How to securely store an AES key on the iPhone
https://stackoverflow.com/questions/11607143
-
22-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
So I was going about implementing AES encryption of data on an iPhone app, when I was puzzled by how to store the encryption key. I can easily enough encrypt data using a user-entered password, the encryption key. However, if I store the key unencrypted, the encryption is useless as anyone with access could easily enough decrypt the data with the readily-available encryption key. I could encrypt the key, but then there would be another unencrypted key floating around and someone could just follow the chain down to the data. It seemed clear that I could not store the key, so I thought that I could have the key be only in the user's mind. It would be very secure, but I would have no way to check if the decryption worked correctly and all data would be lost in the event that the user forgot their password, which is unacceptable.
Essentially, how can I securely store an encryption key for AES?
I'm sure this situation has been encountered before, as other questions have shown, but they seemed web-focused. I am interested in an iPhone-centric solution, potentially using CommonCrypto?
La solution
As you said, don't store the password. You can still store a hash of the password separately and test against that to see if it's the correct password.
Autres conseils
Maybe you are interested in saving this in the Keychain as a generic service? There is a nice Objective-C wrapper for the Keychain services called SSKeychain.
There is a nice open source kit i use in my projects for storing secure data in key chain.
