本文介绍了钥匙串 - 安全数据存储的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 我正在开发一个带钥匙串实现的应用程序。我能够创造&将数据保存到钥匙串中。我正在使用Apple提供的 Keychain Wrapper classes 。 根据要求，我必须在KeyChain中实现最佳安全性（安全团队指出了失误，例如它在Jail-broken设备上的可访问性）。 / p> 有人可以给我指示吗？解决方案我还实施了钥匙串在应用程序中返回使用您引用的相同Wrapper，但当然需要进行大量修改。 基本上Keychain非常安全。根据Apple的说法，它是一个加密的容器保存多个应用程序的安全信息，这意味着当钥匙串被锁定时，没有人可以访问其受保护的内容。 在iOS中，只有创建钥匙串的应用程序才能访问它。 根据Apple的文档，iOS可以选择内存缓存或磁盘缓存。 但是从iOS 4.xx ++，它只是磁盘缓存（dunno）为什么），因此总是创建一个 sqlite数据库，其中钥匙串中的所有数据都存储在对应于特定标识符的位置。 Sqlite DB可以被黑客攻击在root或Jail-broken设备上。 保护钥匙串 1添加安全关键字 kSecAttrAccessibleWhenUnlockedThisDeviceOnly 在添加或者时更新方法中钥匙串中的数据 SecItemUpdate & SecItemAdd 。 类似于： - - （void）writeToKeychain { NSDictionary * attributes = NULL; NSMutableDictionary * updateItem = NULL; OSStatus结果; if（SecItemCopyMatching（（CFDictionaryRef）genericPasswordQuery，（CFTypeRef *）& attributes）== noErr） { updateItem = [NSMutableDictionary dictionaryWithDictionary：attributes]; [updateItem setObject：[genericPasswordQuery objectForKey：（id）kSecClass] forKey：（id）kSecClass]; NSMutableDictionary * tempCheck = [self dictionaryToSecItemFormat：keychainItemData]; [tempCheck removeObjectForKey：（id）kSecClass]; #if TARGET_IPHONE_SIMULATOR [tempCheck removeObjectForKey：（id）kSecAttrAccessGroup]; #endif [updateItem setObject：（id）kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey：（id）kSecAttrAccessible]; result = SecItemUpdate（（CFDictionaryRef）updateItem，（CFDictionaryRef）tempCheck）; NSAssert（结果== noErr，@无法更新钥匙串项目。）; CFRelease（属性）; } else { [keychainItemData setObject：（id）kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey：（id）kSecAttrAccessible]; result = SecItemAdd（（CFDictionaryRef）[self dictionaryToSecItemFormat：keychainItemData]，NULL）; NSAssert（结果== noErr，@无法添加钥匙串项目。）; } } 2在添加到钥匙串之前加密数据.I使用AES-128加密。 还要确保用于加密的密钥是RSA密钥。（由SSL Web服务发送）。 注意： - 钥匙串数据存储在 /private/var/Keychains/keychain-2.db 文件。 希望它可以帮到你。 I am developing an application with keychain implementation . i am able to create & Save data into keychain . I am using the Keychain Wrapper classes provided By Apple.According to requirement , I have to implement best possible Security in the KeyChain (The security team pointed out lapses , such as it's accessibility on Jail-broken devices).Could Someone give me direction? 解决方案 I had also Implemented keychain in application long Back using the same Wrapper you cited , but , of course with a lot of modifications.Basically Keychain is quite secure .According to Apple , it's an encrypted container that holds secure information for multiple applications ,which means that when the keychain is locked, no one can access its protected contents .In iOS , only the application creating the keychain can access it.According to Apple's documentation , iOS can choose to Memory-Cache or Disk Cache it.But from iOS 4.xx++ , it's only disk-cached(dunno why) , thus always creating asqlite DB , where all the data in the keychain are stored corresponding to a particular Identifier.The Sqlite DB Can be Hacked on rooted or Jail-broken devices.To Secure the Keychain1 Add the security keyword "kSecAttrAccessibleWhenUnlockedThisDeviceOnly" while adding or updating the data in keychain on the methods "SecItemUpdate" & "SecItemAdd".Something like :-- (void)writeToKeychain{ NSDictionary *attributes = NULL; NSMutableDictionary *updateItem = NULL; OSStatus result; if (SecItemCopyMatching((CFDictionaryRef)genericPasswordQuery, (CFTypeRef *)&attributes) == noErr) { updateItem = [NSMutableDictionary dictionaryWithDictionary:attributes]; [updateItem setObject:[genericPasswordQuery objectForKey:(id)kSecClass] forKey:(id)kSecClass]; NSMutableDictionary *tempCheck = [self dictionaryToSecItemFormat:keychainItemData]; [tempCheck removeObjectForKey:(id)kSecClass];#if TARGET_IPHONE_SIMULATOR [tempCheck removeObjectForKey:(id)kSecAttrAccessGroup];#endif [updateItem setObject:(id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(id)kSecAttrAccessible]; result = SecItemUpdate((CFDictionaryRef)updateItem, (CFDictionaryRef)tempCheck); NSAssert( result == noErr, @"Couldn't update the Keychain Item." ); CFRelease(attributes); } else { [keychainItemData setObject:(id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(id)kSecAttrAccessible]; result = SecItemAdd((CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL); NSAssert( result == noErr, @"Couldn't add the Keychain Item." ); }}2 Encrypt the data before Adding to the Keychain .I used AES-128 Encryption. Also ensure that the key used for Encryption is RSA key.(sent by SSL Web Service ).NOTE :-The Keychain Data is stored in the /private/var/Keychains/keychain-2.db file on the iPhone.Hope it helps you. 这篇关于钥匙串 - 安全数据存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！