Showing posts with label keychain. Show all posts
Showing posts with label keychain. Show all posts

Sunday, September 10, 2017

Keychain references in Swift used in NEVPNManager

By Hường Hana 6:00 AM , , Leave a Comment

I'm trying to connect to a VPN using Swift in Xcode. I'm using KeychainSwift to keep keychain references. My code looks like this:

    private func connectVPN(completion: @escaping () -> Void) {          let keychain = KeychainSwift()         keychain.set("<mypassword>", forKey: "passref")         keychain.set("<sharedsecretpassword>", forKey: "secretref")          NEVPNManager.shared().loadFromPreferences { error in             let vpnhost = "<11.11.11.11>"             let username = "<myusername>"              let p = NEVPNProtocolIPSec()             p.username = username             p.localIdentifier = username             p.serverAddress = vpnhost             p.remoteIdentifier = vpnhost             p.authenticationMethod = .sharedSecret             p.disconnectOnSleep = false              p.sharedSecretReference = keychain.getData("secretref")             p.passwordReference = keychain.getData("passref")              var rules = [NEOnDemandRule]()             let rule = NEOnDemandRuleConnect()             rule.interfaceTypeMatch = .any             rules.append(rule)              NEVPNManager.shared().localizedDescription = "My VPN"             NEVPNManager.shared().protocolConfiguration = p             NEVPNManager.shared().onDemandRules = rules             NEVPNManager.shared().isOnDemandEnabled = true             NEVPNManager.shared().isEnabled = true             NEVPNManager.shared().saveToPreferences { error in                 if (error != nil) {                     print(error!)                 } else {                     do {                         try NEVPNManager.shared().connection.startVPNTunnel()                         completion()                     } catch {                         print("can't connect VPN'")                     }                 }             }         }     }

I'm using keychain.getData("secretref"), because this field needs

A persistent keychain reference to a keychain item containing the IKE shared secret.

What's more,

The persistent keychain reference must refer to a keychain item of class kSecClassGenericPassword.

I'm not really sure, if I'm doing it right. I didn't subclass kSecClassGenericPassword or use it in any way.

When I'm using this function in code, a window shows with information, that there is no shared secret for this VPN. I think it means that this keychain doesn't work as it's supposed to.

In iPhone settings, it tries to connect, moves switch towards green and instantly the switch goes back to "off" state. When I put the same data as in code manually, the connection works.

What am I doing wrong? What should I correct?

1 Answers

Answers 1

Okay, I have the answer. In the query for the SecItemCopyMatching, I had to choose kSecReturnPersistentRef with kCFBooleanTrue - not kSecReturnData.

Read More

Friday, September 1, 2017

Chrome OSX SSL This certificate has an invalid issuer

By Hường Hana 8:30 AM , , , Leave a Comment

I am getting an 'invalid issuer' error when trying to access a local site. As can be seen in the screenshot, the root CA certificate has been imported and trusted. So, why do I still get this error?

The certificate works correctly in Firefox after importing the CA cert.

Root cert

Server cert

1 Answers

Answers 1

Mac OS does not support Name Constraints. Removing this property from the root certificate solved this issue in our case. For background see: https://security.stackexchange.com/questions/95600/are-x-509-nameconstraints-on-certificates-supported-on-os-x

(You don't appear to be using this property according to the screenshots, but I'm still posting this as it might be a valid solution for others)

Read More

Monday, April 11, 2016

Error (internetKeychainItemForServer:withUsername:path:port:protocol:) - The specified item could not be found in the keychain

By Hường Hana 9:00 AM , , , Leave a Comment

I get the following error while I try to push my code to github using Sourcetree:

Pushing to http://github.myOrg.com/my-repo/my-proj.git 2014-09-23 13:05:20.500 git-credential-sourcetree[6744:507] Error (internetKeychainItemForServer:withUsername:path:port:protocol:) - The specified item could not be found in the keychain. remote: Permission to ion-my-repo/my-proj.git denied to my-user-id. fatal: unable to access 'http://github.myOrg.com/my-repo/my-proj.git/': The requested URL returned error: 403

When I hit push, sourcetree asks me for my password related to my account:

Password required For user my-user-id on host github.myOrg.com

So it looks like sourcetree knows what is my user id and it just needs the password to access my github account. I am able to pull the contents using sourcetree and it doesn't ask me for my credentials. I was also able to do push to this project, but recently my system admin did something on my mac with keychains and since then I am not able to push anything on github.

Did anyone came across this issue before?

1 Answers

Answers 1

I was having the exact same issue. It seems that ssh agent somehow lost my credentials. I realized it when I attempted to list all my ssh keys using the terminal:

$ ssh-add -l > The agent has no identities.

So I ran

$ ssh-add ~/.ssh/my_rsa_key

I entered the password for my key. And the issue went away.

So, I don't know exactly why or how my ssh agent lost its keys all of a sudden but if that is the same problem you are having, you can solve by adding the ssh key back using ssh-add command.

This might be one of those issues that have many different causes and solutions, I am just proposing a solution for my case.

Read More

Thursday, March 24, 2016

Can't find Keychain value when running from XCode

By Hường Hana 12:00 PM , , , , Leave a Comment

I'm using SSKeychain to store a session token. When I compile and run the app from XCode, sometimes the token cannot be found (seems like it works sporadically). However, if I unplug my device and run the app without XCode, the token is back, 10/10 times. I'm not sure if this is a problem with SSKeychain or with Keychain in general. The code I'm using to store and read values is the following:

- (void)setSecureValue:(NSString *)value forKey:(NSString *)key {     [SSKeychain setPassword:value forService:kServiceName account:key]; }  - (NSString *)secureValueForKey:(NSString *)key {     if (key != nil)     {         return [SSKeychain passwordForService:kServiceName account:key];     }     return nil; }

Many issues revolving Keychain access seem to be resolved by realizing that the keychain is not a data storage and that it can be emptied at times (due to memory warnings, for example). However, since I always run on the same device, and the token is still there after unplugging and running again, I don't see how this could be the issue here.

1 Answers

Answers 1

This is a bug of the keychain itself. If you are debugging the app on device, the app security needs to be breached to enable the debugging mode and that's why the keychain doesn't work somehow

Read More