2

I am developing an app and need a way to securely store API secrets and IDs. I understand that storing these strings directly within source-code is insecure as the code can be decompiled by hackers. I was wondering what the best way of hiding and securing these strings is and whether there is standard practise for doing such? I know this

From my own research I understand that hashing only allows a one-way encryption for verification of a string and that encryption allows two way encryption/decryption via the use of an encryption key. Therefore it may be necessary to hide the encrypted keys and their string's within a file.

Thanks

D

rmaddy
  • 314,917
  • 42
  • 532
  • 579
dgee4
  • 381
  • 3
  • 16
  • Who has given a -1 ? Its an important and intersting question of "How to store a secret during compile time and deliver it?" I am thinking of internal API keys, the user never will see, but need to be present at runtime. – ThorstenC Jun 08 '15 at 08:03
  • you can see a discussion of your question here: http://stackoverflow.com/questions/5525305/how-to-store-a-secret-api-key-in-an-applications-binary?rq=1 – ThorstenC Jun 08 '15 at 08:08

1 Answers1

-1

The place to save keys and API secrets is the App Keychain.

The keychain is designed to store secrets in a secure encrypted manner, there is no better way in iOS.

See iOS Keychain Services Tasks.
There are many source on SO of how to access the keychain.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • You have to get the keys into the keychain firstly. So if it's a static API key this isn't a solution. – SmileBot Jan 11 '22 at 16:11