iOS: I need to transfer user's private key (RSA) to my App. Is file sharing a good solution?
Question
I've asked a similar question here earlier iOS: Is it ok to store a RSA private key (use to decrypt text) in your application document directory?
However, the person recommend me to use keychain access. This will not work for me because after further research only mac users can use keychains in the first place. Which limits the people who can do this.
I was wondering if it is secure to use Apple's file sharing https://support.apple.com/en-us/HT201301 to allow the user to use his/her private key with the iOS App? According to the documents regarding file sharing only my App should be able to access the private key because it is store in the document directory. There is some text that needs to be decrypted in my App.
1 answers
solution1
1 ACCPTED 2015-07-22 01:03:52
The answer to your original question was correct.
The private key should absolutely be stored in the iOS keychain. You may use iOS's built in document transfer to transfer the key (or you may import it using a local web-server, dropbox, iCloud or any other number of means).
But after the transfer is done, the key should be stored in the KeyChain. Keeping the private key in the Documents folder would be a reckless risk. If the iPhone gets lost or stolen, the raw key could easily be extracted.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.