5
  1. KeychainTouchID app was installed using Xcode and executed. The key was generated by pressing "Add protected key" and it was used by pressing "Use protected key". The key was generated using Secure Enclave.
  2. Encrypted iPhone backup on the computer was made using iTunes. All content and settings where erased (Settings -> General -> Reset -> Erase All Content and Settings).
  3. Encrypted iPhone backup was restored to the same iPhone.
  4. Reinstallation for KeychainTouchID app needed to do as it was instaled using Xcode.
  5. KeychainTouchID app was executed.
  6. So after that:

By pressing "Use protected key" returns -26276 (AAPLKeychainTestsViewController.m @ 288 function -> SecItemCopyMatching)

By pressing "Delete protected key" reutrns -4 (AAPLKeychainTestsViewController.m @ 326 function -> SecItemDelete)

By pressing "Add protected key" returns success, but deletion and usage is not possible.

I found here: errSecInternal = -26276, /* An internal error occured in the Security framework. */

So in this case I can not access new added key.

  • Why after backup restore SecItemCopyMatching returns -26276?
  • Why it is not possible to delete this key, but it is possible to add?
  • Dose sombody had this experience?
  • What is the way to go around this problem?

I did post this issue to Apple team, but no answer for more than 1 month.

Ramis
  • 13,985
  • 7
  • 81
  • 100

1 Answers1

1

I would repost the question on the security list. That said, from my distant memory, those keys are likely marked with ACLs that prevent them from getting backed up, so you're encountering the equivalent of a dangling pointer in the keychain. If you re-add an item with matching name or whatever, it replaces that item, and it should work from that point on.

However, if deleting it and using it fails after re-adding the item, something very strange is going on, in which case I would file a bug. They'll probably ask you to install a configuration profile that enables a crapton of debugging, reproduce the error, and send them logs.

dgatwood
  • 10,129
  • 1
  • 28
  • 49
  • I did record bug in the Apple bug system long time ago, but nothing heard from them – Ramis Oct 04 '16 at 06:20
  • You might also check this answer: http://stackoverflow.com/questions/11670647/adding-private-key-into-ios-keychain – dgatwood Oct 04 '16 at 06:54