KeyChainItem question

ChristopheDV · May 28, 2017, 7:26am

Is the KeyChainItem a good way to store delicate information (like serials, data not visible to the user, …) for macOS apps?
Are there limitations? Can I update the KeyChainItem information anytime without any issues?

ChristopheDV · May 28, 2017, 8:04am

I also notice deleting a keychain using keychainitem.delete does not work.
So you can only create one, read it but never change or delete the keychain. Is this a Xojo bug?

Beatrix_Willius · May 28, 2017, 8:07am

The user can always have a look at the data in the keychain. The keychain is not the place for invisible data. Deleting should work. What happens when you try to delete?

David_Cox · May 28, 2017, 8:10am

I would instead store these items in an encrypted Preferences SQLite database inside SpecialFolder.ApplicationData this way you have full control and it is cross platform.

ChristopheDV · May 28, 2017, 8:16am

Everything can be found and especially files. Keychains are less known to casual users.

Delete does not work at all.

Try yourself:

Create keychain:

Dim NewItem as KeyChainItem If System.KeyChainCount > 0 then NewItem = New KeyChainItem NewItem.ServiceName = "myAppTest" NewItem.Label="myAppTest" System.KeyChain.AddPassword NewItem, "SecretPassword" End if Exception err as KeyChainException MsgBox "Can't add item: " + err.Message

Deleting (but doesn’t work). It doesn’t throw an exception either so the key is found (I guess).

Dim ItemToDelete as KeyChainItem ItemToDelete = New KeyChainItem ItemToDelete.ServiceName ="myAppTest" ItemToDelete.Label="myAppTest" ItemToDelete.Delete Exception err as KeyChainException MsgBox "Can't find item: " + err.Message

Beatrix_Willius · May 28, 2017, 9:52am

My code doesn’t look very different. I just verified on Sierra with Xojo 2017r1 that it works fine. They KeyChainNames are in the form of accountname@servername:

[code]Protected Function DeleteKC(KeyChainName as String, AppName as String) as Boolean

'delete the existing keychain item

dim theKeyChainItem as new KeyChainItem
theKeyChainItem.ServiceName = AppName
theKeyChainItem.Label = AppName
theKeyChainItem.AccountName = KeyChainName

'check if the keychain item exists
#pragma BreakOnExceptions false
try
dim Password as String = System.KeyChain.FindPassword(theKeyChainItem)

catch err as KeyChainException
if err.errorNumber = -25300 then
Return true
else
globals.theErrorLog.DialogErrorProceed kErrorDelete + " " + Str(err.ErrorNumber) + " " + err.Message
Return False
end if
end try

'now delete it
try
theKeyChainItem.Delete
Return true
catch err as KeyChainException
globals.theErrorLog.DialogErrorProceed kErrorDelete + " " + Str(err.ErrorNumber) + " " + err.Message
Return False
end try
#pragma BreakOnExceptions true

End Function[/code]

ChristopheDV · May 28, 2017, 10:14am

The format seems to make it work. Thx.