stackoom
  简体   繁体   中英

Looking for right approach to saving data with Keychain and data encryption - Swift 5

 原文  2019-05-26 00:30:43       swift/ keychain/ property-list

Question

My app stores user's sensitive data and I wonder what is general/proper/the most secure way to secure the data.

My approach now is saving encoded data into Keychain, more specifically but simply :

  1. I am encoding/decoding custom types in array with PropertyList
  2. Then pass these to Keychain. I am using a wrapper called KeychainAccess thanks to Kishikawa Katsumi.
  3. Retrieve data from Keychain then decode it to display on tableview.

Below is my code bits : 

extension UserInformation {

    static let propertyListEncoder = PropertyListEncoder()
    static let propertyListDecoder = PropertyListDecoder()
    static let keychain = Keychain(service: "com.xxxxx.DataSaving-App")

    static func saveToKeychain(userInfo: [UserInformation]) {
        let data = try? propertyListEncoder.encode(userInfo)
        if let savingData = data {
            dump(userInfo)
            keychain[data: "encodedUserInfo"] = NSData(data: savingData) as Data
        }
    }

    static func loadFromKeychain() -> [UserInformation]? {
        guard let retrievedData = keychain[data: "encodedUserInfo"] else {
            return nil }
        let data = try? propertyListDecoder.decode(Array<UserInformation>.self, from: retrievedData)
        return data
    }

}

Above works fine and no problem found so far. However, I am not sure to use PropertyListEncoder is right way to encode/decode. Please kindly see below specified questions and giving advice to me should be very grateful.

  1. Would above approach be secure enough?
  2. Is PropertyListEncoder/Decoder just doing ENCODING/DECODING, NOT SAVING DATA TO ANY, like plist or any storage where is vulnerable?
  3. If any other measure is needed, is encrypting data with Common Swift then passing it to Keychain making sense?

I spent few weeks to find detail solution but no luck yet. Please help a new developer.

1 answers

solution1
 0  2019-05-26 02:49:51

Property list encoding is not encryption. It's plain text (possibly in binary format); it is just a form of serialization. The "encryption" in your example consists of the fact that the information is hidden in the keychain. And the keychain is generally regarded as sufficiently secure.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ios swift parse: Saving to keychain and print out data from keychain and do a login Swift 4 Get Keychain Data from Another Project Securing data in iOS. Keychain or any other approach? NSUserDefaults not saving data (Swift) Saving Data To Firebase with Swift saving data in a swift model Swift - Saving to Core Data Saving Tableview data in swift Core Data saving data with Swift Save data in Keychain only accessible with Touch ID in Swift 3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM