coreml Fetching decryption key from server failed

Question

iX901 OP

Created 1w

Replies 5

Boosts 2

Participants 4

My iOS app supports iOS 18, and I’m using an encrypted CoreML model secured with a key generated from Xcode.

Every few months (around every 3 months), the encrypted model fails to load for both me and my users. When I investigate, I find this error:

coreml Fetching decryption key from server failed: noEntryFound("No records found"). Make sure the encryption key was generated with correct team ID

To temporarily fix it, I delete the old key, generate a new one, re-encrypt the model, and submit an app update. This resolves the issue, but only for a while.

This is a terrible experience for users and obviously not a sustainable solution.

I want to understand:

Why is this happening?
Is there a known expiration or invalidation policy for CoreML encryption keys?
How can I prevent this issue permanently?

Any insights or official guidance would be really appreciated.

Boost

Answer 1

yongzhi.guo OP

1w

Our team also encountered the same issue yesterday — all users in the production environment experienced a “Fetching decryption key from server failed” error when loading the model. The problem appears to be resolved today, and model loading has returned to normal. We suspect this may have been caused by a temporary outage or disruption in Apple’s backend or key distribution service.

1

Answer 2

CocoaCraftsman OP

1w

I've got the same issue and a slightly more detailed traceback. And this was after regenerating the encryption keys, as OP mentioned.

Could not create persistent key blob for 210D96A1-1260-486C-847A-2FB4A4579DF7 : error=Error Domain=com.apple.CoreML Code=8 "Fetching decryption key from server failed: CKRPCError(file: "/app/.build/checkouts/cloudkitrpc/Sources/CKRPC/BatchBuilding.swift", line: 175, code: .remoteError, underlying: Optional(CKRPC.CKRPCRemoteError(proto: _CloudKitRPCProtobuf.Rpcproto_ErrorInfo:
message: "Zone does not exist"
clientCode: zoneNotFound
cloudDbErrorName: "ZONE_NOT_FOUND"
loggingDetails {
  key: "zone"
  value: "Zone-F8773MR9C7"
}
))). Make sure the encryption key was generated with correct team ID." UserInfo={NSLocalizedDescription=Fetching decryption key from server failed: CKRPCError(file: "/app/.build/checkouts/cloudkitrpc/Sources/CKRPC/BatchBuilding.swift", line: 175, code: .remoteError, underlying: Optional(CKRPC.CKRPCRemoteError(proto: _CloudKitRPCProtobuf.Rpcproto_ErrorInfo:
message: "Zone does not exist"
clientCode: zoneNotFound
cloudDbErrorName: "ZONE_NOT_FOUND"
loggingDetails {
  key: "zone"
  value: "Zone-F8773MR9C7"
}
))). Make sure the encryption key was generated with correct team ID.}

0

Answer 3

boeboe26 OP

1w

We renewed the key yesterday and it "expired" again today. Very annoying.

0

Answer 4

iX901 OP

1w

This is a really frustrating issue. My app depends entirely on CoreML, and if Apple’s encrypted model system isn’t reliable, it puts real apps and businesses at risk. If encryption keys can silently fail or expire without warning, we need a better, more transparent solution. Either Apple needs to improve the stability of model encryption , or give developers a secure and officially supported way to manage our own model protection

0

Answer 5

iX901 OP

1w

Now the error message change to

"Failed to load CoreML model: Fetching decryption key from server failed: CKRPCError(file: "/app/.build/checkouts/cloudkitrpc/Sources/CKRPC/BatchBuilding.swift", line: 175, code: .remoteError, underlying: Optional(CKRPC.CKRPCRemoteError(proto: _CloudKitRPCProtobuf.Rpcproto_ErrorInfo: message: "Zone does not exist" clientCode: zoneNotFound cloudDbErrorName: "ZONE_NOT_FOUND" loggingDetails { key: "zone" value: "Zone-CP92CMD5E4" } ))). Make sure the encryption key was generated with correct team ID."

this issue effect my app and I got one star review because of it !!

I post Feedback number #FB18753752 about this issue

0