在iOS中保存加密密钥的安全方法 [英] Safe way to save encryption keys in iOS

问题描述

在我的iOS4 +应用程序中，我在几个地方使用AES加密，整个应用程序必须非常安全。为了做到这一点，我必须硬编码这个应用程序中的几个密钥，然后随机选择我需要加密的东西...

我的问题是如何存储那些私钥？使用 NSString 硬编码是否安全？或者

  #define SecretKeyString @febd9a24d8b65c1c787d50a4ed3619a9
  

如果用户安装了这个应用程序的iPhone越狱，他不能得到那些硬编码的密钥？感谢任何建议...

解决方案

$ b

其他应用程序所做的是要求用户登录才能使用该应用程序。然后，您使用其用户名/密码作为密钥加密密钥或使用安全的Web服务获取该用户的密钥。

如果您使用 #define 甚至一个NSString，有方法来猜测键。显然，您必须真正愿意花费大量的时间在编译代码中找到这些密钥，但是根据您正在寻找的安全级别和您正在防范的人员，这可能是一个问题。 >

In my iOS4+ app i use AES encryption on several places and whole app has to be very secure. In order to do this I have to hard code several keys in this app which are then randomly picked when I need to encrypt something...

My question is how to store those private keys? Is it safe to hard-code them using NSString? Or

#define SecretKeyString @"febd9a24d8b65c1c787d50a4ed3619a9"

If user jailbreaks iPhone with this app installed, couldn't he get those hard-coded keys? How can i hide them most effectively?

Thanks for any suggestion...

解决方案

What others apps do is require the user to "log in" before they can use the app. Then you use their userid/password as a key to encrypt the keys or use a secured web service to get the keys for that user.

If you use a #define or even an NSString, there are ways to guess the keys. Obviously, you have to truly be willing to spend a lot of time to find those keys in compiled code, but depending on the level of security you are looking for and the people you are guarding against, this might be a problem.

这篇关于在iOS中保存加密密钥的安全方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！