2

In my app, I want to keep very sensitive data persisted on a client in an encrypted cache, and thought of using the keychain.

Potentially, we could end up putting quite a bit of information (a couple of MBs) into this cache and was wondering...

  • Are there any hard limits on the size of data that I can cram into the keychain?
  • Is there another/better place I can store this data? I only need a simple key/value interface similar to NSUserDefaults, but encrypted.

Thanks in advance!

rmaddy
  • 314,917
  • 42
  • 532
  • 579
72A12F4E
  • 1,744
  • 1
  • 14
  • 28

1 Answers1

4

The keychain (consider the name) is designed to hold keys and other reasonably small secure items. For data, encrypt it with AES using Common Crypto and save the key in the keychain. Create the key from random bytes. Save the encrypted data in the Documents directory or subdirectory.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • Do you know of any open source libraries that can do this kind of thing already, or do I have to roll my own? – 72A12F4E Nov 25 '15 at 00:19
  • There are plenty of encryption examples on OS. What language are you using? Make an attempt and put that in a question. – zaph Nov 25 '15 at 00:23
  • ObjC and Swift. I have a larger project (200+ classes) that needs some form of client side caching of sensitive data, and was hoping someone already had already created a library that could solve this problem. – 72A12F4E Nov 25 '15 at 00:26
  • Probably Swift is easiest since it has a cleaner interface to the Keychain. See this [SO Answer](http://stackoverflow.com/a/25755864/451475) for Swift encryption and this [SO answer](http://stackoverflow.com/a/25489618/451475) for the keychain. You can use `arc4random_buf`, `SecRandomCopyBytes()` to obtain random bytes for the key. – zaph Nov 25 '15 at 00:52
  • See [Mark's answer](http://stackoverflow.com/a/24165635/199364), which tested different lengths, resulting in max length of 16,777,110. Does not say on what device or iOS version the testing was done. – ToolmakerSteve Dec 22 '16 at 00:26
  • For anyone using Xamarin, for a simpler API, see XLabs.Platform.iOS/Services/SecureStorage.cs (available as a component, or as sources on GitHub - XLabs.Platform). This uses KeyChain on iOS. – ToolmakerSteve Dec 22 '16 at 00:30