我应该使用哪个密钥将密码存储在iOS钥匙串中? [英] which key should I use to store the password in iOS keychain?

问题描述

Apple GenericKeychain示例中的KeychainItemWrapper类使用kSecValueData键存储密码.

The KeychainItemWrapper class in the Apple GenericKeychain sample use kSecValueData key to store password.

但是引用 http://developer.apple.com/library/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html#//apple_ref/doc/uid/TP30000898

表示kSecValueData为 在结果字典中用于SecItemCopyMatching或SecItemAdd，指示返回的值的类型.

says kSecValueData is used in the results dictionary for SecItemCopyMatching or SecItemAdd, indicating the type of values returned.

当我调用SecItemAdd创建钥匙串项时应该使用哪个钥匙?

which key should I use when I call SecItemAdd to create a keychain item?

推荐答案

您应该使用kSecValue数据作为存储密码的密钥(采用NSData或CFDataRef格式).

You should use kSecValue data as the key to store the password (in NSData or CFDataRef format).

在本主题中，参考文献尚不清楚，kSecValueData键既可以用作输出键，也可以用作输入键.也就是说，在查询钥匙串项(SecItemCopyMatching)并指定kSecReturnAttributes键时可以使用它，因此结果将作为字典返回，密码将存储在该字典的kSecValueData键下.而且，当您在钥匙串(SecItemAdd)中添加一个项目，并在调用该方法之前将密码的NSData或CFDataRef值存储在kSecValueData密钥中时，也可以使用它.

The reference is a bit unclear in this subject, kSecValueData key works as output key as well as input key. That is, you use it when you query a keychain item (SecItemCopyMatching) and specify a kSecReturnAttributes key, so the result is returned as a dictionary, the password will get stored under a kSecValueData key of that dictionary. And you also use it when you add an item to the keychain (SecItemAdd), storing the NSData or CFDataRef value of your password in the kSecValueData key before calling the method.

这是这两种情况的示例:

Here's an example of both cases:

获取密码:

NSMutableDictionary *queryDictionary = [[NSMutableDictionary alloc] init];
[queryDictionary setObject: (__bridge id)kSecClassGenericPassword forKey: (__bridge id<NSCopying>)kSecClass];
[queryDictionary setObject:service forKey:kSecAttrService];
[queryDictionary setObject:account forKey:kSecAttrAccount];
// The result will be a dictionary containing the password attributes...
[queryDictionary setObject:YES forKey:(__bridge id<NSCopying>)(kSecReturnAttributes)];
// ...one of those attributes will be a kSecValueData with the password
[queryDictionary setObject:YES forKey:(__bridge id<NSCopying>)(kSecReturnData)];
OSStatus sanityCheck = SecItemCopyMatching((__bridge CFDictionaryRef)(queryDictionary), (CFTypeRef *)&result);
if (sanityCheck != noErr)
{
    NSDictionary * resultDict = (__bridge NSDictionary *)result;
    // here's the queried password value
    NSData *passwordValue = [resultDict objectForKey:(__bridge id)(kSecValueData)];
}

添加密码:

NSString *passwordString = @"my password value";
NSData *passwordData = [passwordString dataUsingEncoding:NSUTF8StringEncoding];
CFDictionaryRef result = nil;
NSMutableDictionary *addDictionary = [[NSMutableDictionary alloc] init];
[addDictionary setObject: (__bridge id)kSecClassGenericPassword forKey: (__bridge id<NSCopying>)kSecClass];
[addDictionary setObject:service forKey:kSecAttrService];
[addDictionary setObject:account forKey:kSecAttrAccount];

// here goes the password value
[addDictionary setObject:passwordData forKey:(__bridge id<NSCopying>)(kSecValueData)];

OSStatus sanityCheck = SecItemAdd((__bridge CFDictionaryRef)(queryDictionary), NULL)
if (sanityCheck != noErr)
{
   // if no error the password got successfully stored in the keychain
}

这篇关于我应该使用哪个密钥将密码存储在iOS钥匙串中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！