我们如何以加密格式在钥匙串中存储用户名-密码组合
How can we store a username-password combination in keychain in encrypted format
我需要在我的 application.Currently 中实现离线登录 我将密码存储在钥匙串中,当应用程序 online.But 时至少用于登录一次 我现在不检查用户名密码组合。如果我有多个用户使用一个设备,仅存储密码是不够的。那么你们中的任何人都可以提出一些可以在没有安全漏洞的情况下完成的事情吗?
你可以使用 NSURLCredential 取决于这个 link
商店
NSURLCredential *credential;
credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent];
[[NSURLCredentialStorage sharedCredentialStorage] setCredential:credential forProtectionSpace:self.loginProtectionSpace];
获取商店数据
NSURLCredential *credential;
NSDictionary *credentials;
credentials = [[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:self.loginProtectionSpace];
credential = [credentials.objectEnumerator nextObject];
NSLog(@"User %@ already connected with password %@", credential.user, credential.password);
您可以将其保存在专为保存敏感信息而设计的设备钥匙串中。从此 Ray Wenderlich tutorial 下载包装器并使用 sha512
加密密码
#import "KeychainWrapper.h"
#include <CommonCrypto/CommonDigest.h>
-(void)createSHA512andSaveToKeychain:(NSString*)unencryptedPasswd {
const char *passwdBytes= [unencryptedPasswd cStringUsingEncoding:NSUTF8StringEncoding];
NSData *passwordData = [NSData dataWithBytes:passwdBytes length:unencryptedPasswd.length];
uint8_t digest[CC_SHA512_DIGEST_LENGTH];
CC_SHA512(passwordData.bytes, passwordData.length, digest);
NSMutableString *encryptedPasswd= [NSMutableString stringWithCapacity:CC_SHA512_DIGEST_LENGTH * 2];
for(int i = 0; i < CC_SHA512_DIGEST_LENGTH; i++) {
[encryptedPasswd appendFormat:@"%02x", digest[i]];
}
// Save the password in the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
[keychainWrapper mySetObject:encryptedPasswd forKey:(__bridge id)kSecValueData];
[keychainWrapper writeToKeychain];
}
找回密码:
// Retrieve the pwd from the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
NSString *pwd = [keychainWrapper myObjectForKey:@"v_Data"];
我建议您存储密码,使用登录名作为密钥。类似于:acccount_test@test.com / password.
您也可以对密码的 md5 值进行编码以提高安全性
我需要在我的 application.Currently 中实现离线登录 我将密码存储在钥匙串中,当应用程序 online.But 时至少用于登录一次 我现在不检查用户名密码组合。如果我有多个用户使用一个设备,仅存储密码是不够的。那么你们中的任何人都可以提出一些可以在没有安全漏洞的情况下完成的事情吗?
你可以使用 NSURLCredential 取决于这个 link
商店
NSURLCredential *credential;
credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent];
[[NSURLCredentialStorage sharedCredentialStorage] setCredential:credential forProtectionSpace:self.loginProtectionSpace];
获取商店数据
NSURLCredential *credential;
NSDictionary *credentials;
credentials = [[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:self.loginProtectionSpace];
credential = [credentials.objectEnumerator nextObject];
NSLog(@"User %@ already connected with password %@", credential.user, credential.password);
您可以将其保存在专为保存敏感信息而设计的设备钥匙串中。从此 Ray Wenderlich tutorial 下载包装器并使用 sha512
加密密码#import "KeychainWrapper.h"
#include <CommonCrypto/CommonDigest.h>
-(void)createSHA512andSaveToKeychain:(NSString*)unencryptedPasswd {
const char *passwdBytes= [unencryptedPasswd cStringUsingEncoding:NSUTF8StringEncoding];
NSData *passwordData = [NSData dataWithBytes:passwdBytes length:unencryptedPasswd.length];
uint8_t digest[CC_SHA512_DIGEST_LENGTH];
CC_SHA512(passwordData.bytes, passwordData.length, digest);
NSMutableString *encryptedPasswd= [NSMutableString stringWithCapacity:CC_SHA512_DIGEST_LENGTH * 2];
for(int i = 0; i < CC_SHA512_DIGEST_LENGTH; i++) {
[encryptedPasswd appendFormat:@"%02x", digest[i]];
}
// Save the password in the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
[keychainWrapper mySetObject:encryptedPasswd forKey:(__bridge id)kSecValueData];
[keychainWrapper writeToKeychain];
}
找回密码:
// Retrieve the pwd from the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
NSString *pwd = [keychainWrapper myObjectForKey:@"v_Data"];
我建议您存储密码,使用登录名作为密钥。类似于:acccount_test@test.com / password.
您也可以对密码的 md5 值进行编码以提高安全性