New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: UBSecureStorage #27
base: main
Are you sure you want to change the base?
Conversation
UBSecureStorage is a drop in replacement for the iOS Keychain. Instead of saving each value individually on the keychain only the key is stored there. The actual encrypted data is stored in the documents directory
var error: Unmanaged<CFError>? | ||
guard | ||
let access = | ||
SecAccessControlCreateWithFlags( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
option für secure enclave mit FaceID?
import Foundation | ||
|
||
@available(iOS 11.0, *) | ||
public class UBEnclave: UBEnclaveProtocol { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
eher key provider
|
||
self.logger = UBLogging.frameworkLoggerFactory(category: "UBSecureStorage[\(fileName)]") | ||
|
||
let documentsPath = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
backup flag, file protection
private func loadDict() -> Result<[String: Data], UBSecureStorageError> { | ||
dispatchPrecondition(condition: .onQueue(queue)) | ||
|
||
guard FileManager.default.fileExists(atPath: filePath.path) else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
file protection check
} | ||
|
||
let key: SecKey | ||
switch loadOrGenerateKey() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hier sollte der key nie generiert werden, das file wurde ja schon geschrieben
return .failure(.enclaveError(error)) | ||
} | ||
|
||
switch enclave.verify(data: wrapper.encrypedData, signature: wrapper.signature, with: key) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
verify ist nicht notwenig (nicht security relevant)
} | ||
|
||
let key: SecKey | ||
switch loadOrGenerateKey() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nur generieren wenn file nicht existiert!
case let .success(value): | ||
return value | ||
case .failure: | ||
return defaultValue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fallback auf default value ist bei vielen fehler nicht cool
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nur bei notFound ok
|
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
UBSecureStorage is a drop in replacement for the iOS Keychain. Instead of saving each value individually on the keychain only the key is stored there. The actual encrypted data is stored in the documents directory