IOS--KeyChain

Recently wrote a new project, want to make a little taller, use keychain to store user information

The advantage of keychain is that Apple encryption can be used to keep the information safe, and it can keep the information after the app is deleted, rumor has it that the data in IOS10 Keychain is deleted with the app, but the result of my iOS11 test is that it still retains the data.

Another feature of Keychain is that apps from the same developer account can share data, which I don't currently use

Keychain Although there are many advantages, but read and write information is very troublesome, requires two string authentication, which is relative to the key-value in the plist file is relatively troublesome

And now the application generally does not retain the user password, but with token to verify the user identity, so at present keychain for me no use

But I'm still going to write about how to use keychain. Hey, hey.

The keychain is stored with SQLite. In Apple's words, it is a professional database that encrypts our saved data and can be efficiently searched by metadata (attributes). Keychain is suitable to save some small amount of data, if you want to save large data, you can consider the form of files stored on the disk, in the keychain to save the decryption of this file key.

Types of Keychain

• Ksecclassgenericpassword
• Ksecclassinternetpassword
• Ksecclasscertificate
• Ksecclasskey
• Ksecclassidentity

properties that correspond to different types:

Since Apple is stored using SQLite, the attribute of these different item (s) can be understood as the field of the table in the database. Then the operation of the keychain is in fact the ordinary database and delete and change. This may feel like the API is not so hard to use.

Here's what I wrote about the Keychainmanager class

#import <Foundation/Foundation.h> @interface keychainmanager:nsobject+ (void) Addinfowith: (NSString *) info Account           : (NSString *) account           Service: (NSString *) service;+ (void) Deleteinfowithaccount: (NSString *) account                     Service: (NSString *) service;+ (void) Changeinfowith: (NSString *) Info account              : (NSString *)              account Service: (NSString *) service;+ (NSString *) Getinfowithaccount: (NSString *) account                        Service: (NSString *) service;@ End

#import "KeyChainManager.h" @implementation Keychainmanager

/*

Add Item to Keychain

Info is the information that needs to be stored

Account,service is the identifier that confirms the item, and keychain uses these two values to determine an item for

*/

+ (void) Addinfowith: (NSString *) Info account: (NSString *) account service: (NSString *) service{if (!info)    {info = @ ""; } if (!account | | [Account isequaltostring:@ "])        {NSLog (@ "Add Item to keychain failed because Ksecattraccount does not exist");    Return } if (!service | | [Service isequaltostring:@ "])        {NSLog (@ "Add Item to keychain failed because Ksecattrservice does not exist");    Return                            } nsdictionary *query = @{(__bridge ID) ksecattraccessible: (__bridge ID) ksecattraccessiblewhenunlocked, (__bridge ID) Ksecclass: (__bridge ID) Ksecclassgenericpassword, (__bridge ID) ksecvaluedata: [Info datausingencoding:nsutf8stringencoding], (__bridge ID) ksecattraccount        : Account, (__bridge ID) ksecattrservice:service,};    Osstatus status = Secitemadd ((__bridge cfdictionaryref) query, nil);    if (status = = Errsecsuccess) {    NSLog (@ "Add Item success to keychain");    }else{NSLog (@ "Add Item failed%d to keychain", status);    };        }//Delete keychain in item+ (void) Deleteinfowithaccount: (NSString *) account service: (NSString *) service{ if (!account | | [Account isequaltostring:@ "])        {NSLog (@ "Delete item in keychain failed because Ksecattraccount does not exist");    Return } if (!service | | [Service isequaltostring:@ "])        {NSLog (@ "Delete item in keychain failed because Ksecattrservice does not exist");    Return } nsdictionary *query = @{(__bridge ID) Ksecclass: (__bridge ID) ksecclassgenericpas Sword, (__bridge id) ksecattraccount:account, (__bridge ID) ksecattrs        Ervice:service,};    Osstatus status = Secitemdelete ((__bridge cfdictionaryref) query);    if (status = = Errsecsuccess) {NSLog (@ "Delete Item success in Keychain");    }else{NSLog (@ "Delete Item failed%d in keychain", status);    }; }//Modify the item data in the Keychain + (void) Changeinfowith: (NSString *) Info account: (NSString *) account service: (NSString *) service{    if (!info) {info = @ ""; } if (!account | | [Account isequaltostring:@ "])        {NSLog (@ "Modification of the item data in keychain failed because the Ksecattraccount does not exist");    Return } if (!service | | [Service isequaltostring:@ "])        {NSLog (@ "Modification of the item data in keychain failed because the Ksecattrservice does not exist");    Return                            } nsdictionary *query = @{(__bridge ID) Ksecclass: (__bridge ID) Ksecclassgenericpassword,                            (__bridge ID) ksecattraccount:account, (__bridge ID) ksecattrservice:service,    }; Nsdictionary *update = @{(__bridge ID) ksecvaluedata: [Info Datausingencoding:nsutf8stringenc        Oding],};    Osstatus status = Secitemupdate ((__bridge cfdictionaryref) query, (__bridge cfdictionaryref) update); if (status = = Errsecsuccess) {NSLog (@ "Modify the item data in keychain ");    }else{NSLog (@ "Modify the item data in keychain%d", status);    }; }//Get Keychain Item data + (NSString *) Getinfowithaccount: (NSString *) account service: (NSString *) service {if (!account | | [Account isequaltostring:@ "])        {NSLog (@ "Gets the item data in keychain failed because the Ksecattraccount does not exist");    return nil; } if (!service | | [Service isequaltostring:@ "])        {NSLog (@ "Gets the item data in keychain failed because the Ksecattrservice does not exist");    return nil;                            } nsdictionary *query = @{(__bridge ID) Ksecclass: (__bridge ID) Ksecclassgenericpassword, (__bridge ID) ksecreturndata: @YES, (__bridge ID) Ksecmatchlimit: (__bridge ID) ksecmatchlimit One, (__bridge ID) ksecattraccount:account, (__bridge ID) ksecattrser        Vice:service,};        Cftyperef datatyperef = NULL; Osstatus status = secitemcopymatching (__bridge cfdictionarYREF) query, &datatyperef); if (status = = errsecsuccess) {NSString *pwd = [[NSString alloc] Initwithdata: (__bridge NSData * _nonnull) (DataType        REF) encoding:nsutf8stringencoding];        NSLog (@ "Get keychain in item data success ==result:%@", PWD);    return pwd;        }else{NSLog (@ "Get the item data in keychain failed%d", status);    return nil;    }; } @end

Keychain can be used for data sharing between applications

Apps in the same developer account can share data that exists in keychain

We need to get to capabilities>keychain sharing.

Open Keychain Sharing

You can see that there is a group that adds the identifer of application A that you want to get the data to, and you can get its data in keychain.

You can use the data for a to be added and censored, but this is not very safe for application a

Ios-keychain Explanation and changes

Https://www.cnblogs.com/junhuawang/p/8194484.html

Talk about iOS Keychain

Https://www.cnblogs.com/xiongwj0910/p/7151258.html

IOS--KeyChain