From c5e30a0fa07ca9eaa44ddaf3b8ee6cb401556ada Mon Sep 17 00:00:00 2001
From: Julius Zint <julius.zint@awin-software.de>
Date: Sun, 14 Feb 2021 17:40:11 +0100
Subject: [PATCH] The TouchID keypair can no be removed from the macOS keychain

This is a good feature for security and stability. It gives users
the option to prevent TouchID unlock for any previously unlocked
database and it is also helpful in cases where only one part of the
keypair is in the macOS keychain.
---
 MacPass/Base.lproj/IntegrationPreferences.xib | 84 ++++++++++++++-----
 MacPass/MPConstants.h                         |  7 ++
 MacPass/MPConstants.m                         |  3 +
 MacPass/MPIntegrationPreferencesController.m  | 29 +++++++
 MacPass/MPPasswordInputController.m           | 12 ++-
 5 files changed, 109 insertions(+), 26 deletions(-)

diff --git a/MacPass/Base.lproj/IntegrationPreferences.xib b/MacPass/Base.lproj/IntegrationPreferences.xib
index 8705ad7d..63b9f590 100644
--- a/MacPass/Base.lproj/IntegrationPreferences.xib
+++ b/MacPass/Base.lproj/IntegrationPreferences.xib
@@ -27,19 +27,19 @@
         <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
         <customObject id="-3" userLabel="Application" customClass="NSObject"/>
         <customView translatesAutoresizingMaskIntoConstraints="NO" id="1">
-            <rect key="frame" x="0.0" y="0.0" width="411" height="520"/>
+            <rect key="frame" x="0.0" y="0.0" width="417" height="664"/>
             <subviews>
                 <box autoresizesSubviews="NO" verticalHuggingPriority="500" borderType="line" title="Autotype" translatesAutoresizingMaskIntoConstraints="NO" id="P9N-HM-wER">
-                    <rect key="frame" x="17" y="115" width="377" height="385"/>
+                    <rect key="frame" x="17" y="246" width="383" height="398"/>
                     <view key="contentView" id="faU-Ok-HJ3">
-                        <rect key="frame" x="3" y="3" width="371" height="367"/>
+                        <rect key="frame" x="3" y="3" width="377" height="380"/>
                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                         <subviews>
                             <stackView distribution="fill" orientation="vertical" alignment="leading" horizontalStackHuggingPriority="250" verticalStackHuggingPriority="250" horizontalHuggingPriority="249" translatesAutoresizingMaskIntoConstraints="NO" id="j52-9L-k7c">
-                                <rect key="frame" x="16" y="17" width="339" height="340"/>
+                                <rect key="frame" x="16" y="17" width="345" height="353"/>
                                 <subviews>
                                     <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="hMJ-Mo-xOM">
-                                        <rect key="frame" x="-2" y="298" width="343" height="42"/>
+                                        <rect key="frame" x="-2" y="311" width="349" height="42"/>
                                         <textFieldCell key="cell" controlSize="small" id="H37-ku-aTc">
                                             <font key="font" metaFont="smallSystem"/>
                                             <string key="title">Autotype might not work properly. Some issues where found that prevent Autotype or Global Autotype to work. Please run the Autotype Doctor to fix those issues.</string>
@@ -48,7 +48,7 @@
                                         </textFieldCell>
                                     </textField>
                                     <button horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="jai-b6-Qv4">
-                                        <rect key="frame" x="-6" y="262" width="177" height="32"/>
+                                        <rect key="frame" x="-7" y="276" width="171" height="32"/>
                                         <buttonCell key="cell" type="push" title="Run Autotype Doctor…" bezelStyle="rounded" alignment="center" borderStyle="border" inset="2" id="NP0-R3-m6n">
                                             <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
                                             <font key="font" metaFont="system"/>
@@ -58,14 +58,14 @@
                                         </connections>
                                     </button>
                                     <button horizontalHuggingPriority="249" translatesAutoresizingMaskIntoConstraints="NO" id="tik-Ar-FJg">
-                                        <rect key="frame" x="-2" y="245" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="258" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Enable global Autotype" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="1qb-Rd-jYu">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <stackView distribution="fill" orientation="horizontal" alignment="centerY" horizontalStackHuggingPriority="249.99998474121094" verticalStackHuggingPriority="249.99998474121094" translatesAutoresizingMaskIntoConstraints="NO" id="d6A-Vb-CMt">
-                                        <rect key="frame" x="0.0" y="218" width="281" height="21"/>
+                                        <rect key="frame" x="0.0" y="230" width="281" height="21"/>
                                         <subviews>
                                             <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="buI-Wb-o3V">
                                                 <rect key="frame" x="-2" y="3" width="57" height="16"/>
@@ -107,14 +107,14 @@
                                         </customSpacing>
                                     </stackView>
                                     <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="uZQ-Gd-hfu">
-                                        <rect key="frame" x="-2" y="194" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="205" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Always show confirmation before executing Autotype" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="rrU-70-Ara">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <textField horizontalHuggingPriority="249" verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="cUt-aB-oib">
-                                        <rect key="frame" x="-2" y="146" width="343" height="42"/>
+                                        <rect key="frame" x="-2" y="156" width="349" height="42"/>
                                         <textFieldCell key="cell" controlSize="small" selectable="YES" id="VjU-Hz-cu4">
                                             <font key="font" metaFont="smallSystem"/>
                                             <string key="title">If enabled, a dialog will show up before Autotype is executed even if only a single match was found to prevent accidental input and wrong matches</string>
@@ -123,42 +123,42 @@
                                         </textFieldCell>
                                     </textField>
                                     <button horizontalHuggingPriority="249" translatesAutoresizingMaskIntoConstraints="NO" id="DAX-V8-Say">
-                                        <rect key="frame" x="-2" y="122" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="131" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Include Entry Title for matches" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="tmL-dT-D0G">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <button horizontalHuggingPriority="249" translatesAutoresizingMaskIntoConstraints="NO" id="8Wz-lo-AXG">
-                                        <rect key="frame" x="-2" y="100" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="107" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Include Entry URL for matches" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="TzR-00-Vp3">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <button horizontalHuggingPriority="249" translatesAutoresizingMaskIntoConstraints="NO" id="TiO-ah-BlR">
-                                        <rect key="frame" x="-2" y="78" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="83" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Include Entry URL Host for matches" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="B1D-j9-L8x">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <button horizontalHuggingPriority="249" translatesAutoresizingMaskIntoConstraints="NO" id="9MH-jx-GpG">
-                                        <rect key="frame" x="-2" y="56" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="59" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Include Entry Tags for matches" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="rbu-G7-MT8">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <button horizontalHuggingPriority="249" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="VK8-z4-2ci">
-                                        <rect key="frame" x="-2" y="34" width="343" height="18"/>
+                                        <rect key="frame" x="-2" y="35" width="347" height="18"/>
                                         <buttonCell key="cell" type="check" title="Interpret ⌃ as ⌘" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="QfO-yG-l3F">
                                             <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                             <font key="font" metaFont="system"/>
                                         </buttonCell>
                                     </button>
                                     <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="wbP-A9-jpw">
-                                        <rect key="frame" x="-2" y="0.0" width="343" height="28"/>
+                                        <rect key="frame" x="-2" y="0.0" width="349" height="28"/>
                                         <textFieldCell key="cell" sendsActionOnEndEditing="YES" title="If enabled, every {CONTROL} command will be sent as ⌘. Only disable this if you are sure you need to." id="QRy-CY-ENC">
                                             <font key="font" metaFont="smallSystem"/>
                                             <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
@@ -205,20 +205,20 @@
                     </constraints>
                 </box>
                 <box autoresizesSubviews="NO" verticalHuggingPriority="500" borderType="line" title="Preview" translatesAutoresizingMaskIntoConstraints="NO" id="VVs-b5-cX9">
-                    <rect key="frame" x="17" y="16" width="377" height="95"/>
+                    <rect key="frame" x="17" y="145" width="383" height="97"/>
                     <view key="contentView" id="ww4-uR-8gP">
-                        <rect key="frame" x="3" y="3" width="371" height="77"/>
+                        <rect key="frame" x="3" y="3" width="377" height="79"/>
                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                         <subviews>
                             <button translatesAutoresizingMaskIntoConstraints="NO" id="LNw-5t-TS4">
-                                <rect key="frame" x="14" y="51" width="178" height="18"/>
+                                <rect key="frame" x="14" y="52" width="182" height="18"/>
                                 <buttonCell key="cell" type="check" title="Enable Quicklook Preview" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="ERs-ct-Eyx">
                                     <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                     <font key="font" metaFont="system"/>
                                 </buttonCell>
                             </button>
                             <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="V6l-R9-hIj">
-                                <rect key="frame" x="14" y="17" width="343" height="28"/>
+                                <rect key="frame" x="14" y="17" width="349" height="28"/>
                                 <textFieldCell key="cell" controlSize="small" sendsActionOnEndEditing="YES" title="If enabled attached files will be copied to a temporary location for preview and deleted after the preview is closed." id="WmI-IB-Aso">
                                     <font key="font" metaFont="smallSystem"/>
                                     <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
@@ -239,17 +239,57 @@
                         <constraint firstAttribute="trailing" relation="greaterThanOrEqual" secondItem="V6l-R9-hIj" secondAttribute="trailing" constant="16" id="ivY-UD-QFJ"/>
                     </constraints>
                 </box>
+                <box title="Keychain" translatesAutoresizingMaskIntoConstraints="NO" id="ChZ-ku-FOP">
+                    <rect key="frame" x="17" y="16" width="383" height="125"/>
+                    <view key="contentView" id="ocY-lR-P2Z">
+                        <rect key="frame" x="3" y="3" width="377" height="107"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <subviews>
+                            <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="u5z-ST-gTK">
+                                <rect key="frame" x="9" y="60" width="154" height="32"/>
+                                <buttonCell key="cell" type="push" title="Renew TouchID Key" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="b4n-g4-CtW">
+                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                    <font key="font" metaFont="system"/>
+                                </buttonCell>
+                                <connections>
+                                    <action selector="RenewTouchIdKey:" target="-2" id="dl7-WD-Abu"/>
+                                </connections>
+                            </button>
+                            <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="9kv-ns-mQx">
+                                <rect key="frame" x="14" y="16" width="349" height="42"/>
+                                <textFieldCell key="cell" controlSize="small" sendsActionOnEndEditing="YES" id="LyC-Hd-ecK">
+                                    <font key="font" metaFont="smallSystem"/>
+                                    <string key="title">MacPass will no longer be able to unlock any Database with TouchID until it is successfully unlocked with the password and or keyfile.</string>
+                                    <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                    <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                </textFieldCell>
+                            </textField>
+                        </subviews>
+                        <constraints>
+                            <constraint firstAttribute="bottom" secondItem="9kv-ns-mQx" secondAttribute="bottom" constant="16" id="INC-l7-zwP"/>
+                            <constraint firstItem="u5z-ST-gTK" firstAttribute="leading" secondItem="ocY-lR-P2Z" secondAttribute="leading" constant="16" id="KDt-yM-fh3"/>
+                            <constraint firstItem="9kv-ns-mQx" firstAttribute="top" secondItem="u5z-ST-gTK" secondAttribute="bottom" constant="9" id="RjN-pw-qLc"/>
+                            <constraint firstItem="9kv-ns-mQx" firstAttribute="leading" secondItem="u5z-ST-gTK" secondAttribute="leading" id="X5L-Rj-Wky"/>
+                            <constraint firstItem="u5z-ST-gTK" firstAttribute="top" secondItem="ocY-lR-P2Z" secondAttribute="top" constant="20" symbolic="YES" id="guH-ws-dzX"/>
+                            <constraint firstAttribute="trailing" secondItem="9kv-ns-mQx" secondAttribute="trailing" constant="16" id="icu-An-dNK"/>
+                            <constraint firstAttribute="trailing" relation="lessThanOrEqual" secondItem="u5z-ST-gTK" secondAttribute="trailing" priority="240" constant="16" id="rni-sA-a7w"/>
+                        </constraints>
+                    </view>
+                </box>
             </subviews>
             <constraints>
+                <constraint firstItem="ChZ-ku-FOP" firstAttribute="trailing" secondItem="ww4-uR-8gP" secondAttribute="trailing" id="39G-i3-XQa"/>
+                <constraint firstItem="ChZ-ku-FOP" firstAttribute="top" secondItem="VVs-b5-cX9" secondAttribute="bottom" constant="8" symbolic="YES" id="3ub-U2-KCr"/>
                 <constraint firstItem="P9N-HM-wER" firstAttribute="top" secondItem="1" secondAttribute="top" constant="20" symbolic="YES" id="8fy-q5-VJy"/>
-                <constraint firstAttribute="bottom" secondItem="VVs-b5-cX9" secondAttribute="bottom" constant="20" symbolic="YES" id="TZB-qe-7eg"/>
+                <constraint firstItem="ChZ-ku-FOP" firstAttribute="leading" secondItem="ww4-uR-8gP" secondAttribute="leading" id="BQW-Zd-udd"/>
+                <constraint firstAttribute="bottom" secondItem="ChZ-ku-FOP" secondAttribute="bottom" constant="20" symbolic="YES" id="DBk-vZ-yOT"/>
                 <constraint firstItem="VVs-b5-cX9" firstAttribute="top" secondItem="P9N-HM-wER" secondAttribute="bottom" constant="8" symbolic="YES" id="VCX-JW-cBe"/>
                 <constraint firstItem="VVs-b5-cX9" firstAttribute="trailing" secondItem="P9N-HM-wER" secondAttribute="trailing" id="k9i-4T-WY0"/>
                 <constraint firstAttribute="trailing" secondItem="P9N-HM-wER" secondAttribute="trailing" constant="20" id="n5w-Cw-Bbt"/>
                 <constraint firstItem="P9N-HM-wER" firstAttribute="leading" secondItem="1" secondAttribute="leading" constant="20" id="ulV-xL-ldJ"/>
                 <constraint firstItem="VVs-b5-cX9" firstAttribute="leading" secondItem="P9N-HM-wER" secondAttribute="leading" id="z4a-9C-78h"/>
             </constraints>
-            <point key="canvasLocation" x="-1204" y="-1287"/>
+            <point key="canvasLocation" x="-1204.5" y="-1287.5"/>
         </customView>
     </objects>
 </document>
diff --git a/MacPass/MPConstants.h b/MacPass/MPConstants.h
index ef3e1577..de914f18 100644
--- a/MacPass/MPConstants.h
+++ b/MacPass/MPConstants.h
@@ -40,4 +40,11 @@ FOUNDATION_EXPORT NSString *const MPPluginUTI;
 FOUNDATION_EXPORT NSString *const MPBundleHelpURLKey;
 FOUNDATION_EXPORT NSString *const MPBundlePluginRepositoryURLKey;
 FOUNDATION_EXPORT NSString *const MPPluginCompatibilityURLKey;
+
+/**
+ Keychain Keys
+ */
+extern NSString *const TouchIdUnlockPublicKeyTag;
+extern NSString *const TouchIdUnlockPrivateKeyTag;
+
 #endif
diff --git a/MacPass/MPConstants.m b/MacPass/MPConstants.m
index 99041ee1..f4729f82 100644
--- a/MacPass/MPConstants.m
+++ b/MacPass/MPConstants.m
@@ -31,3 +31,6 @@ NSString *const MPBundleHelpURLKey                = @"MPHelpURL";
 NSString *const MPBundlePluginRepositoryURLKey    = @"MPPluginRepositoryURL";
 NSString *const MPPluginCompatibilityURLKey  = @"MPPluginCompatibilityURLKey";
 
+NSString *const TouchIdUnlockPublicKeyTag = @"com.hicknhacksoftware.macpass.publickey";
+NSString *const TouchIdUnlockPrivateKeyTag = @"com.hicknhacksoftware.macpass.privatekey";
+
diff --git a/MacPass/MPIntegrationPreferencesController.m b/MacPass/MPIntegrationPreferencesController.m
index 8f6bb026..759612b6 100644
--- a/MacPass/MPIntegrationPreferencesController.m
+++ b/MacPass/MPIntegrationPreferencesController.m
@@ -24,6 +24,7 @@
 #import "MPSettingsHelper.h"
 #import "MPIconHelper.h"
 #import "MPAutotypeDoctor.h"
+#import "MPConstants.h"
 
 #import "DDHotKeyCenter.h"
 #import "DDHotKey+MacPassAdditions.h"
@@ -129,4 +130,32 @@
 - (void)runAutotypeDoctor:(id)sender {
   [MPAutotypeDoctor.defaultDoctor runChecksAndPresentResults];
 }
+
+#pragma mark -
+#pragma mark Keychain Actions
+- (IBAction)RenewTouchIdKey:(id)sender {
+    NSData* publicKeyTag = [TouchIdUnlockPublicKeyTag dataUsingEncoding:NSUTF8StringEncoding];
+    NSDictionary *publicKeyQuery = @{
+      (id)kSecClass: (id)kSecClassKey,
+      (id)kSecAttrApplicationTag: publicKeyTag,
+      (id)kSecReturnRef: @YES,
+    };
+    OSStatus status = SecItemDelete((__bridge CFDictionaryRef)publicKeyQuery);
+    if (status != errSecSuccess) {
+        NSString* description = (__bridge NSString*)SecCopyErrorMessageString(status, NULL);
+        NSLog(@"Error while trying to delete public key from Keychain: %@", description);
+    }
+    
+    NSData* privateKeyTag = [TouchIdUnlockPrivateKeyTag dataUsingEncoding:NSUTF8StringEncoding];
+    NSDictionary *privateKeyQuery = @{
+      (id)kSecClass: (id)kSecClassKey,
+      (id)kSecAttrApplicationTag: privateKeyTag,
+      (id)kSecReturnRef: @YES,
+    };
+    status = SecItemDelete((__bridge CFDictionaryRef)privateKeyQuery);
+    if (status != errSecSuccess) {
+        NSString* description = (__bridge NSString*)SecCopyErrorMessageString(status, NULL);
+        NSLog(@"Error while trying to delete private key from Keychain: %@", description);
+    }
+}
 @end
diff --git a/MacPass/MPPasswordInputController.m b/MacPass/MPPasswordInputController.m
index 0241b151..6fdb30f0 100644
--- a/MacPass/MPPasswordInputController.m
+++ b/MacPass/MPPasswordInputController.m
@@ -28,6 +28,7 @@
 #import "MPPathControl.h"
 #import "MPTouchBarButtonCreator.h"
 #import "MPSettingsHelper.h"
+#import "MPConstants.h"
 
 #import "HNHUi/HNHUi.h"
 
@@ -175,8 +176,8 @@ static NSMutableDictionary* touchIDSecuredPasswords;
   CFErrorRef error = NULL;
   NSString* publicKeyLabel =  @"MacPass TouchID Feature Public Key";
   NSString* privateKeyLabel = @"MacPass TouchID Feature Private Key";
-  NSData* publicKeyTag =  [@"com.hicknhacksoftware.macpass.publickey"  dataUsingEncoding:NSUTF8StringEncoding];
-  NSData* privateKeyTag = [@"com.hicknhacksoftware.macpass.privatekey" dataUsingEncoding:NSUTF8StringEncoding];
+  NSData* publicKeyTag =  [TouchIdUnlockPublicKeyTag  dataUsingEncoding:NSUTF8StringEncoding];
+  NSData* privateKeyTag = [TouchIdUnlockPrivateKeyTag dataUsingEncoding:NSUTF8StringEncoding];
   SecAccessControlRef access = NULL;
   if (@available(macOS 10.13.4, *)) {
     SecAccessControlCreateFlags flags = kSecAccessControlBiometryCurrentSet;
@@ -228,7 +229,7 @@ static NSMutableDictionary* touchIDSecuredPasswords;
 - (NSData*) _touchIdEncryptCompositeKey: (KPKCompositeKey*) compositeKey {
   NSData* encryptedKey = nil;
   NSData* keyData = [NSKeyedArchiver archivedDataWithRootObject:compositeKey];
-  NSData* tag = [@"com.hicknhacksoftware.macpass.publickey" dataUsingEncoding:NSUTF8StringEncoding];
+  NSData* tag = [TouchIdUnlockPublicKeyTag dataUsingEncoding:NSUTF8StringEncoding];
   NSDictionary *getquery = @{
     (id)kSecClass: (id)kSecClassKey,
     (id)kSecAttrApplicationTag: tag,
@@ -265,7 +266,7 @@ static NSMutableDictionary* touchIDSecuredPasswords;
 - (KPKCompositeKey*) _touchIdDecryptCompositeKey: (NSData*) encryptedKey {
   KPKCompositeKey* result = nil;
   if(encryptedKey != nil) {
-    NSData* tag = [@"com.hicknhacksoftware.macpass.privatekey" dataUsingEncoding:NSUTF8StringEncoding];
+    NSData* tag = [TouchIdUnlockPrivateKeyTag dataUsingEncoding:NSUTF8StringEncoding];
     NSDictionary *queryPrivateKey = @{
       (id)kSecClass: (id)kSecClassKey,
       (id)kSecAttrApplicationTag: tag,
@@ -333,6 +334,9 @@ static NSMutableDictionary* touchIDSecuredPasswords;
     self.completionHandler(compositeKey, nil, false, &error);
     [self _showError:error];
   }
+  else {
+    self.touchIdButton.hidden = true;
+  }
 }
 
 - (IBAction)touchIdEnabledChanged:(id)sender {