Q: Can I sequentially access encrypted Keychain Items, avoiding multiple "Deny/Allow Once/Always Allow" confirmation dialogs?
A: No. There is currently no way to avoid the individual confirmation dialogs when using Keychain Manager or Keychain Services APIs, since the data of each retrieved item must first be decrypted before it is returned to the caller. Each item stored in your keychain is individually encrypted with its own unique key. Each of those keys has an access control list that requires the use of the confirmation dialog by default when the key is used to decrypt. Furthermore, these individual keys are themselves encrypted with a master key, which is in turn encrypted with a key derived from your passphrase.
If you don't want or need the old encrypted data content and the new data content is known to you, you can update an item without getting dialogs.
You can do this by:
To acquire the old item's attributes and access, pass NULL for the data and data length parameters of functions that return keychain item attributes, such as
For a listing of associated functions, check out the Keychain Services Reference.
Document Revision History