Hi,
I'm extending a macOS app so that it can store a user secret in the keychain and protect it with TouchID (see code snippet below).
In my case, SecItemAdd returns status -34018 ("A required entitlement isn't present"). I did some research on Stackoverflow and indeed the error goes away when I add the "Keychain Sharing" capability. The keychain-access-groups in the entitlements plist is actually empty, but it seems the entitlement is required.
Is this really the case? My app does not require nor wish to share keychain items with other apps. Also I can not easily use this capability as the production app bundle is generated with a third-party tool (Install4j) and I have no control over the signing / entitlements process.
Kind Regards Alex
let secretData = "this-is-a-secret".data(using: .utf8)!
let accessControl = SecAccessControlCreateWithFlags(
nil, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryCurrentSet, nil)
let addQuery: [String: Any] = [kSecClass as String: kSecClassGenericPassword,
kSecAttrAccount as String: account,
kSecAttrService as String: service,
kSecAttrComment as String: "Some comment",
kSecAttrAccessControl as String: accessControl,
kSecValueData as String: secretData]
let status = SecItemAdd(addQuery as CFDictionary, nil)
(I would have attached a zip file with the sample Xcode project but the web form does not allow it).