Keychain组访问我现有应用程序之间共享数据 [英] Keychain group access to share data between my existing applications
问题描述
我在AppStore上有很多iOS应用程序。现在,对于下一版本的应用程序,我想为每个要在KeyChain中共享的应用程序保留一段数据。据我所知,我需要在Apple的KeychainItemWrapper类中提供相同的Keychain访问组。
I have many iOS applications live on AppStore. Now for next version of apps, I want to keep a piece of data for every application to share in KeyChain. As far as I know I need to provide same Keychain access group in Apple's KeychainItemWrapper class.
*keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"Any string" accessGroup:<string representing access group>];
我知道自定义URL并没有用,因为我希望数据是持久的。
I know about custom URLs and it is of no use as I want data to be persistent.
我可以从配置门户网站看到所有应用程序都有不同的捆绑种子ID。我知道共享密钥链访问的主要先决条件是所有应用程序都有一个共同的捆绑种子ID。
All my applications have different bundle seed ID as I can see from provisioning portal. I know that the main pre-requisite for shared keychain access is that all of the applications have a common bundle seed ID.
现在我的问题是如何确保在这个senario我可以使用Keychain在所有这些应用程序之间共享数据?
Now my question is how do I make sure that in this senario I can use Keychain to share data among all these applications ?
是否可以通过配置配置文件门户更改所有应用程序的捆绑种子ID,而不会对任何功能造成任何损害(虽然我想避免这样做因为有这么多应用)。
Is it possible to change the bundle seed ID of all applications through Provisioning profile portal without doing any harm to any functionality ( Although I want to avoid that as there are so many apps).
有没有办法可以在文件中添加所有应用程序的捆绑种子ID,并在项目中使用该文件构建所有应用程序来实现此目的?我知道keychain-access-groups,我是否需要创建一个plist文件并在其中添加所有应用程序的bundle seed ID?
Is there a way I can add bundle seed ID of all apps in a file and build all apps with that file in project to achieve this ? I know about "keychain-access-groups", do i need to create a plist file and add bundle seed ID of all application in it ?
感谢这方面的任何帮助。
Appreciate any help in this regard.
推荐答案
如果您有不同的捆绑种子ID (捆绑标识符前面的十个字母数字字符, XXXXXXXXXX.com.company.application 中的X,您无法共享访问组。这是对Apple的限制,并且不允许绕过它。我建议你找到另一种安全共享数据的解决方案(可能在设备之外,在服务器上,但不是iCloud,因为它有相同的限制)。
If you have different bundle seed IDs (the ten alphanumeric characters preceding the bundle identifier, the Xs in XXXXXXXXXX.com.company.application), you can't share an access group. It's a restriction on Apple's part and circumventing it is not allowed. I suggest you find another solution of safely sharing data (possibly outside of the device, on a server, but not iCloud as it has the same restrictions).
关于一般信息钥匙串访问组:
General information about keychain access groups:
从iPhone OS 3.0开始,就可以在一系列应用程序之间共享数据。如果您遵循免费/高级应用程序的常用路径,或者您有一组需要共享某些常见帐户设置的相关应用程序,则可以提供更好的用户体验。
Since iPhone OS 3.0 it has been possible to share data between a family of applications. This can provide a better user experience if you follow the common path of free/premium applications or if you have a set of related applications that need to share some common account settings.
共享密钥链访问的主要先决条件是所有应用程序都具有公共捆绑种子ID。要清楚这意味着记住App ID由两部分组成:
The main pre-requisite for shared keychain access is that all of the applications have a common bundle seed ID. To be clear what this means remember that an App ID consists of two parts:
<Bundle Seed ID> . <Bundle Identifier>
捆绑种子ID是Apple生成的十个字符串(在App Store中)第一次创建应用程序ID时。捆绑包标识符通常设置为标识您的应用程序的反向域名字符串(例如 com.yourcompany.appName ),并且是您在应用程序Info.plist文件中指定的内容。 Xcode。
The bundle seed ID is a unique (within the App Store) ten character string that is generated by Apple when you first create an App ID. The bundle identifier is generally set to be a reverse domain name string identifying your app (e.g. com.yourcompany.appName) and is what you specify in the application Info.plist file in Xcode.
因此,当您想创建一个可以与现有应用共享钥匙串访问权限的应用时,您需要确保使用现有应用的捆绑种子ID 。在iPhone Provisioning Portal中创建新的App ID时,可以执行此操作。您可以从以前所有捆绑种子ID的列表中选择现有值,而不是生成新值。
So when you want to create an app that can share keychain access with an existing app you need to make sure that you use the bundle seed ID of the existing app. You do this when you create the new App ID in the iPhone Provisioning Portal. Instead of generating a new value you select the existing value from the list of all your previous bundle seed IDs.
一个警告,您可以使用通配符创建配置文件对于捆绑标识符,我从来没有能够在使用它的应用程序之间获得共享密钥链访问。它与完全指定(无通配符)标识符一起工作正常。由于许多其他Apple服务(例如推送通知和应用程序内购买)也有这个限制,也许这不应该是一个惊喜,但我还没有找到关于钥匙串访问的文档。
One caveat, whilst you can create a provisioning profile with a wildcard for the bundle identifier I have never been able to get shared keychain access working between apps using it. It works fine with fully specified (no wildcard) identifiers. Since a number of other Apple services such as push notifications and in-app purchase also have this restriction maybe it should not be a surprise but I am yet to find this documented for keychain access.
使用公共捆绑种子ID设置配置文件后,其余部分非常简单。您需要做的第一件事是注册您要使用的钥匙串访问组。只要以捆绑种子ID开头,钥匙串访问组就可以命名几乎任何你想要的东西。例如,如果我有两个应用程序如下:
Once you have your provisioning profiles setup with a common bundle seed ID the rest is pretty easy. The first thing you need to do is register the keychain access group you want to use. The keychain access group can be named pretty much anything you want as long as it starts with the bundle seed ID. So for example if I have two applications as follows:
ABC1234DEF.com.useyourloaf.amazingApp1
ABC1234DEF.com.useyourloaf.amazingApp2
我可以按如下方式定义一个共同的钥匙串访问组:
I could define a common keychain access group as follows:
ABC1234DEF.amazingAppFamily
要使应用程序能够访问该组,您需要使用xCode将权利plist文件添加到项目中。使用添加 - >新文件,然后从iPhone OS代码签名部分中选择授权模板。您可以根据需要为文件命名(例如 KeychainAccessGroups.plist )。在文件中添加一个名为keychain-access-groups的新数组项,并使用我们选择的钥匙串访问组的值在数组中创建一个项目:
To enable the application to access this group you need to add an entitlements plist file to the project using xCode. Use Add -> New File and select the Entitlements template from the iPhone OS Code Signing section. You can name the file anything you like (e.g. KeychainAccessGroups.plist). In the file add a new array item named keychain-access-groups and create an item in the array with the value of our chosen keychain access group:
注意:不要更改权利文件中默认创建的get-task-allow项,除非您要创建应用的Ad-Hoc分布(在这种情况下,您应取消选中此选项)。
Note: Do not change the get-task-allow item that is created by default in the entitlements file unless you are creating an Ad-Hoc distribution of your app (in which case you should uncheck this option).
对于共享捆绑种子ID的所有应用程序,应重复此相同过程,以使其能够访问密钥链组。要实际存储和检索此组中的值,需要向作为参数传递给密钥链服务的字典添加其他值。使用上一篇文章中关于简单iPhone钥匙串访问的示例,搜索词典获得以下附加项:
This same process should be repeated for all apps that share the bundle seed ID to enable them to access the keychain group. To actually store and retrieve values from this group requires adding an additional value to the dictionary passed as an argument to the keychain services. Using the example from the previous post on simple iPhone keychain access the search dictionary gets the following additional item:
[searchDictionary setObject: @"ABC1234DEF.amazingAppFamily" forKey: (id)kSecAttrAccessGroup];
使用共享钥匙串访问组的最后一条评论不会阻止您在私有应用程序中存储值钥匙扣也是如此。 Apple GenericKeychain示例应用程序构建了两个应用程序,它们都将数据存储在私人和组密钥链中。
One final comment, using a shared keychain access group does not stop you from storing values in an applications private keychain as well. The Apple GenericKeychain example application builds two applications which both store data in a private and group keychain.
来源:使用你的面包
这篇关于Keychain组访问我现有应用程序之间共享数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
