xcode 钥匙串 - 安全数据存储
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15452847/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Keychain - Secure Data Storage
提问by Abhishek Singh
I am developing an application with keychain implementation . i am able to create & Save data into keychain . I am using the Keychain Wrapper classesprovided By Apple.
我正在开发一个带有钥匙串实现的应用程序。我能够创建并将数据保存到钥匙串中。我正在使用Apple 提供的Keychain Wrapper 类。
According to requirement , I have to implement best possible Security in the KeyChain (The security team pointed out lapses , such as it's accessibility on Jail-broken devices).
根据要求,我必须在 KeyChain 中实现最佳安全性(安全团队指出了一些漏洞,例如它在越狱设备上的可访问性)。
Could Someone give me direction?
有人可以给我方向吗?
回答by Abhishek Singh
I had also Implemented keychain in application long Back using the same Wrapper you cited , but , of course with a lot of modifications.
我还使用您引用的相同 Wrapper 在 application long Back 中实现了钥匙串,但是,当然有很多修改。
Basically Keychain is quite secure .According to Apple , it's an encrypted container that holds secure information for multiple applications ,which means that when the keychain is locked, no one can access its protected contents .
基本上,Keychain 是相当安全的。根据 Apple 的说法,它是一个加密容器,其中包含多个应用程序的安全信息,这意味着当 Keychain 被锁定时,没有人可以访问其受保护的内容。
In iOS , only the application creating the keychain can access it. According to Apple's documentation , iOS can choose to Memory-Cache or Disk Cache it.
在 iOS 中,只有创建钥匙串的应用程序才能访问它。根据 Apple 的文档,iOS 可以选择 Memory-Cache 或 Disk Cache。
But from iOS 4.xx++ , it's only disk-cached(dunno why) , thus always creating a sqlite DB , where all the data in the keychain are stored corresponding to a particular Identifier.
但是从 iOS 4.xx++ 开始,它只是磁盘缓存(不知道为什么),因此总是创建一个 sqlite DB ,其中钥匙串中的所有数据都存储在与特定标识符相对应的位置。
The Sqlite DB Can be Hacked on rooted or Jail-broken devices.
Sqlite 数据库可以在 root 或越狱设备上被黑客入侵。
To Secure the Keychain
保护钥匙串
1 Add the security keyword "kSecAttrAccessibleWhenUnlockedThisDeviceOnly" while adding or
updating the data in keychain on the methods "SecItemUpdate" & "SecItemAdd".
1
在方法“ ”&“ ”上kSecAttrAccessibleWhenUnlockedThisDeviceOnly添加或
更新钥匙串中的数据时添加安全关键字SecItemUpdate“ SecItemAdd”。
Something like :-
就像是 :-
- (void)writeToKeychain
{
NSDictionary *attributes = NULL;
NSMutableDictionary *updateItem = NULL;
OSStatus result;
if (SecItemCopyMatching((CFDictionaryRef)genericPasswordQuery, (CFTypeRef *)&attributes) == noErr)
{
updateItem = [NSMutableDictionary dictionaryWithDictionary:attributes];
[updateItem setObject:[genericPasswordQuery objectForKey:(id)kSecClass] forKey:(id)kSecClass];
NSMutableDictionary *tempCheck = [self dictionaryToSecItemFormat:keychainItemData];
[tempCheck removeObjectForKey:(id)kSecClass];
#if TARGET_IPHONE_SIMULATOR
[tempCheck removeObjectForKey:(id)kSecAttrAccessGroup];
#endif
[updateItem setObject:(id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(id)kSecAttrAccessible];
result = SecItemUpdate((CFDictionaryRef)updateItem, (CFDictionaryRef)tempCheck);
NSAssert( result == noErr, @"Couldn't update the Keychain Item." );
CFRelease(attributes);
}
else
{
[keychainItemData setObject:(id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(id)kSecAttrAccessible];
result = SecItemAdd((CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL);
NSAssert( result == noErr, @"Couldn't add the Keychain Item." );
}
}
2 Encrypt the data before Adding to the Keychain .I used AES-128 Encryption. Also ensure that the key used for Encryption is RSA key.(sent by SSL Web Service ).
2 在添加到钥匙串之前加密数据。我使用了 AES-128 加密。还要确保用于加密的密钥是 RSA 密钥。(由 SSL Web 服务发送)。
NOTE :-The Keychain Data is stored in the /private/var/Keychains/keychain-2.dbfile on the iPhone.
注意:-钥匙串数据存储在/private/var/Keychains/keychain-2.dbiPhone 上的文件中。
Hope it helps you.
希望对你有帮助。
回答by skingtree
[attributeDict setObject:(__bridge id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(__bridge id)kSecAttrAccessible];
