Skip to content

Instantly share code, notes, and snippets.

View lukele's full-sized avatar

Lukas Pitschl lukele

View GitHub Profile
@lukele
lukele / README.md
Last active August 19, 2020 22:03
Access to a keychain item's password via Security framework is lost if a user enters the wrong password once (rdar://50789571)

Summary

If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:

  • programmatic access to the keychain item's password using SecItemCopyMatching consistently fails with error OSStatus -25293, yet the user is never prompted to enter their macOS credentials

  • programmatic access to the password of any keychain item of the same keychain fails with error -25293

  • the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain Access.app (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)