在具有相同团队ID的一组应用之间共享钥匙串访问 [英] share keychain access between group of apps with same team id

问题描述

我将拥有一个主应用程序和n个子应用程序，希望它们共享钥匙串，

I would be having a master application and n number of children apps, want them to share keychain,

在entitlements.plist中，所有子应用都将拥有自己的捆绑包标识符

In entitlements.plist all the children apps would be having their own bundle identifier

PM7456S8QE.com.mango.GenericKeychain用于我从所有应用程序中添加和获取详细信息的钥匙串组访问

The keychain-group-access that i use to add and fetch details from all the apps is PM7456S8QE.com.mango.GenericKeychain

在所有应用程序中，keychain-group-access语法 就像

In all the applications the keychain-group-access syntax is like

PM7456S8QE.com.mango.app1 PM7456S8QE.com.mango.app2

PM7456S8QE.com.mango.app1 PM7456S8QE.com.mango.app2

所有应用都将使用相同的证书进行签名，甚至移动供应文件也相同

All the apps would be using same certificate for signing and even the mobile provision file is same

由于所有应用程序都具有相同的团队ID，我能否从钥匙串中添加和获取详细信息?

would i be able add and fetch details from keychain as all the apps have same team id ?

推荐答案

旧问题，但仍然值得回答:

Old question but it still deserves an answer:

iOS上的多个应用程序只能共享属于同一应用程序组或同一钥匙串访问组的钥匙串项目.因此，您的应用程序必须具有钥匙串访问组或应用程序组权利，并且每当两个应用程序在此处列出相同的组名时，它们还可以共享钥匙串项.

Multiple apps on iOS can only share keychain items if they belong to the same app group or to the same keychain access group. Therefor your apps must have a keychain access group or app group entitlement and whenever two apps list the same group names there, they can also share keychain items.

钥匙串访问组和应用程序组之间的区别在于，钥匙串访问组仅允许应用程序共享钥匙串项目，而没有其他任何共享.应用程序组还允许您的应用程序共享设置和数据文件，并允许这些应用程序之间的交互，否则该交互是不允许的.

The difference between keychain access groups and app groups is that keychain access groups only allow apps to share keychain items, yet nothing else is shared. App group also allow your apps to share settings and data files and allow interactions between these apps that would otherwise not be allowed.

请注意，一个应用程序可以同时属于任意数量的钥匙串访问和应用程序组.唯一的限制是，它所属的所有组必须是同一开发团队的组.无法在开发团队之间共享.

Note that an app can belong to any number of keychain access and app groups at the same time. The only limitation is that all groups it belongs to must be groups of the same development team. Sharing across development teams is not possible.

Apple对此主题有很好的文档说明，详细解释了这种共享:

Apple has good documentations side about this topic that explains this kind of sharing in all detail:

https://developer.apple.com/documentation/security/keychain_services /keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps

相同的规则适用于macOS，但是macOS还为不可同步的钥匙串项目提供了替代访问控制系统，并且不要求使用iOS引入的新钥匙串API.在这种情况下，其他共享选项可用，但不适用于iOS.

The same rules apply to macOS, however macOS also has an alternative access control systems for keychain items that are not synchronizable and don't request to use the new keychain API introduced with iOS. In that case other sharing options are available but none of that applies to iOS.

这篇关于在具有相同团队ID的一组应用之间共享钥匙串访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！