hide registration code from user on iOS

Question

Only a short question here, I would like to know the best place to put my registration code for the user that I get back from the server. I am encrypting it as seen here.

//encrypting
NSString* strToEncrypt =NewPINField.text
NSString* theKey = @\"KeyKeyKeyKey\";
NSData* dataToEncrypt = [strToEncrypt dataUsingEncoding: NSUTF8StringEncoding];
NSData *encryptedData = [dataToEncrypt EncryptWithKey: theKey];
NSLog(@\"Encrypted data: %@\", encryptedData);


//decrypting
NSData* encryptedData = (NSData*)[profileData objectForKey:@\"PIN\"];
NSString* theKey = @\"KeyKeyKeyKey\"; //notice this is the same as above. It MUST be
NSData *decData = [encryptedData DecryptWithKey: theKey ];
currentPIN = [NSString stringWithUTF8String:[decData bytes]];

NSLog(@\"Decrypted pin: %@\", currentPIN);

The only other specification is to hide it / put it somewhere no know would think to look. I need to save state so it needs to be some sort of plist, I was just wondering if there is a way to hide it a little better than just adding it straight to my plist file.

what would you do?

Any help would be greatly appreciated.

Answer 1

If you need to securely store data, I would highly recommend using the keychain. There is a tutorial on creating a basic keychain app here: http://www.raywenderlich.com/6475/basic-security-in-ios-5-tutorial-part-1

You can safely store data in the keychain without worrying about encrypting it first, since that is handled by the OS. But you can if you want to.

When implementing security, never try to hide things where someone won't look: http://en.wikipedia.org/wiki/Security_through_obscurity