I've been in searching where keychain stores either secure enclave or any other, I found many articles (one of this stackoverflow answer) which says following but I'm looking for some Authenticated like Apple statement
The keychain stores the keys (and other small data) encrypted and restricts access to that data. Additionally in recent iPhones (5S and later) the keychain is in a separate processor, the Secure Enclave which additionally restricts access. There is no more secure way to store keys in iOS.
So my queries on the basis of above statement.
Is Keychain Items store in secure Enclave
If yes then where Public key and Private key CFTypeRef Store
Why we use this kSecAttrTokenIDSecureEnclave while creating key pair. (example following code).
-(bool) generateKeyPairWithAccessControlObject:(SecAccessControlRef)accessControlRef
{
CFMutableDictionaryRef accessControlDict = newCFDict;;
CFDictionaryAddValue(accessControlDict, kSecAttrAccessControl, accessControlRef);
CFDictionaryAddValue(accessControlDict, kSecAttrIsPermanent, kCFBooleanTrue);
CFDictionaryAddValue(accessControlDict, kSecAttrLabel, kPrivateKeyName);
// create dict which actually saves key into keychain
CFMutableDictionaryRef generatePairRef = newCFDict;
CFDictionaryAddValue(generatePairRef, kSecAttrTokenID, kSecAttrTokenIDSecureEnclave);
CFDictionaryAddValue(generatePairRef, kSecAttrKeyType, kSecAttrKeyTypeEC);
CFDictionaryAddValue(generatePairRef, kSecAttrKeySizeInBits, (__bridge const void *)([NSNumber numberWithInt:256]));
CFDictionaryAddValue(generatePairRef, kSecPrivateKeyAttrs, accessControlDict);
OSStatus status = SecKeyGeneratePair(generatePairRef, &publicKeyRef, &privateKeyRef);
if (status != errSecSuccess)
return NO;
[self savePublicKeyFromRef:publicKeyRef];
return YES;
}
Looking for authenticated answer. Cheers
Take a look at Apple's iOS security whitepaper, it describes what Secure Enclave and Keychain are exactly.
A Secure Enclave is a coprocessor fabricated within the system on chip (SoC). It uses encrypted memory and includes a hardware random number generator. As for the Keychain, the iOS Keychain provides a secure
way to store these (passwords and other short but sensitive bits of data) items. [...] The Keychain is implemented as a SQLite database stored on the file
system..
Keychain is a piece of software that stores encrypted data (such as passwords) in a SQLite database. The key that encrypts this data is inside the Secure Enclave - it never leaves the SE, as per this paragraph
Keychain items are encrypted using two different AES-256-GCM keys, a
table key (metadata) and per-row key (secret-key). Keychain metadata
(all attributes other than kSecValue) is encrypted with the metadata key
to speed search while the secret value (kSecValueData) is encrypted
with the secret-key. The metadata key is protected by Secure Enclave
processor, but cached in the application processor to allow fast queries
of the keychain. The secret key always requires a round-trip through the
Secure Enclave processor.
To answer your question: are keychain items stored inside Secure Enclave, no, they are stored inside a SQLite database on disk, but the encryption key needed to decrypt this data is inside the Secure Enclave. As for kSecAttrTokenIDSecureEnclave that apperas to be a flag that indicates that the key should be generated inside the Secure Element.
Not all keychain items are stored in secure enclave
From Apple document
The only keychain items supported by the Secure Enclave are 256-bit elliptic curve private keys (those that have key type kSecAttrKeyTypeEC). Such keys must be generated directly on the Secure Enclave using the SecKeyGeneratePair(::_:) function with the kSecAttrTokenID key set to kSecAttrTokenIDSecureEnclave in the parameters dictionary. It is not possible to import pre-existing keys into the Secure Enclave.
The Keychain uses Secure Enclave, the Secure Enclave is implemented in hardware.
From what I understand:
By default asymmetric key-pairs are created and stored in the secure enclave. The private key is available only at creation time and can not be obtained later. Asymmetric operations that use the private key obtain it from the keychain without exposing it to user code.
There is an exception that allows access to the private key, the Keychain Access app.
Related
I want to create an RSA private key which is not exportable (even by the developer of app) inside iOS keychain.
Is there any way to do that?
Not possible with RSA.
You can create keys which can't be exported, but only in the Secure Enclave, and it only supports p256 key pairs. You can't import existing keys into the Secure Enclave. While it is possible to export a key from it, the key is encrypted such that only that exact Secure Enclave can import it again later.
I need to store an encryption key within my app, so that it can use the same key to encrypt and upload data, and download and decrypt data, from a public store. That way, the data can't be read by any other party in between.
What I'm concerned about is the potential for somebody to hijack my app. Once my app has been archived, would it be possible for someone to read a hardcoded encryption key held within the app?
If the key is in the app bundle there is a chance it can be discovered and doing this is not secure. As #Cristik states authenticate the user to the server and download the key at that point.
To secure the key the best you can do is to save the key in the Keychain.
Protecting against the owner of the device is very difficult and falls more under DRM.
Protecting against an non-owner depends on the owner having set a good passcode/password.
Protecting against data in transit (upload/download) is easy, use https, ensure the server is current (TLS 1.2 and Perfect Forward Secrecy) and pin the server certificate in the app.
Update:
In the ipa only the executable files are encrypted so other files can be accessed from the download. If a file is encrypted the attacker will need the encryption key and that can be strong: random bytes.
But the app needs the encryption key so the problem is how can the app know the key and not an attacker. Encryption does increase the work factor be the need to obtain the key.
There are disassemble tools so if the key is in the code it can be found by an experienced attacker.
If the key comes from a server it is not coded into the app so the work factor again increases. A MITM attack can be used to see the key in transit and pinning the certificate and using current https best practices can mitigate this attack vector.
Finally the key is in RAM memory at the time of decryption and can be found but again the work factor is increased.
In general what is necessary to protect data at the highest levels is complicated, requires special hardware and physical security.
Bottom line: determine the level of attacker you are defending against and the value of the data; code to that level. Do not underestimate the attacker.
Instead of storing the encryption key within the application bundle, you can request it from a server via a secure connection (HTTPS), and then save it in keychain for later retrieval.
You can add more security layers to the https connection by adding SSL pinning or/and other security measures.
Plus, you can generate different encryption keys every time the user logins, and if the store API supports it, you can invalidate all keys generated for a user if for example his phone is stolen.
I would like to secure the communication from my APP to the server with Sha256.
For this I need some common keys on either side (APP/Server).
How do I get these keys into the keychain without setting them up as plaintext when storing them? No point in having them in the keychain if the APP can be decompiled and the keys are visible in plain text anyway.
The plan was also to have a password and username for communication verification. Both stored in the keychain, and the password as just the Sha256 key stored in the keychain and not the actual password.
I would still like to secure my Sha keys.
I have gone through apple developer videos on Security they have mentioned to use ssl https certificates and keychain to deal with security.
My iOS app will be giving access to sensitive paid files. so hackers should not get access to these files. I will be using in app purchase, so that user can buy these file.
1) My first question is: Should i host my files on apple server (Hosted Contents) , is the apple to client communication secure enough or should i implement my own server code with certificates and ssl authentication.
2) i want to know or get idea on how to encrypt files using private key on my desktop machine and then upload it on my server. When asked for by my iOS app pass the public key and encrypted file and save the public key in Keychain for further use. I want this feature so as to save the file on disk without anyone getting access to it by jailbreaking or other hack.
3) What should be used as public and private keys and what type of encryption to use. Currently i have come across AES looks good enough but is there a better way? Can certificates itself used to encrypt data or pass keys?
4) Which certificate authority to contact for most secure certificates.
Thanks in advance...
EDIT:
Main purpose to achieve is to download pdf and that pdf should not be accessible to user outside the app.
1) I have decided to use root certificates from CA and https to transfer content, to avoid MINM.
2) On app side i will generate public private key pair.
3) Save Private key in keychain.
4) Send Public key to server.
5) Server will encrypt pdf using MAIN-AES-Key.
6) MAIN-AES-Key will be encrypted using Public key sent by app.
7) Encrypted-pdf and Encrypted-MAIN-AES-Key will be sent to app.
8) Encrypted-pdf will saved to disk with secure write options just incase.
9) Encrypted-MAIN-AES-Key will be saved in keychain.
10) To decrypt pdf: Private key generated by app will be used to decrypt Encrypted MAIN-AES-Key and MAIN-AES-KEY will be used to decrypt pdf.
11) Finally will be trusting Apple-KeyChain to keep Private-Key secure.
The solution is unnecessarily complicated. The more complicated, the less secure due to more potential errors/over-sights.
Do use https with a CA signed certificate
To avoid MITM pin the certificate on the app side
There is no need to further encrypt the data being sent over https
Encrypt the file on the device and save:
Create an encryption from random bytes
Save the key in the Keychain
Create an iv from random bytes
Add the iv to the beginning of the encryption buffer
Encrypt the data with AES, CBC mode and PKS7 padding into the buffer following the iv
Save the data into a file the the app file area, possibly under the Documents or Library directory
Decrypt the file on the device and use:
Get the key from the Keychain
Read the encrypted data file
Get the iv from the beginning of the data
Decrypt the data starting just past the iv
Do not ignore the server
Use two factor authentication.
Properly hash with a salt any passwords
Use good user authentication
For the app data encryption consider using RNCryptor instead of writing the encryption portion yourself.
I'm using a UIWebView to display a webpage. I'd like to know if it's possible to encrypt and decrypt cookies stored on an iOS device. I'm using NSHTTPCookieStorage to store my cookie but I noticed that is stored as cleartext in a property list file.
I discovered that it's stored in a path similar to:
Root/User/Applications/ASDSDF234ASDRSDF234/Library/Cookies/Cookies.plist
I would like to keep private information, such as usernames, secure.
There is a sandbox mechanism in iOS system for security, so your app data could NOT be read by other apps. So I think you can keep private information in cookie.
Only for the jailbreaked iOS device, there will be the security problem. I think you can encrypt/decrypt your cookie data both in server side.