1
votes

My cocoa app will have the following features: 1. password protected login. User will have to enter the password in order to use the app 2. once logged in, user can create some personal profile, which profile can store some secure info like password.

After some research, I was told that I should use the KeyChain in order to save the secure info (so in my case, the login password and the secure info within each personal profile).

Seems like there is a good KeyChain wrapper, SSKeyChain, can be used to achieve my goal (as I'm not too familiar with c lang so using the apple's keychain will be hard for me) and I have also found some samples of using SSKeyChain iOS: How to store username/password within an app?:

To save a password:

[SSKeychain setPassword:@"AnyPassword" forService:@"AnyService" account:@"AnyUser"]
To retrieve a password:

NSString *password = [SSKeychain passwordForService:@"AnyService" account:@"AnyUser"];

However I'm not sure if I need to "protect" my keychain: 1. when calling setPassword:forService:account: should I include a plaintext password? or do I need to encrypt my password first? also when setting the service name, should I just simply include my app name 2. if password can be retrieved by using passwordForService: easily then it seems like it's not safe? as other app can also call the same method to retrieve the keychain? (provided that they know the service name and account)

I have read the apple documentaion: https://developer.apple.com/library/mac/#documentation/security/conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-TP9

and seems like you have to "lock" and "unlock" this keychain. I have checked the SSKeyChain doc http://docs.samsoff.es/SSKeychain/Classes/SSKeychain.html but couldn't find any method to "lock" and "unlock" such keychain. So how am I going to protect it?

1

1 Answers

1
votes

The Keychain Services from the system limits each application to only have access to it's own keychain items by default. The locking and unlocking are all handled behind the scenes of Keychain Services.

When you use Xcode to create an application, Xcode adds an application-identifier entitlement to the application bundle. Keychain Services uses this entitlement to grant the application access to its own keychain items.

http://developer.apple.com/library/mac/#documentation/Security/Reference/keychainservices/Reference/reference.html