CODEWITHSUNDEEP
swiftkeychainproperty-list
Matthew So
Matthew So

Reputation: 85

Looking for right approach to saving data with Keychain and data encryption - Swift 5

My app stores user's sensitive data and I wonder what is general/proper/the most secure way to secure the data.

My approach now is saving encoded data into Keychain, more specifically but simply :

  1. I am encoding/decoding custom types in array with PropertyList
  2. Then pass these to Keychain. I am using a wrapper called KeychainAccess thanks to Kishikawa Katsumi.
  3. Retrieve data from Keychain then decode it to display on tableview.

Below is my code bits : 

extension UserInformation {

    static let propertyListEncoder = PropertyListEncoder()
    static let propertyListDecoder = PropertyListDecoder()
    static let keychain = Keychain(service: "com.xxxxx.DataSaving-App")

    static func saveToKeychain(userInfo: [UserInformation]) {
        let data = try? propertyListEncoder.encode(userInfo)
        if let savingData = data {
            dump(userInfo)
            keychain[data: "encodedUserInfo"] = NSData(data: savingData) as Data
        }
    }

    static func loadFromKeychain() -> [UserInformation]? {
        guard let retrievedData = keychain[data: "encodedUserInfo"] else {
            return nil }
        let data = try? propertyListDecoder.decode(Array<UserInformation>.self, from: retrievedData)
        return data
    }

}

Above works fine and no problem found so far. However, I am not sure to use PropertyListEncoder is right way to encode/decode. Please kindly see below specified questions and giving advice to me should be very grateful.

  1. Would above approach be secure enough?
  2. Is PropertyListEncoder/Decoder just doing ENCODING/DECODING, NOT SAVING DATA TO ANY, like plist or any storage where is vulnerable?
  3. If any other measure is needed, is encrypting data with Common Swift then passing it to Keychain making sense?

I spent few weeks to find detail solution but no luck yet. Please help a new developer.

Upvotes: 1

Views: 497

Answers (1)

matt
matt

Reputation: 534885

Property list encoding is not encryption. It's plain text (possibly in binary format); it is just a form of serialization. The "encryption" in your example consists of the fact that the information is hidden in the keychain. And the keychain is generally regarded as sufficiently secure.

Upvotes: 1

Related Questions