5

I write very secure application (for Bank) and I keep the private key in the Keychain. I keep the Private key using the following code:

+(void)savePrivatekey:(NSString *)Key
{
    KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"pKey" accessGroup:nil];
    [keychain setObject:Key forKey:(id)kSecValueData];
    [keychain release];
}

and for get the private key using the following code:

+(NSString *)privateKey
{
    KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"pKey"accessGroup:nil];
    NSString *privateKey = [keychain objectForKey:(id)kSecValueData];
    [keychain release];
    return privateKey;
}

i don't save the private key in local variable from security reasons. because every call to server I need the private key i call to to function "GetPrivateKey" a lot of times. Maybe that's why sometimes i get from the keychain empty string. i can't think of why this might happen. I noticed that in most cases this happens when the application return from background but no only... thanks...

I opened ticket at Apple's engineers and they responded to me:

Are you setting the kSecAttrAccessible attribute when you create the keychain item initially?

I always create the same shape keychain: KeychainItemWrapper * keychain = [[KeychainItemWrapper alloc] initWithIdentifier: @ "pKey" accessGroup: nil];

Does anyone know what their intent? thanks...

Guy Kahlon
  • 4,510
  • 4
  • 30
  • 41
  • Keeping a pointer in a local variable doesn't sound like a security problem to me...? – faffaffaff Jun 27 '13 at 13:38
  • Me too, but still the instructions were not to keep the private key variable besides in the keychain.... – Guy Kahlon Jun 27 '13 at 13:49
  • 1
    not strictly relevant, but naming your method `get...` doesn't follow Cococa naming conventions: `Use “get” only for methods that return objects and values indirectly. You should use this form for methods only when multiple items need to be returned.` https://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/CodingGuidelines/Articles/NamingMethods.html – Gabriele Petronella Jun 27 '13 at 14:43
  • I don't use ARC unfortunately,(Phonegap 1.7) – Guy Kahlon Jun 27 '13 at 15:19
  • Here's a shot in the dark: [KeychainItemWrapper Not Updating](http://stackoverflow.com/questions/8054285/ios-keychainitemwrapper-not-updating) – Zach L Jun 27 '13 at 15:37

2 Answers2

1

I answered my own question a while back regarding this. I'm not sure if this is your exact problem as your code seems to look/work fine. So regarding your keychain access, I'm guessing it is a bit different. This may or may not help, but might steer you in the right direction.

iOS KeyChain not retrieving values from background

Community
  • 1
  • 1
Bill Burgess
  • 14,054
  • 6
  • 49
  • 86
0

If your class is using ARC the following works for me every time.

KeychainItemWrapper *testKeychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"AppUniqueID" accessGroup:nil];
NSString *privateKey = [testKeychain objectForKey:(__bridge id)(kSecValueData)];

NSLog(@"Private Key: %@ \n", privateKey);
Zach L
  • 1,277
  • 4
  • 18
  • 37