Reputation: 3104
Can I use NSURLCredentialStorage with Data Protection?
As far as I know, NSURLCredentialStorage is just a wrapper for the keychain services with a more convenient API. Which is why I'd like to use it. But I also want to take advantage of the Data Protection feature kSecAttrAccessibleWhenUnlockedThisDeviceOnly that keychain offers.
Is there a way to set this attribute when using NSURLCredentialStorage to store credentials?
Upvotes: 2
Views: 576
Answers (1)
Reputation: 3104
Turns out the answer is Yes, kind of. I looked into the keychain item that NSURLCredentialStorage created. It is of the class kSecClassInternetPassword and has the access key kSecAttrAccessible set to "ak", which is kSecAttrAccessibleWhenUnlocked. So the password is not decrypted while the device is locked.
The only downside is that NSURLCredentialStorage doesn't offer a way to change that to kSecAttrAccessibleWhenUnlockedThisDeviceOnly to get an additional level of security for your backed-up data. You could only change that attribute manually on the keychain item using the lower level keychain APIs (i.e. SecItemUpdate).
Upvotes: 2
Related Questions
- iOS user data storage dilemma
- NSURLCache and Data Protection
- Keychain - Secure Data Storage
- How to store manually in ios keychain?
- NSUbiquitousKeyValueStore Security & Encryption for storing sensitive data
- Can I use NSURLCredentialStorage for HTTP Basic Authentication?
- Storing datas in keychain
- Security in iPhone
- password protect core data persistent store
- NSURLCredentialStorage and client certificate authentication