您将如何在 iPhone 应用程序中保护机密数据? [英] How would you keep secret data secret in an iPhone application?
问题描述
假设我需要从 iPhone 应用程序访问网络服务.此 Web 服务要求客户端对 HTTP 请求进行数字签名,以证明应用程序知道"共享密钥;客户端密钥.请求签名存储在 HTTP 标头中,请求只是通过 HTTP(不是 HTTPS)发送.
Let's say I need to access a web service from an iPhone app. This web service requires clients to digitally sign HTTP requests in order to prove that the app "knows" a shared secret; a client key. The request signature is stored in a HTTP header and the request is simply sent over HTTP (not HTTPS).
此密钥必须始终保密,但需要供 iPhone 应用使用.
This key must stay secret at all times yet needs to be used by the iPhone app.
那么,鉴于您一直被告知永远不要在客户端存储任何敏感信息,您将如何安全地存储此密钥?
So, how would you securely store this key given that you've always been told to never store anything sensitive on the client side?
普通用户(99% 的用户)会乐于使用该应用程序.会有人(敌人?)想要该秘密客户端密钥,以便通过冒充的方式对服务或客户端密钥所有者造成伤害.这样的人可能会越狱他们的手机,访问二进制文件,运行字符串"或十六进制编辑器并四处寻找.因此,仅将密钥存储在源代码中是一个糟糕的主意.
The average user (99% of users) will happily just use the application. There will be somebody (an enemy?) who wants that secret client key so as to do the service or client key owner harm by way of impersonation. Such a person might jailbreak their phone, get access to the binary, run 'strings' or a hex editor and poke around. Thus, just storing the key in the source code is a terrible idea.
另一个想法是将密钥存储在代码中,而不是字符串文字,而是存储在从字节文字创建的 NSMutableArray 中.
Another idea is storing the key in code not a string literal but in a NSMutableArray that's created from byte literals.
一个人可以使用钥匙串,但由于 iPhone 应用程序永远不需要提供密码来存储钥匙串中的东西,我担心有权访问应用程序沙箱的人可以并且将能够简单地查看或简单地解码其中的物品.
One can use the Keychain but since an iPhone app never has to supply a password to store things in the Keychain, I'm wary that someone with access to the app's sandbox can and will be able to simply look at or trivially decode items therein.
编辑 - 所以我读到了关于钥匙串的内容:在 iPhone OS 中,应用程序始终可以访问自己的钥匙串项目,而不能访问任何其他应用程序的项目.系统为钥匙串生成自己的密码,并且将密钥以任何应用程序都无法访问的方式存储在设备上."
EDIT - so I read this about the Keychain: "In iPhone OS, an application always has access to its own keychain items and does not have access to any other application’s items. The system generates its own password for the keychain, and stores the key on the device in such a way that it is not accessible to any application."
所以也许这是存储密钥的最佳位置....如果是这样,我如何将预先输入到应用程序钥匙串中的密钥发送出去?那可能吗?否则,如果密钥不在源代码中,您如何在首次启动时添加密钥?嗯..
So perhaps this is the best place to store the key.... If so, how do I ship with the key pre-entered into the app's keychain? Is that possible? Else, how could you add the key on first launch without the key being in the source code? Hmm..
编辑 - 在 http://bugreport.apple.com
谢谢.
推荐答案
简单的答案是,就目前的情况而言,在 iPhone 上保守秘密是不可能的.越狱的 iPhone 只是一台适合您手中的通用计算机.没有您可以访问的可信平台硬件.用户可以欺骗任何你能想象到的用来唯一标识给定设备的东西.用户可以将代码注入您的进程以执行检查钥匙串等操作.(搜索 MobileSubstrate 以了解我的意思.)对不起,你搞砸了.
The simple answer is that as things stand today it's just not possible to keep secrets on the iPhone. A jailbroken iPhone is just a general-purpose computer that fits in your hand. There's no trusted platform hardware that you can access. The user can spoof anything you can imagine using to uniquely identify a given device. The user can inject code into your process to do things like inspect the keychain. (Search for MobileSubstrate to see what I mean.) Sorry, you're screwed.
在这种情况下,应用购买收据中的一线曙光.如果您使用应用内购买在您的应用中销售商品,您将获得一张经过加密签名的收据,并且可以根据需要通过 Apple 进行验证.即使您无法对收据保密,它可以(由 Apple,而不是您)追踪到特定购买,这可能会阻止盗版者分享它们.您还可以根据收据限制对服务器的访问,以防止您的服务器资源被盗版者耗尽.
One ray of light in this situation is in app purchase receipts. If you sell an item in your app using in app purchase you get a receipt that's crypto signed and can be verified with Apple on demand. Even though you can't keep the receipt secret it can be traced (by Apple, not you) to a specific purchase, which might discourage pirates from sharing them. You can also throttle access to your server on a per-receipt basis to prevent your server resources from being drained by pirates.
这篇关于您将如何在 iPhone 应用程序中保护机密数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
