In my app, I want to keep very sensitive data persisted on a client in an encrypted cache, and thought of using the keychain.
Potentially, we could end up putting quite a bit of information (a couple of MBs) into this cache and was wondering...
Are there any hard limits on the size of data that I can cram into the keychain?
Is there another/better place I can store this data? I only need a simple key/value interface similar to NSUserDefaults, but encrypted.
Thanks in advance!
The keychain (consider the name) is designed to hold keys and other reasonably small secure items. For data, encrypt it with AES using Common Crypto and save the key in the keychain. Create the key from random bytes. Save the encrypted data in the Documents directory or subdirectory.
Related
Health related data for a user is a privacy thing and its need to be very secure i.e. it needs to be stored in secure place. For example, while I was watching Apple's official video on Finger print unlock, they told that finger print data is stored at place where it is impossible to hack. So, for a curiosity, I have a question in mind that where these data are securely stored?
I have had a look at this link from Apple Documentation but could not found the information on it. One thing I have figured out is that data are encrypted and stored but where?
Does anyone has idea on the same?
Apple describes the security attributes of various iOS features in this document. To quote:
This data is stored in Data Protection class Protected Unless Open.
Access to the data is relinquished 10 minutes after device locks, and
data becomes accessible the next time user enters their passcode or
uses Touch ID or Face ID to unlock the device.
Read the "Encryption and Data Protection" section of the document to learn more about Data Protection. Any app can use the "Protected Unless Open" data protection class for its persistent data.
As you already know, NSUserDefaults is simple and effective for saving small, simple bits of data, like NSNumbers or NSStrings, to your device’s file system. But this data is in no way stored securely as hackers can access it pretty easily from the device.
You have figured out that sensitive data are encrypted. But you need to find the answer where it need to be stored. The Answer is:
Keychain Services:Apple has provided the Keychain Services API to deal with this problem and help developers build apps that safely handle passwords and other sensitive information.
Now the question might rase why?? and the answer is:
Keychain is great because data encryption automatically is taken care of before it is stored in the file system so there is no need to waste time building encryption algorithms.
You can go through this link for better explanation.
https://developer.apple.com/documentation/security/keychain_services
This is from Apple docs:
When you design a game that reports scores to Game Center, you should
also consider the security needs of your game. You want scores
reported to Game Center to be an accurate accounting of how players
are doing. Here are two suggestions:
Store your game’s preferences and saved games in a secure format,
rather than in clear text. If your game’s data is stored in clear
text, a player can download the saved game data using iTunes, modify
it, and resync it back to the device. This may allow the player to
achieve a higher score than you intended. Always set reasonable
minimum and maximum values for a leaderboard.
I know that data can be stored into .plist file or .xml or .json, even in a database. But all of that is non-encrypted plain text. What is considered as a secure format ? And what else methods/classes/techniques can be used to store sensitive data ?
If a hacker is determined enough and has the proper skill set, your stored data can be usually compromised regardless of storage method. It boils down to what your app's real-world applications are and the time and effort you are willing to put into keeping the data safe. Below are some options for you to consider:
NSUserDefaults
One of the most common and simplest ways to store data. Data is not encrypted.
Save string to the NSUserDefaults?
Plist Files
Also a common way to store data. Data is not encrypted.
Storing and Retrieving from a Plist
CoreData
Creates a model, manage relationship between different types of objects. By default, data is not encrypted.
http://www.appcoda.com/introduction-to-core-data/
http://www.raywenderlich.com/85578/first-core-data-app-using-swift
Keychain
Arguably the most secure way to store data on a non-jailbroken device. Data is encrypted.
https://stackoverflow.com/questions/16459879/how-to-store-a-string-in-keychain-ios
NSCoding
As Whirlwind pointed out, this is yet another storage method.
http://www.raywenderlich.com/1914/nscoding-tutorial-for-ios-how-to-save-your-app-data
http://nshipster.com/nscoding/
CommonCrypto Apple Framework
Low-level C coding. Data is encrypted.
https://developer.apple.com/library/ios/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html
https://developer.apple.com/library/ios/samplecode/CryptoExercise/Listings/ReadMe_txt.html
Custom approaches
Store the data in the cloud thereby eliminate having it on the device altogether. Use the touch ID feature to authenticate the user and download the cloud data.
http://code.tutsplus.com/tutorials/ios-8-integrating-touch-id--cms-21949
https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html
The safest place to store your data is in the keychain, however it's still not 100% secure if users are on jailbroken devices. Follow Apple's guidelines on setting minimum and maximum values for a leaderboard.
Here's another SO post describing how you can store the information in an NSDictionary as NSData which is then encrypted and decrypted by your app.
We need to store various data (accesstokens, receipts). In bytes this is relatively small (20000 symbols or so).
We don't want the user to be able to read and tamper this data because we to some extent don't want any smart users to bypass our systems in some way.
We don't want this data to be stored after app is deleted. Therefore keychain seems inappropriate. This is wanted because it seems sensible that the user should get a clean install every time they install the app.
If you want to have the data secure you should use Core Data with apples Data Protection on the DB file.
In addition to that you should encrypt the data itself too.
UPDATE:
You may want to give this a look for encrypting the data: RNCryptor
And this for Data Protection: Data Protection
As some of you know, it is possible to create an SQLite DB in memory and save it later to disk. It is also possible to load a DB from disk into memory to work with it in memory. Now in my project, I am only allowed to save encrypted data to disk. The requirements are:
I am “strictly” not allowed to first save the unencrypted data and then encrypt it.
I have to encrypt the whole DB.
I have to do the encryption with my own keys.
I can’t use any third-party libraries.
EDIT:
Ist it possible to convert the Sqlite-Handle to NSData?
Does the Sqlite-Handle really contains every thing?
I want to create an in memory data store with core data on the iphone in the following way:
The data of the store is saved to disk in an encrypted file (max size 400kb)
The encrypted file is loaded completly into memory and afterwards I will decrypt it so that I have some data array in memory
I want to tell the NSPersistentStoreCoordinator to use this data array which is the store I want to use.
At certain points in the code the current in memory data store will be copied to another data array, encrypted and stored to disk such that the data on disk corresponds always to the most recent version of the data.
I must do that because the data is sensitive user data that absolutly cannot be stored in a plain database.
In my app I already implemented a version where each property of the managed objects are encrypted, such that the sqlite database which is stored on disk contains only cryptic unreadable values. Unfortunatly it turned out to be too slow to encrypt an decrypt everything everytime on the fly.
First off: Is this possible?
Secondly: Might there be some things I need to pay attention to?
I'm not sure if this will be of any help to you but in iOS5 persistent stores now store data in an encrypted format on disk. This is also an option in iOS4. See the documentation.
For applications built for iOS 5.0 or later, persistent stores now store data by default in an encrypted format on disk. The default protection level prevents access to the data until after the user unlocks the device for the first time. You can change the protection level by assigning a custom value to the NSPersistentStoreFileProtectionKey key when configuring your persistent stores. For additional information about the data protection that are new in iOS 5.0, see “Data Protection Improvements.”