1

I have an iPhone application that talks to a web service over SSL. I would like to distribute a key with the app which the app can use to identify itself to the web service (An application key). All apps can use the same key, so I can distribute the same key with every app.

How can I distribute this in a way that protects it from discovery or use by anything other than the application?

I am using Core Data with a SQLite db.

aynber
  • 22,380
  • 8
  • 50
  • 63
Undistraction
  • 42,754
  • 56
  • 195
  • 331

1 Answers1

0

You can use the iOS keychain mechanism. Google for that for more info, or get a look at SFHFKeychainUtils, which is a small class by Buzz Andersen that makes handling the key chain very easy.

If you are concerned about the "real" security offered by the iOS keychain, have a read at this very interesting S.O. article.

Community
  • 1
  • 1
sergio
  • 68,819
  • 11
  • 102
  • 123
  • Thanks. So I can distribute the key securely with the application and then access it from within the application? – Undistraction Apr 11 '12 at 09:24
  • That is what the keychain is meant for... it is just like the MacOS keychain, every sensible piece of info (passwords, certs, etc) are stored there... – sergio Apr 11 '12 at 09:26
  • 1
    So I can store a password securely once the application is installed, but how would I protect the password when I distribute it? I would need to store the password in the app bundle until the application first runs and can add it to Keychain. During this time it is exposed. – Undistraction Apr 11 '12 at 09:58