Reputation: 1404
SwiftUI / iOS / iPhone how to encrypt data/ image before storing and where / how to store locally, general best practice?
I am new to SwiftUI (iOS App Ver 14.x) as I normally use Xamarin.
In this case I need to have the application specifically written in SwiftUI. (I am aware that some stuff still needs UIKit).
I have got my head around it though I am generally speaking struggling to get to grips with where and how to store stuff.
For example (greatly simplified) let us say I want the following:
All in the same view.
Two form fields:
First Name: … Last Name: …
A Button that says, “Add Photo”.
A Button that says, “Save Locally” (N/a but just for info, to be later uploaded to a web service that isn't always available at some point).
Now doing all the standard stuff this is pretty straight forward.
BUT.
I want to encrypt the form input (once converted to JSON, note I can convert to JSON easy enough).
I also want to encrypt the image before it is stored. (the real app has more than one image).
The stuff will be encrypted in the real app using asymmetric encryption (which I understand well, again this is not so relevant here).
But for the sake of example, I am happy to just ‘encrypt’ the JSON and picture as two separate files using something simple just to show the idea. XOR it or something simple to show.
My question is where is the best places code wise to do this with some basic examples if possible. I know this is a little subjective but just something simple and obvious. Click button, run this func, do this type of thing etc.
Where do I store stuff (which I am finding a bit all over the place)? This is my main source of confusion being honest.
My understanding is that you would use a FileManager object and the documents directory (though I am not sure if this is best practice, or even the right place.
The requirement from a client is that nothing is stored unencrypted for compliance reasons (completely ignoring anything Apple have in place good or bad).
Upvotes: 0
Views: 870
Answers (1)
Reputation: 11134
Yes you can just store it in the documents folder by using file manager:
FileManager.url(for: .documentDirectory, in: .userDomainMask, appropriateFor: nil, create: false)[0]
As for encryption, if you encrypt the data before writing them to disk then they are encrypted...
One issue is that the encryption key has to be stored securely as well. For this, I usually generate the key when it is first used and store in keychain. Hard-coding the key in the code is not as secure because it makes the key identical for all users, and the binary can (not sure how easy) be reverse-engineered. We have to trust Apple's keychain to be secure. Some checks for jailbreaking may also help hear.
Also note that unlike other app data (UserDefaults, files etc), keychain is NOT cleared when the app is reinstalled!!! This can be a major source of headache. If desired, you can work around this by running a a chunk of code to clear the keychain when the app runs the first time after installation (by keeping a flag in UserDefaults, for example, which is cleared when app is reinstalled).
Upvotes: 1
Related Questions
- How can i store encrypted data
- Saving sensitive data securely in swift
- Looking for right approach to saving data with Keychain and data encryption - Swift 5
- Image Encryption in Swift
- How to protect (encrypt) data stored by webkit/local store
- macOS swift - save data to local storage - best practices
- Securing data in iOS. Keychain or any other approach?
- Using Swift, what is the best way to encrypt an object(s) for storage?
- Storing encryption key within iOS app?
- Advise where to store data for iOS app