16

What I'm trying to do

Basically what I'm trying to do is figure out a way to encrypt data using Touch ID.

Sadly I've not found a way to create an encryptionKey with Touch ID, since the LAContext API only returns a aye/nay response.

Why I'm trying it

I'm implementing different log in methods in an app. The supported log in methods are a password, PIN-code and Touch ID. The user is free to choose whatever log in method he/she wants.
Only the password however, is send to the server which will authenticate the user. As such, only the password is stored in the keychain.

The encryptionKey, used to first encrypt and then store the password in the keychain, is created using whatever method the user chose as log in method.
If the user chose to use a PIN-code, the encryptionKey is derived from that PIN-code, the same can be said when the user chose a password as log in method.

My question is:

How can I fit Touch ID in this picture?

I've searched on the internet, but only found what I already feared.
Since iOS only returns a true or false from the Secure Enclave, it's impossible to create an encryptionKey.

I know the keychain is encrypted by itself, but for security reasons (please don't elaborate on this) I need an encrypted password stored in the keychain.

EDIT:

The reason behind storing data encrypted in the keychain is because the keychain can be breached by jailbreaking a device. And since the app I'm working on allows users to view (mostly) corporate sensitive data, I need to take even jailbreaking into consideration.

Community
  • 1
  • 1
Gerald Eersteling
  • 1,244
  • 14
  • 28
  • 2
    Short answer NO, the TouchID can only be used to used to validate a know user of the device. Hence you will one receive a `BOOL`. – rckoenes Aug 13 '15 at 09:29
  • 1
    Great feature request... :- ( I too wish we could do this. – Paul Cezanne Aug 13 '15 at 14:05
  • It's really too bad; implementing TouchID for third-party apps (in my case/context with corporate data) is actually taking a small step backwards in terms of security. The convenience for the user is noted however. – Gerald Eersteling Aug 14 '15 at 06:22
  • I'd question how much security a pin code is adding to the equation. How long would it take an attacker to brute force the entire 10^6 key space for a 6 digit pin code if they've compromised the enciphered password and whatever you're using to salt the key derivation method? – Johnny C May 18 '16 at 17:47
  • @JCSG I don't think including a PIN is explicitly adding any security. In fact, I think security actually suffers the more options you add for encrypting a password. Adding the other log in methods is only done as a convenience act towards the user; you'd be better off using a 'long' and 'irregular' password as only log in method. – Gerald Eersteling May 19 '16 at 07:08
  • @Gee.E See my answer. I think this is what you are looking for. For some reason, the keychain Touch ID API is much less known about vs the LocalAuthentication framework. – Léo Natan Oct 28 '16 at 14:09

2 Answers2

5

Use the kSecAccessControlTouchIDCurrentSet or kSecAccessControlTouchIDAny keychain access control attributes to protect your encryption key in the keychain. Using this API will fail if the user does not have Touch ID enabled (or the device does not support it), and using kSecAccessControlTouchIDCurrentSet will fail if the user modifies the set of fingerprints. In case of failure, you can then fallback to your normal authentication UI, such as pin code or password entry.

See the WWDC 2014 711 Keychain and Authentication with Touch ID talk and WWDC 2015 706 Security and Your Apps for more information.

As a general note, do not store data in the keychain. You should only store passwords, encryption keys or credentials, and use those to decrypt data stored on the disk.

Léo Natan
  • 56,823
  • 9
  • 150
  • 195
  • 1
    I've seen the TouchID API on the keychain, but from what I remember; it was not exactly what I was looking for. I'l look into it again whenever I have the time to open up the project again. That being said; I'm aware that you should use the keychain as...well a place to store _keys_, not 'general' data :) – Gerald Eersteling Oct 31 '16 at 10:04
  • I am just saying that because we used to abuse the keychain for general purpose storage, and things start going bad after a while. – Léo Natan Oct 31 '16 at 10:05
  • Agreed, didn't mean to offend you; I've heard/seen stories of keychain uses that...raised my eyebrow. – Gerald Eersteling Oct 31 '16 at 10:14
-1

I know, this question was posted back in 2015, but I researched for the same problem. As Far I know, it's actually not possible.

I have found this Quote on the 1Password website concerning this topic:

Don’t jailbreak your device. Someone with physical access to your device could theoretically access the secret that 1Password stored in the iOS Keychain. However, that would require unlocking the device, jailbreaking the device (so that something other than 1Password can read the iOS Keychain data that belongs to 1Password), and defeating the obfuscation of the Master Password. If you jailbreak your device, you are willingly defeating one of the strongest defenses against such an attack.

So, simple answer: It's not possible :(

leodaniel
  • 11
  • 2
  • Not really what the OP is asking right? Using the fingerprint as a key, so not storing it in the keychain, would fix this issue. – Erik Terwan Oct 28 '16 at 14:54
  • I'm not sure I fully understand your answer. As @ErikTerwan said; my question is about whether or not you can effectively use TouchID to encrypt an _encryptionKey_ which is used for encrypting a password. – Gerald Eersteling Oct 31 '16 at 10:07
  • @ErikTerwan maybe I wasn't clear enough, what he is asking is not possible on iOS! You need to use the KeyChain, which may be insecure (jailbreak) – leodaniel Nov 01 '16 at 14:52