使用 updateApplicationContext 发送钥匙串值是否安全
Is it safe to use updateApplicationContext to send keychain value
在 watchOS 2 中,不再有共享钥匙串。
如果我想从 iOS 应用程序向 Watch 应用程序发送钥匙串值,通过 WCSession updateApplicationContext 发送它安全吗?
是的。
如果您的钥匙串值没有改变,并且您反复更新您的应用程序上下文,您可能希望安排只发送一次该值(以便手表添加到其钥匙串),而不是反复重新发送钥匙串值。
一位 Apple 工程师在开发者论坛上讨论 using Watch Connectivity to send keychain items:
If you have data on the phone that you want to access on the watch your app can use WatchConnectivity to transfer the specific data and keychain items it needs. The keychain on Apple Watch contains a distinct set of entries from the keychain on the paired iPhone, so if you need something in both places you can either generate it once for each device or use WatchConnectivity to transfer it between them.
更新:
在 watchOS 2 中,Watch Connectivity 是在配对的 phone 与其手表之间传输数据的机制。根据 iOS Security Guide.
加密设备之间的通信
至于字典在内存中时是否可以访问,或者在您的扩展程序收到它之前如何保留它,我认为您必须依靠 Apple 来解决任何可能的漏洞。
可以合理地说,信息不在 与钥匙串一样安全的地方,直到您的扩展唤醒、接收更新,然后将值存储在钥匙扣。
根据 Apple 安全指南:-
Keychain Data Protection Many apps need to handle passwords and other
short but sensitive bits of data, such as keys and login tokens. The
iOS keychain provides a secure way to store these items. The keychain
is implemented as a SQLite database stored on the file system. There
is only one database; the securityd daemon determines which keychain
items each process or app can access. Keychain access APIs result in
calls to the daemon, which queries the app’s “keychain-access-groups,”
“application-identifier,” and “applicationgroup” entitlements. Rather
than limiting access to a single process, access groups allow keychain
items to be shared between apps. Keychain items can only be shared
between apps from the same developer. This is managed by requiring
third-party apps to use access groups with a prefix allocated to them
through the iOS Developer Program via application groups. The prefix
requirement and application group uniqueness are enforced through code
signing, Provisioning Profiles, and the iOS Developer Program.
Keychain data is protected using a class structure similar to the one
used in file Data Protection. These classes have behaviors equivalent
to file Data Protection classes, but use distinct keys and are part of
APIs that are named differently.
Apple Watch it uses the security features and technology built for iOS to help protect data on the device, as well as communications
with its paired iPhone and the Internet. This includes technologies
such as Data Protection and keychain access control. The user’s
passcode is also entangled with the device UID to create encryption
keys. Pairing Apple Watch with iPhone is secured using an out-of-band
(OOB) process to exchange public keys, followed by the BTLE link
shared secret. Apple Watch displays an animated pattern, which is
captured by the camera on iPhone. The pattern contains an encoded
secret that is used for BTLE 4.1 out-of-band pairing. Standard BTLE
Passkey Entry is used as a fallback pairing method, if necessary. Once
the BTLE session is established, Apple Watch and iPhone exchange keys
using a process adapted from IDS, as described in the iMessage section
of this paper. Once keys have been exchanged, the Bluetooth session
key is discarded, and all communications between Apple Watch and
iPhone are encrypted using IDS, with the encrypted BTLE and Wi-Fi
links providing a secondary encryption layer. Key rolling is utilized
at 15-minute intervals to limit the exposure window, should traffic be
compromised. To support apps that need streaming data, encryption is
provided using methods described in the FaceTime section of this
paper, utilizing the IDS service provided by the paired iPhone. Apple
Watch implements hardware-encrypted storage and class-based protection
of files and keychain items, as described in the Data Protection
section of this paper. Access-controlled keybags for keychain items
are also used. Keys used for communication between the watch and
iPhone are also secured using class-based protection. When Apple Watch
is not within Bluetooth range, Wi-Fi can be used instead. Apple Watch
will not join Wi-Fi networks unless the credentials to do so are
present on the paired iPhone, which provides the list of known
networks to the watch automatically. Apple Watch can be manually
locked by holding down the side button. Additionally, motion
heuristics are used to attempt to automatically lock the device
shortly after it’s removed from the wrist. When locked, Apple Pay
can’t be used. If the automatic locking provided by wrist detection is
turned off in settings, Apple Pay is disabled. Wrist detection is
turned off using the Apple Watch app on iPhone. This setting can also
be enforced using mobile device management. The paired iPhone can also
unlock the watch, provided the watch is being worn. This is
accomplished by establishing a connection authenticated by the keys
established during pairing. iPhone sends the key, which the watch uses
to unlock its Data Protection keys. The watch passcode is not known to
iPhone nor is it transmitted. This feature can be turned off using the
Apple Watch app on iPhone. Apple Watch can be paired with only one
iPhone at a time. Pairing with a new iPhone automatically erases all
content and data from Apple Watch. Enabling Find My Phone on the
paired iPhone also enables Activation Lock on Apple Watch. Activation
Lock makes it harder for anyone to use or sell an Apple Watch that has
been lost or stolen. Activation Lock requires the user’s Apple ID and
password to unpair, erase, or reactivate an Apple Watch.
Apple 的回应:
The app’s content is encrypted during transit. Otherwise the content
is stored in the app’s container which provides the inherent security
of containers.
Here is a link to the Security White Paper.
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
For the in-transit part, you should take a look at the “Apple Watch”
section under "App Security". For the pertinent part of container
security, you should take a look at the “File Data Protection” section
under "Encryption and Data Protection”.
在 watchOS 2 中,不再有共享钥匙串。
如果我想从 iOS 应用程序向 Watch 应用程序发送钥匙串值,通过 WCSession updateApplicationContext 发送它安全吗?
是的。
如果您的钥匙串值没有改变,并且您反复更新您的应用程序上下文,您可能希望安排只发送一次该值(以便手表添加到其钥匙串),而不是反复重新发送钥匙串值。
一位 Apple 工程师在开发者论坛上讨论 using Watch Connectivity to send keychain items:
If you have data on the phone that you want to access on the watch your app can use WatchConnectivity to transfer the specific data and keychain items it needs. The keychain on Apple Watch contains a distinct set of entries from the keychain on the paired iPhone, so if you need something in both places you can either generate it once for each device or use WatchConnectivity to transfer it between them.
更新:
在 watchOS 2 中,Watch Connectivity 是在配对的 phone 与其手表之间传输数据的机制。根据 iOS Security Guide.
加密设备之间的通信至于字典在内存中时是否可以访问,或者在您的扩展程序收到它之前如何保留它,我认为您必须依靠 Apple 来解决任何可能的漏洞。
可以合理地说,信息不在 与钥匙串一样安全的地方,直到您的扩展唤醒、接收更新,然后将值存储在钥匙扣。
根据 Apple 安全指南:-
Keychain Data Protection Many apps need to handle passwords and other short but sensitive bits of data, such as keys and login tokens. The iOS keychain provides a secure way to store these items. The keychain is implemented as a SQLite database stored on the file system. There is only one database; the securityd daemon determines which keychain items each process or app can access. Keychain access APIs result in calls to the daemon, which queries the app’s “keychain-access-groups,” “application-identifier,” and “applicationgroup” entitlements. Rather than limiting access to a single process, access groups allow keychain items to be shared between apps. Keychain items can only be shared between apps from the same developer. This is managed by requiring third-party apps to use access groups with a prefix allocated to them through the iOS Developer Program via application groups. The prefix requirement and application group uniqueness are enforced through code signing, Provisioning Profiles, and the iOS Developer Program.
Keychain data is protected using a class structure similar to the one used in file Data Protection. These classes have behaviors equivalent to file Data Protection classes, but use distinct keys and are part of APIs that are named differently.
Apple Watch it uses the security features and technology built for iOS to help protect data on the device, as well as communications with its paired iPhone and the Internet. This includes technologies such as Data Protection and keychain access control. The user’s passcode is also entangled with the device UID to create encryption keys. Pairing Apple Watch with iPhone is secured using an out-of-band (OOB) process to exchange public keys, followed by the BTLE link shared secret. Apple Watch displays an animated pattern, which is captured by the camera on iPhone. The pattern contains an encoded secret that is used for BTLE 4.1 out-of-band pairing. Standard BTLE Passkey Entry is used as a fallback pairing method, if necessary. Once the BTLE session is established, Apple Watch and iPhone exchange keys using a process adapted from IDS, as described in the iMessage section of this paper. Once keys have been exchanged, the Bluetooth session key is discarded, and all communications between Apple Watch and iPhone are encrypted using IDS, with the encrypted BTLE and Wi-Fi links providing a secondary encryption layer. Key rolling is utilized at 15-minute intervals to limit the exposure window, should traffic be compromised. To support apps that need streaming data, encryption is provided using methods described in the FaceTime section of this paper, utilizing the IDS service provided by the paired iPhone. Apple Watch implements hardware-encrypted storage and class-based protection of files and keychain items, as described in the Data Protection section of this paper. Access-controlled keybags for keychain items are also used. Keys used for communication between the watch and iPhone are also secured using class-based protection. When Apple Watch is not within Bluetooth range, Wi-Fi can be used instead. Apple Watch will not join Wi-Fi networks unless the credentials to do so are present on the paired iPhone, which provides the list of known networks to the watch automatically. Apple Watch can be manually locked by holding down the side button. Additionally, motion heuristics are used to attempt to automatically lock the device shortly after it’s removed from the wrist. When locked, Apple Pay can’t be used. If the automatic locking provided by wrist detection is turned off in settings, Apple Pay is disabled. Wrist detection is turned off using the Apple Watch app on iPhone. This setting can also be enforced using mobile device management. The paired iPhone can also unlock the watch, provided the watch is being worn. This is accomplished by establishing a connection authenticated by the keys established during pairing. iPhone sends the key, which the watch uses to unlock its Data Protection keys. The watch passcode is not known to iPhone nor is it transmitted. This feature can be turned off using the Apple Watch app on iPhone. Apple Watch can be paired with only one iPhone at a time. Pairing with a new iPhone automatically erases all content and data from Apple Watch. Enabling Find My Phone on the paired iPhone also enables Activation Lock on Apple Watch. Activation Lock makes it harder for anyone to use or sell an Apple Watch that has been lost or stolen. Activation Lock requires the user’s Apple ID and password to unpair, erase, or reactivate an Apple Watch.
Apple 的回应:
The app’s content is encrypted during transit. Otherwise the content is stored in the app’s container which provides the inherent security of containers.
Here is a link to the Security White Paper. https://www.apple.com/business/docs/iOS_Security_Guide.pdf
For the in-transit part, you should take a look at the “Apple Watch” section under "App Security". For the pertinent part of container security, you should take a look at the “File Data Protection” section under "Encryption and Data Protection”.