KB_180039: DeviceFingerprint changes every time it is generated (iOS)5/23/2017 4:05:01 PM
On iOS devices, every time when calling getDeviceFingerPrintWithSalt / getDeviceFingerPrintWithDynamicSalt, a different DeviceFingerprint is returned, even when using the same salt as input.
Keywords: iOS, Device Binding SDK, Secure Storage SDK, -4305, UNREADABLE_STORAGE.
Problem symptoms / details.
The Device fingerprint as generated by either one of the methods below:
NSString*fingerprint = [DeviceBindingSDKgetDeviceFingerPrintWithDynamicSalt:@"Salt123"];
NSString*fingerprint = [DeviceBindingSDKgetDeviceFingerPrintWithSalt:@"Salt123"];
Returns a different fingerprint every time when calling the method. The salt used is constant.
It is likely that this issue shows up when initializing the secure storage (as the
fingerprint is one of the factors used to en-/decrypt the secure storage).
In that case, the call below will raise a SecureStorageSDKException with errorCode -
SecureStorageSDK*secureStorage = [[SecureStorageSDKalloc]initWithFileName:fileNameuseFingerPrint:fingerprint
You will get this behavior when using an entitlement and keychain-access-groups is not correctly configured.
The reason behind this is that a random string is generated on the first device binding call and stored inside the keychain, on group level.
This operation is allowed if:
- No entitlement is used
- Or an entitlement is used, and keychain-access-groups is correctly configured.
To solve this:
- Remove the entitlement if your application does not need it
- Correctly configure the keychain-access-groups – your Bundle Seed ID needs to be addedhere. See the sample below, the bold part is what needs to be added.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
*1 The bundle seed ID is a unique (within the App Store) ten character string that is generated by Apple when you first create an App ID. The bundle identifier is generally set to be a reverse domain name string identifying your app (e.g. com.yourcompany.appName) and is what you specify in the application Info.plist file in Xcode.
An example of such a Bundle Seed ID is “D498T7532.*”
Applies to: IDENTIKEY Appliance
© 2017 VASCO Data Security. All rights reserved.