DEV Community

Nathan Mattes
Nathan Mattes

Posted on • Originally published at zeitschlag.net on

SecItemDelete without limits

Together with a friend I'm working on a small app for iOS written in good ol' Objective-C. It's a (another) small timetracking application with an optional backend.

The credentials for the backend are to be stored in the Keychain. Users should also be able to delete those credentials again, of course. To remove things from the Keychain, I used SecItemDelete (Documentation) with the the same, following query-NSDictionary as for SecItemCopyMatching (Documentation):

@{
    (__bridge NSString *)kSecClass: (__bridge NSString *)kSecClassGenericPassword,
    (__bridge NSString *)kSecMatchLimit: (__bridge NSString *)kSecMatchLimitOne,
    (__bridge NSString *)kSecAttrService: kKOKeychainKeyService
}

But it didn't work: When retrieving things from the Keychain, everything was fine. But when using the query for for deletion, Xcode kept telling me, that the OSStatus was -50:

One or more parameters passed to the function were not valid. β€” osstatus.com

It took me some time to find out, but SecItemDelete doesn't work with kSecMatchLimitOne. On the one hand, this does make sense, as you don't know, which item would be deleted. On the other hand, the documentation tells me:

See the SecItemCopyMatching function for information about how to construct a search dictionary. β€” Documentation

What it doesn't say is, that this kSecMatchLimit-behaviour is different: To limit deletions, you have to specify an additional key.

After removing kSecMatchLimit from the dictionary, deleting Keychain-items worked.

Thanks again for reading!

Top comments (0)