4

How to prevent that keychain items will not be added to the backup? As well into encrypted backups? When keychain (SecItem) item is configured like shown below, then this keychain item can be backed up and restored to another device.

let query = [
    String(kSecClass) : kSecClassGenericPassword,
    String(kSecAttrService) : "SecAttrService",
    String(kSecAttrAccount) : "SecAttrAccount",
    String(kSecValueData) : mobileId,
]

So, how to prevent that keychain item will not be backed up?

HangarRash
  • 7,314
  • 5
  • 5
  • 32
Ramis
  • 13,985
  • 7
  • 81
  • 100
  • Do you want to backup or not? Because the question suggests that your items are not added to the backup and you want to prevent that. But I assume that what you really want is "not to backup" at all – leizeQ May 06 '16 at 08:02

3 Answers3

3

Use a "ThisDeviceOnly" accessibility constant, ideally kSecAttrAccessibleWhenUnlockedThisDeviceOnly :

https://developer.apple.com/library/ios/documentation/Security/Reference/keychainservices/#//apple_ref/doc/constant_group/Keychain_Item_Accessibility_Constants

Nabla
  • 612
  • 5
  • 8
  • if I understand this right, we can't prevent items from backup. they will be backed up but will restore only to the same device. – leizeQ May 06 '16 at 08:04
  • Yes; from a security point of view it is almost the same as "not backed up" because there is no way to extract things from the backup without the device (which has the unique key needed to unlock the backup). – Nabla May 06 '16 at 15:35
0

to prevent that keychain will not able to back up using

pod 'KeychainSwift', '~> 20.0'

let keychain = KeychainSwift() keychain.set("Hello world", forKey: "key 1", withAccess: .accessibleWhenUnlockedThisDeviceOnly)

note:

accessibleWhenUnlockedThisDeviceOnly

The data in the keychain item can be accessed only while the device is unlocked by the user.

This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.

Seak
  • 59
  • 2
  • 4
-2

As long as data in not in app directory these data shall not be backed up, also there are flags which can be set in folder which shall not be backedup, try similar to below

Can I add the Do not Back up for the "Document Directory" for iCloud

iOS - Flag entire Document directory as do not backup

Community
  • 1
  • 1
mkumar
  • 111
  • 1
  • 10