We are working on an application in which we use Touch ID to read a secret from a keychain.
We found that when you read the keychain immediately after the previous read, the read will not return a string value a second time if the PIN code is used for the first time to read the secret code. If the user uses his fingerprint for the first time, the Touch ID dialog will be presented a second time, and another reading will be successful.
Here is an example application: https://github.com/cnandreu/KeychainTouchIdError
Below are some scenarios for using the KeychainTouchIdError application for demonstration. They must run on a real iOS 8 device with a touch sensor. All scripts work as expected when using the simulator, since the Touch ID dialog box is never displayed.
Scenario 1 (working)
- Store value in key chain protected by kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly.
- Read from keychain, use fingerprint to unlock.
- No delay.
- Read from the keychain, use your fingerprint or PIN to unlock.
Scenario 2 (broken down on devices):
- Store value in key chain protected by kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly.
- Read from the keychain, use the PIN code to unlock.
- No delay.
- . , . , .
3 ():
- , kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly.
- , PIN- .
- 500 .
- . PIN-.
,
- , kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly.
- .
- .
Quick - 1 2.
Quick with Delay - 3.
, PIN-, 250 , . . .
, 2? -, , , " ?"