你如何在iPhone应用程序中保密秘密数据? [英] How would you keep secret data secret in an iPhone application?

查看:236
本文介绍了你如何在iPhone应用程序中保密秘密数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

假设我需要从iPhone应用访问网络服务。此Web服务要求客户​​端对HTTP请求进行数字签名,以证明应用程序知道共享密钥;客户端密钥。请求签名存储在HTTP头中,请求通过HTTP(而不是HTTPS)发送。

Let's say I need to access a web service from an iPhone app. This web service requires clients to digitally sign HTTP requests in order to prove that the app "knows" a shared secret; a client key. The request signature is stored in a HTTP header and the request is simply sent over HTTP (not HTTPS).

此键必须始终保持秘密,但需要由iPhone应用程序使用。

This key must stay secret at all times yet needs to be used by the iPhone app.

一般用户(99%的用户)将会安全地存储此密钥,因为您始终被告知不要在客户端存储任何敏感信息。愉快地只使用应用程序。将有一个人(敌人?)想要该秘密客户端密钥,以通过假冒的方式做服务或客户端密钥所有者的伤害。这样的人可能越狱他们的手机,访问二进制,运行'字符串'或十六进制编辑器和戳。因此,只是将密钥存储在源代码中是一个可怕的想法。

The average user (99% of users) will happily just use the application. There will be somebody (an enemy?) who wants that secret client key so as to do the service or client key owner harm by way of impersonation. Such a person might jailbreak their phone, get access to the binary, run 'strings' or a hex editor and poke around. Thus, just storing the key in the source code is a terrible idea.

另一个想法是将键存储在代码中,而不是字符串字面量,而是存储在从字节字面量创建的NSMutableArray中。

Another idea is storing the key in code not a string literal but in a NSMutableArray that's created from byte literals.

可以使用Keychain,但是由于iPhone应用程序从不需要提供密码来存储Keychain中的内容,因此我担心有人可以访问应用程序的沙箱可以并且将能够简单地查看或简单地解码其中的项目。

One can use the Keychain but since an iPhone app never has to supply a password to store things in the Keychain, I'm wary that someone with access to the app's sandbox can and will be able to simply look at or trivially decode items therein.

EDIT - 所以我阅读了关于钥匙串:在iPhone操作系统中,应用程序总是有权访问自己的钥匙串项目,没有访问任何其他应用程序的项目。系统为钥匙串生成自己的密码,并将密钥存储在设备上,使其不能被任何应用程序访问。

EDIT - so I read this about the Keychain: "In iPhone OS, an application always has access to its own keychain items and does not have access to any other application’s items. The system generates its own password for the keychain, and stores the key on the device in such a way that it is not accessible to any application."

是存储钥匙的最佳位置....如果是这样,我如何运送与预先输入到应用程序的钥匙串钥匙?那可能吗?另外,如何在首次启动时添加密钥,而无需在源代码中包含密钥? Hmm ..

So perhaps this is the best place to store the key.... If so, how do I ship with the key pre-entered into the app's keychain? Is that possible? Else, how could you add the key on first launch without the key being in the source code? Hmm..

EDIT - 提交的错误报告#6584858在 http: //bugreport.apple.com

EDIT - Filed bug report # 6584858 at http://bugreport.apple.com

感谢。

推荐答案

简单的答案是,今天的事情是不可能保持秘密在iPhone上。越狱的iPhone只是一个通用的计算机,适合你的手。没有可以访问的可信平台硬件。用户可以欺骗任何你可以想象使用以唯一标识给定的设备。用户可以将代码注入到您的进程中,以执行检查钥匙串等操作。

The simple answer is that as things stand today it's just not possible to keep secrets on the iPhone. A jailbroken iPhone is just a general-purpose computer that fits in your hand. There's no trusted platform hardware that you can access. The user can spoof anything you can imagine using to uniquely identify a given device. The user can inject code into your process to do things like inspect the keychain. (Search for MobileSubstrate to see what I mean.) Sorry, you're screwed.

在这种情况下,一束光线在应用程序购买收据中。如果您在应用程序购买中销售应用程序中的项目,您将收到一个加密签名的收据,并且可以根据需要与Apple验证。即使您无法保存收据的秘密,也可以(由苹果,而不是您)追踪特定购买,这可能会阻止海盗分享。您还可以根据每次收据限制对服务器的访问,以防止您的服务器资源被海盗排干。

One ray of light in this situation is in app purchase receipts. If you sell an item in your app using in app purchase you get a receipt that's crypto signed and can be verified with Apple on demand. Even though you can't keep the receipt secret it can be traced (by Apple, not you) to a specific purchase, which might discourage pirates from sharing them. You can also throttle access to your server on a per-receipt basis to prevent your server resources from being drained by pirates.

这篇关于你如何在iPhone应用程序中保密秘密数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆