- 现在很多人对于安全越来越重视,作为程序猿的我们,也需要在这一方面多下功夫,让我们APP用户储存的私人信息更加的安全,我看到过很多的人写代码,虽然明文密码不会被储存,经常是储存服务器返回的一个秘钥,大部分程序猿就裸存了,直接就存储在NSUserDefaults里面了,也有些程序猿有对其进行AES或DES加密后再储存,但是其本身AES或DES的秘钥都是写在代码中的,一旦程序被反编译,想要获取的秘钥也是相当容易的一件事了。
- 苹果自己本身就有一个方法可以让我们储存一些机密的东西,储存的机制就是将我们需要储存的东西储存在钥匙串🔑里面,这样除非整个iOS的安全机制被破解,要不然你储存的东西就会相对的安全。
下面提供一个工具类KeychainTool用户存储
#import <Foundation/Foundation.h>
@interface KeychainTool : NSObject
/**
* 储存字符串到🔑钥匙串
*
* @param sValue 对应的Value
* @param sKey 对应的Key
*/
+ (void)saveKeychainValue:(NSString *)sValue Key:(NSString *)sKey;
/**
* 从🔑钥匙串获取字符串
*
* @param sKey 对应的Key
*
* @return 返回储存的Value
*/
+ (NSString *)readKeychainValue:(NSString *)sKey;
/**
* 从🔑钥匙串删除字符串
*
* @param sKey 对应的Key
*/
+ (void)deleteKeychainValue:(NSString *)sKey;
@end
#import "KeychainTool.h"
@implementation KeychainTool
+ (NSMutableDictionary *)getKeychainQuery:(NSString *)service
{
return [NSMutableDictionary dictionaryWithObjectsAndKeys:
(__bridge_transfer id)kSecClassGenericPassword,(__bridge_transfer id)kSecClass,
service, (__bridge_transfer id)kSecAttrService,
service, (__bridge_transfer id)kSecAttrAccount,
(__bridge_transfer id)kSecAttrAccessibleAfterFirstUnlock,(__bridge_transfer id)kSecAttrAccessible,
nil];
}
+ (void)saveKeychainValue:(NSString *)sValue Key:(NSString *)sKey
{
//Get search dictionary
NSMutableDictionary *keychainQuery = [self getKeychainQuery:sKey];
//Delete old item before add new item
SecItemDelete((__bridge_retained CFDictionaryRef)keychainQuery);
//Add new object to search dictionary(Attention:the data format)
[keychainQuery setObject:[NSKeyedArchiver archivedDataWithRootObject:sValue] forKey:(__bridge_transfer id)kSecValueData];
//Add item to keychain with the search dictionary
SecItemAdd((__bridge_retained CFDictionaryRef)keychainQuery, NULL);
}
+ (NSString *)readKeychainValue:(NSString *)sKey
{
NSString *ret = nil;
NSMutableDictionary *keychainQuery = [self getKeychainQuery:sKey];
//Configure the search setting
[keychainQuery setObject:(id)kCFBooleanTrue forKey:(__bridge_transfer id)kSecReturnData];
[keychainQuery setObject:(__bridge_transfer id)kSecMatchLimitOne forKey:(__bridge_transfer id)kSecMatchLimit];
CFDataRef keyData = NULL;
if (SecItemCopyMatching((__bridge_retained CFDictionaryRef)keychainQuery, (CFTypeRef *)&keyData) == noErr) {
@try {
ret = (NSString *)[NSKeyedUnarchiver unarchiveObjectWithData:(__bridge_transfer NSData *)keyData];
} @catch (NSException *e) {
NSLog(@"Unarchive of %@ failed: %@", sKey, e);
} @finally {
}
}
return ret;
}
+ (void)deleteKeychainValue:(NSString *)sKey {
NSMutableDictionary *keychainQuery = [self getKeychainQuery:sKey];
SecItemDelete((__bridge_retained CFDictionaryRef)keychainQuery);
}
@end