My cocoa app will have the following features: 1. password protected login. User will have to enter the password in order to use the app 2. once logged in, user can create some personal profile, which profile can store some secure info like password.
After some research, I was told that I should use the KeyChain in order to save the secure info (so in my case, the login password and the secure info within each personal profile).
Seems like there is a good KeyChain wrapper, SSKeyChain, can be used to achieve my goal (as I'm not too familiar with c lang so using the apple's keychain will be hard for me) and I have also found some samples of using SSKeyChain iOS: How to store username/password within an app?:
To save a password:
[SSKeychain setPassword:@"AnyPassword" forService:@"AnyService" account:@"AnyUser"]
To retrieve a password:
NSString *password = [SSKeychain passwordForService:@"AnyService" account:@"AnyUser"];
However I'm not sure if I need to "protect" my keychain: 1. when calling setPassword:forService:account: should I include a plaintext password? or do I need to encrypt my password first? also when setting the service name, should I just simply include my app name 2. if password can be retrieved by using passwordForService: easily then it seems like it's not safe? as other app can also call the same method to retrieve the keychain? (provided that they know the service name and account)
I have read the apple documentaion: https://developer.apple.com/library/mac/#documentation/security/conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-TP9
and seems like you have to "lock" and "unlock" this keychain. I have checked the SSKeyChain doc http://docs.samsoff.es/SSKeychain/Classes/SSKeychain.html but couldn't find any method to "lock" and "unlock" such keychain. So how am I going to protect it?