistance commented Nov 29, 2016

I encounter same issue yesterday. Probably, it is a simulator bug on XCode8.1.

On my Xcode, when using iOS 10 Device Simualtors(iPhoneSE / iPhone7), this error always shows on console, but does NOT show any errors on using iOS9.x one.

Here's my code. this works fine with iOS9.x Simualtors, iPhone6s(iOS9.3), iPad Pro(iOS10.1)

    let keychain = Keychain(service: "MY SERVICE ID")
    keychain["auth_token"] = token

My Background as below. license type may not affect on this error.

  • XCode8.1/ Swift3
  • Keychain sharing OFF
  • install this library via carthage.
  • Deployment target 9.0
  • Apple Developer Program / Entity Type:Company / Organization
@forsan

This comment has been minimized.

forsan commented Nov 29, 2016

Same issue here when I use accessGroup and run in real device.

  • Xcode 8.1.
  • iPhone 6 plus.
  • Swift 2.3

I solved it by:
First I Turn on the Keychain Sharing capability.

0020_keychain_shaing_opions

Then adding "App ID prefix" AB123CDE45.example like this
let keychain = Keychain(service: "name", accessGroup: "AB123CDE45.example")

Source: http://evgenii.com/blog/sharing-keychain-in-ios/

@hashemp206

This comment has been minimized.

hashemp206 commented Dec 4, 2016

I have enabled keychain sharing. but problem is some times keychain works. and some times can't fetch from from keychain and throws error: "Internal error when a required entitlement isn't present, client has neither application-identifier nor keychain-access-groups entitlements."

does anyone have any idea?

@ovidiomanteiga

This comment has been minimized.

ovidiomanteiga commented Dec 16, 2016

I have already tried and it worked on Xcode 8.2 (8C38)❗️

@hashemp206

This comment has been minimized.

hashemp206 commented Dec 18, 2016

I figured it out. my keychain was corrupted. I think because my device is jailbroken

@kishikawakatsumi

This comment has been minimized.

Owner

kishikawakatsumi commented Feb 18, 2017

I believe it was fixed by Xcode 8.2

@yuanjilee

This comment has been minimized.

yuanjilee commented Feb 7, 2018

if anyone only crash with accessGroup, @forsan give the true answer!

or you can see directly: http://evgenii.com/blog/sharing-keychain-in-ios/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment