在应用程序安装过程中将加密密钥存储在Keychain中 [英] Store an encryption key in Keychain while application installation process

问题描述

我需要我的应用程式使用客户的电话号码为我的网络服务产生唯一的ID。当然，电话号码是唯一的，但它必须是安全的。所以它可以用对称加密实现（不对称将在以后，因为资源泄露），但我不知道在哪里存储加密密钥。

I need my application to use client's phone-number to generate unique ID for my web-service. Of course a phone-number is unique, but it must be secured. So it can be implemented with symmetric encryption (asymmetric will be later, because leak of resources), but I do not know where to store a encryption-key.

我不知道为什么，但似乎不太好将代码中的一个键存储为一个静态字段。可能是因为即使不运行应用程序也很容易从中读取。

I do not know why, but seems bad to store a key as a static field in code. May be because it's too easy to read it from here even not running an application.

似乎更好地存储在Keychain中的一个键，并通过请求从这里得到它。但是为了避免＃1，有必要在安装过程中安装Keychain的密钥。是否可以？如何做？

It seems better to store a key in Keychain and get it from here by request. But to avoid #1 it's necessary to install a key to Keychain while installation process. Is it possible? How to do that?

我不知道什么证书。他们对问题有帮助吗？

I do not know what certificates do. Are they helpful to the problem?

从服务器传输密钥也是一个坏主意

To transfer a key from server is also a bad idea, because it's very easy to sniffer it.

推荐答案

解决嗅探问题的方式是通过HTTPS为您的网络进行通信服务。 NSURLConnection会很容易做到这一点，我知道的所有Web服务引擎处理HTTPS没有麻烦。这将立即摆脱你的许多问题。

The way you solve the sniffing problem is that you communicate over HTTPS for your web service. NSURLConnection will do this easily, and all web service engines I know of handle HTTPS without trouble. This will get rid of many of your problems right away.

在哪台机器上100-1000x解密瓶颈？你的服务器这么忙，它不能做一个asym解密？你应该这么少在电话上这样做，它应该是不相关的。我不是说asym是这里的答案;

On which machine is the 100-1000x decrypt the bottleneck? Is your server so busy that it can't do an asym decryption? You should be doing this so infrequently on the phone that it should be irrelevant. I'm not saying asym is the answer here; only that its performance overhead shouldn't be the issue for securing a single string, decrypted once.

您的服务需要短信，以便所有用户都必须提供他们的电话号码？您尝试自动抓取电话号码，还是让用户自行输入？通过私有API（或非私人但未记录的配置数据）自动获取电话号码并将其发送到服务器很可能违反服务条款。这是苹果想要保护用户的特定用例。你肯定需要在你的UI中非常清楚你正在这样做，并获得明确的用户权限。

Your service requires SMS such that all users must provide their phone number? Are you trying to automate grabbing the phone number, or do you let the user enter it themselves? Automatically grabbing the phone number through the private APIs (or the non-private but undocumented configuration data) and sending that to a server is likely to run afoul of terms of service. This is a specific use-case Apple wants to protect the user from. You definitely need to be very clear in your UI that you are doing this and get explicit user permission.

我个人认为如下：

• 服务器发送挑战字节


• 客户端发送UUID，日期和哈希值（UUID + challenge + userPassword + obfuscationKey + date）


• 服务器计算相同，确保日期在法律范围内（30-60秒是好的）并验证。


• 服务器生成长的，稀疏的，随机的会话ID，客户端可以在该会话的剩余时间（从接下来的几分钟到下一年的任何地方）使用，而不是在每个消息中重新认证。

• Server sends challenge byte
• Client sends UUID, date, and hash(UUID+challenge+userPassword+obfuscationKey+date).
• Server calculates same, makes sure date is in legal range (30-60s is good) and validates.
• At this point I generally have the server generate a long, sparse, random session id which the client may use for the remainder of this "session" (anywhere from the next few minutes to the next year) rather than re-authenticating in every message.

ObfuscationKey是一个秘密密钥，你硬编码到你的程序和服务器，使第三方更难创建虚假客户端。这是不可能的，期间，不可能，以确保只有您的客户端可以与您的服务器通话。 obfuscationKey有助于，但是，尤其是在iPhone上，逆向工程更困难。使用UUID也有帮助，因为它比电话号码对第三方不太了解。

ObfuscationKey is a secret key you hardcode into your program and server to make it harder for third parties to create bogus clients. It is not possible, period, not possible, to securely ensure that only your client can talk to your server. The obfuscationKey helps, however, especially on iPhone where reverse engineering is more difficult. Using UUID also helps because it is much less known to third-parties than phone number.

请注意userPassword。用户应该使用只有用户知道的东西进行验证。

Note "userPassword" in there. The user should authenticate using something only the user knows. Neither the UUID nor the phone number is such a thing.

上面的系统，加上HTTPS，应该很容易实现（我在许多语言中做了很多次），具有良好的性能，并且能够针对广泛的适当保证适当的水平。

The system above, plus HTTPS, should be straightforward to implement (I've done it many times in many languages), have good performance, and be secure to an appropriate level for a broad range of "appropriate."

这篇关于在应用程序安装过程中将加密密钥存储在Keychain中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！