iOS Keychain 介紹
Download as PPTX, PDF3 likes2,382 views
The document discusses iOS Keychain, which is an encrypted container for securely storing private information like passwords and certificates on iOS devices. Keychain stores data for each app separately, but data can be shared between apps with the same access group. The document provides code examples for adding, finding, updating, and removing items from the Keychain via API methods like SecItemAdd, SecItemCopyMatching, and SecItemDelete.
![準備資料
• -(NSMutableDictionary *) prepareDict:(NSString *)key
• {
• NSMutableDictionary *dict = [[NSMutableDictionary alloc] init];
• [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass];
•
• NSData *encodedKey = [key dataUsingEncoding:NSUTF8StringEncoding];
• [dict setObject:encodedKey forKey:(__bridge id)kSecAttrGeneric];
• [dict setObject:encodedKey forKey:(__bridge id)kSecAttrAccount];
• [dict setObject:service forKey:(__bridge id)kSecAttrService];
• [dict setObject:(__bridge id)kSecAttrAccessibleAlwaysThisDeviceOnly forKey:(__bridge
id)kSecAttrAccessible];
•
• return dict;
• }](https://image.slidesharecdn.com/ioskeychain-141231044257-conversion-gate01/85/iOS-Keychain-10-320.jpg)
![新增
• -(BOOL) insert:(NSString *)key :(NSData *)data
• {
• NSMutableDictionary *dict =[self prepareDict:key];
• [dict setObject:data forKey:(__bridge id)kSecValueData];
•
• OSStatus status = SecItemAdd((__bridge CFDictionaryRef)dict,
NULL);
• if(errSecSuccess != status) {
• NSLog(@"Unable add item with key = %@ error:
%d",key,(int)status);
• }
• return (status == errSecSuccess);
• }](https://image.slidesharecdn.com/ioskeychain-141231044257-conversion-gate01/85/iOS-Keychain-11-320.jpg)
![尋找
• -(NSData*) find:(NSString *)key
• {
• NSMutableDictionary *dict = [self prepareDict:key];
• [dict setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
• [dict setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData];
• CFTypeRef result = NULL;
• OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)dict,&result);
•
• if(status != errSecSuccess) {
• NSLog(@"Unable to fetch item for key %@ with error: %d",key,(int)status);
• return nil;
• }
•
• return (__bridge NSData *)result;
• }](https://image.slidesharecdn.com/ioskeychain-141231044257-conversion-gate01/85/iOS-Keychain-12-320.jpg)
![更新
• -(BOOL) update:(NSString*)key :(NSData *)data
• {
• NSMutableDictionary *dictKey =[self prepareDict:key];
•
• NSMutableDictionary *dictUpdate =[[NSMutableDictionary alloc] init];
• [dictUpdate setObject:data forKey:(__bridge id)kSecValueData];
•
• OSStatus status = SecItemUpdate((__bridge CFDictionaryRef)dictKey, (__bridge
CFDictionaryRef)dictUpdate);
• if(status != errSecSuccess) {
• NSLog(@"Unable add update with key = %@ error: %d",key,(int)status);
• }
• return (status == errSecSuccess);
• }](https://image.slidesharecdn.com/ioskeychain-141231044257-conversion-gate01/85/iOS-Keychain-13-320.jpg)
![移除
• -(BOOL) remove:(NSString *)key
• {
• NSMutableDictionary *dict = [self prepareDict:key];
• OSStatus status = SecItemDelete((__bridge
CFDictionaryRef)dict);
• if(status != errSecSuccess) {
• NSLog(@"Unable to remove item for key %@ with error:
%d",key,(int)status);
• }
• return (status == errSecSuccess);
• }](https://image.slidesharecdn.com/ioskeychain-141231044257-conversion-gate01/85/iOS-Keychain-14-320.jpg)
iOS Keychain 介紹
- 2. What is KeyChain • Keychain is an encrypted container where you can store secured information like passwords, certificates, identities, …etc. • In iOS, each application has its own keychain. • To share the data between apps, they should have the same Access Group in code signing entitlements.
- 3. Accessing password-protected services using a keychain in OS X
- 5. • KeyChain 是 iOS 提供的一種安全保存私密資 料的方式,整個系統的 keychain 被保存在 隱秘的位置 (/private/var/Keychains/keychain-2.db), 其中保存的資料是經過加密的。
- 6. 優點 • 每個組( keychain-access-groups )之間資料存 取隔離,沒有權限的 app無法讀取他人資料, 保證資料的安全 • 全域性統一儲存,即使刪除 app , keychain 中的資料依然存在,下次重新安裝app還能 存取 • 存儲後的資料會加密 • 同一個組的 app 可以共享 keychain 中的資 料
- 7. 缺點 • 刪除 app 後不會清除 keychain 裡的資料, 如果儲存密碼等敏感性資料有一定的風險。 (越獄後 keychain 能被導出來)
- 9. 實作API • 新增:SecItemAdd • 尋找:SecItemCopyMatching • 更新:SecItemUpdate • 移除:SecItemDelete
- 10. 準備資料 • -(NSMutableDictionary *) prepareDict:(NSString *)key • { • NSMutableDictionary *dict = [[NSMutableDictionary alloc] init]; • [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; • • NSData *encodedKey = [key dataUsingEncoding:NSUTF8StringEncoding]; • [dict setObject:encodedKey forKey:(__bridge id)kSecAttrGeneric]; • [dict setObject:encodedKey forKey:(__bridge id)kSecAttrAccount]; • [dict setObject:service forKey:(__bridge id)kSecAttrService]; • [dict setObject:(__bridge id)kSecAttrAccessibleAlwaysThisDeviceOnly forKey:(__bridge id)kSecAttrAccessible]; • • return dict; • }
- 11. 新增 • -(BOOL) insert:(NSString *)key :(NSData *)data • { • NSMutableDictionary *dict =[self prepareDict:key]; • [dict setObject:data forKey:(__bridge id)kSecValueData]; • • OSStatus status = SecItemAdd((__bridge CFDictionaryRef)dict, NULL); • if(errSecSuccess != status) { • NSLog(@"Unable add item with key = %@ error: %d",key,(int)status); • } • return (status == errSecSuccess); • }
- 12. 尋找 • -(NSData*) find:(NSString *)key • { • NSMutableDictionary *dict = [self prepareDict:key]; • [dict setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit]; • [dict setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData]; • CFTypeRef result = NULL; • OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)dict,&result); • • if(status != errSecSuccess) { • NSLog(@"Unable to fetch item for key %@ with error: %d",key,(int)status); • return nil; • } • • return (__bridge NSData *)result; • }
- 13. 更新 • -(BOOL) update:(NSString*)key :(NSData *)data • { • NSMutableDictionary *dictKey =[self prepareDict:key]; • • NSMutableDictionary *dictUpdate =[[NSMutableDictionary alloc] init]; • [dictUpdate setObject:data forKey:(__bridge id)kSecValueData]; • • OSStatus status = SecItemUpdate((__bridge CFDictionaryRef)dictKey, (__bridge CFDictionaryRef)dictUpdate); • if(status != errSecSuccess) { • NSLog(@"Unable add update with key = %@ error: %d",key,(int)status); • } • return (status == errSecSuccess); • }
- 14. 移除 • -(BOOL) remove:(NSString *)key • { • NSMutableDictionary *dict = [self prepareDict:key]; • OSStatus status = SecItemDelete((__bridge CFDictionaryRef)dict); • if(status != errSecSuccess) { • NSLog(@"Unable to remove item for key %@ with error: %d",key,(int)status); • } • return (status == errSecSuccess); • }
- 15. 開源 • SSKeychain https://github.com/soffes/sskeychain Star: 1730 (2014/12/30) • SFHFKeychainUtils https://github.com/kamiro/SFHFKeychainUtils Star: 60 (2014/12/30) • Me: 2 projects
- 16. Demo • https://github.com/happymanx/KeyChainTest – 1). Initialization of the class – 2). How to Add an item to keychain – 3). Find an item in the keychain – 4). Update an item in the keychain – 5). Remove an item from keychain
- 17. 參考 • iOS KeyChain Tutorial http://hayageek.com/ios-keychain-tutorial/ • Securing and Encrypting Data on iOS http://code.tutsplus.com/tutorials/securing-and- encrypting-data-on-ios--mobile-21263 • Basic Security in iOS 5 – Part 1 http://www.raywenderlich.com/6475/basic- security-in-ios-5-tutorial-part-1 • Basic Security in iOS 5 – Part 2 http://www.raywenderlich.com/6603/basic- security-in-ios-5-tutorial-part-2
- 18. 參考 • iOS Keychain: Sharing data between apps http://shaune.com.au/ios-keychain-sharing-data- between-apps/ • Keychain Group Access http://useyourloaf.com/blog/2010/04/03/keycha in-group-access.html • 將密碼儲存於 KeyChain http://wp.me/p1my2P-3S0 • KeyChain 使用與共享數據 http://blog.csdn.net/ibcker/article/details/24839 143
- 19. Apple連結 • Keychain Services Programming Guide https://developer.apple.com/library/mac/docum entation/Security/Conceptual/keychainServConc epts/ • Keychain Services Reference https://developer.apple.com/library/mac/docum entation/Security/Reference/keychainservices/ • #WWDC14 session 711 - Keychain and Authentication with Touch ID