Keychain Group Access

转载 2015年07月07日 11:26:12

Since iPhone OS 3.0 it has been possible to share data between a family of applications. This can provide a better user experience if you follow the common path of free/premium applications or if you have a set of related applications that need to share some common account settings.

The main pre-requisite for shared keychain access is that all of the applications have a common bundle seed ID. To be clear what this means remember that an App ID consists of two parts:

<Bundle Seed ID> . <Bundle  Identifier>

The bundle seed ID is a unique (within the App Store) ten character string that is generated by Apple when you first create an App ID. The bundle identifier is generally set to be a reverse domain name string identifying your app (e.g. com.yourcompany.appName) and is what you specify in the application Info.plist file in Xcode.

So when you want to create an app that can share keychain access with an existing app you need to make sure that you use the bundle seed ID of the existing app. You do this when you create the new App ID in the iPhone Provisioning Portal. Instead of generating a new value you select the existing value from the list of all your previous bundle seed IDs.

One caveat, whilst you can create a provisioning profile with a wildcard for the bundle identifier I have never been able to get shared keychain access working between apps using it. It works fine with fully specified (no wildcard) identifiers. Since a number of other Apple services such as push notifications and in-app purchase also have this restriction maybe it should not be a surprise but I am yet to find this documented for keychain access.

Once you have your provisioning profiles setup with a common bundle seed ID the rest is pretty easy. The first thing you need to do is register the keychain access group you want to use. The keychain access group can be named pretty much anything you want as long as it starts with the bundle seed ID. So for example if I have two applications as follows:


I could define a common keychain access group as follows:

  • ABC1234DEF.amazingAppFamily

To enable the application to access this group you need to add an entitlements plist file to the project using xCode. Use Add -> New File and select the Entitlements template from the iPhone OS Code Signing section. You can name the file anything you like (e.g. KeychainAccessGroups.plist). In the file add a new array item named keychain-access-groups and create an item in the array with the value of our chosen keychain access group:

Note: Do not change the get-task-allow item that is created by default in the entitlements file unless you are creating an Ad-Hoc distribution of your app (in which case you should uncheck this option).

This same process should be repeated for all apps that share the bundle seed ID to enable them to access the keychain group. To actually store and retrieve values from this group requires adding an additional value to the dictionary passed as an argument to the keychain services. Using the example from the previous post on simple iPhone keychain access the search dictionary gets the following additional item:

[searchDictionary setObject:@"ABC1234DEF.amazingAppFamily" 

One final comment, using a shared keychain access group does not stop you from storing values in an applications private keychain as well. The Apple GenericKeychain example application builds two applications which both store data in a private and group keychain.

 Apr 3rd2010 4:07 pm  keychain

« Simple iPhone Keychain Accessthe iPad NDA is finally lifted »

ios下 KeyChain 的研究

  • He_jiabin
  • He_jiabin
  • 2015年02月27日 17:50
  • 4764

iOS Provisioning Profile(Certificate)与Code Signing详解

关于开发证书配置(Certificates&Identifiers&Provisioning Profiles),相信做iOS开发的同学没少被折腾,本文将对相关概念做个系统的梳理。...
  • phunxm
  • phunxm
  • 2015年01月13日 22:01
  • 354944

Unity 全自动打包 Part1—配置Xcode工程

0.最近更新No. 9No. 101.代码仓库下载地址代码目录代码下载完毕后,我放在 Asset...
  • lile1234_show
  • lile1234_show
  • 2016年09月01日 16:10
  • 6486

Keychain Access中开发证书和秘钥的关系

首先我给大家献上一张图:   相信大家一定不陌生吧!keychains栏选择login,Category一栏选择My Certificates,你就会看到当前安装的所有开发者证书啦,有测...
  • zhtl3333
  • zhtl3333
  • 2016年06月24日 08:35
  • 1324

Keychain Group Access

From:           Since iP...
  • tenfyguo
  • tenfyguo
  • 2013年06月09日 15:42
  • 4568

iOS Keychain钥匙串,应用间数据共享打造iOS上的全家桶

iOS Keychain钥匙串,应用间数据共享打造iOS上的全家桶 Demo先行: 该d...
  • u011661836
  • u011661836
  • 2016年09月08日 10:47
  • 778

Keychain Group Access

From:           Since iPho...
  • tozheng
  • tozheng
  • 2013年08月28日 14:06
  • 791

WARNING ITMS-90076: "Potential Loss of Keychain Access."

WARNING ITMS-90076: "Potential Loss of Keychain Access. The previous version of software has an appl...
  • Nigelr
  • Nigelr
  • 2016年05月13日 19:32
  • 5774


我们搞iOS开发,一定都知道OS X里面的KeyChain(钥匙串),通常要乡镇及调试的话,都得安装证书之类的,这些证书就是保存在KeyChain中,还有我们平时浏览网页记录的账号密码也都是记录在Ke...
  • u011181543
  • u011181543
  • 2016年03月24日 14:13
  • 156

Keychain Group Access

Since iPhone OS 3.0 it has been possible to share data between a family of applications. This can pr...
  • a351945755
  • a351945755
  • 2015年07月07日 11:26
  • 917
您举报文章:Keychain Group Access