我对 iOS 钥匙串(keychain)的理解是,它在越狱设备上是不安全的。
我想知道是否有人使用 kSecAccessControlTouchIDAny 将值存储在钥匙串(keychain)中,因为它在 this example from Apple 中使用。 , 如果有额外级别的保护,即使是在越狱设备上?
将文本存储到钥匙串(keychain)中的示例的相关摘录:
- (void)addTouchIDItemAsync {
CFErrorRef error = NULL;
// Should be the secret invalidated when passcode is removed? If not then use kSecAttrAccessibleWhenUnlocked
SecAccessControlRef sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
kSecAccessControlTouchIDAny, &error);
if (sacObject == NULL || error != NULL) {
NSString *errorString = [NSString stringWithFormat:@"SecItemAdd can't create sacObject: %@", error];
self.textView.text = [self.textView.text stringByAppendingString:errorString];
return;
}
/*
We want the operation to fail if there is an item which needs authentication so we will use
`kSecUseNoAuthenticationUI`.
*/
NSData *secretPasswordTextData = [@"SECRET_PASSWORD_TEXT" dataUsingEncoding:NSUTF8StringEncoding];
NSDictionary *attributes = @{
(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService: @"SampleService",
(__bridge id)kSecValueData: secretPasswordTextData,
(__bridge id)kSecUseNoAuthenticationUI: @YES,
(__bridge id)kSecAttrAccessControl: (__bridge_transfer id)sacObject
};
dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
OSStatus status = SecItemAdd((__bridge CFDictionaryRef)attributes, nil);
NSString *message = [NSString stringWithFormat:@"SecItemAdd status: %@", [self keychainErrorToString:status]];
[self printMessage:message inTextView:self.textView];
});
最佳答案
这取决于您如何定义安全。请记住,在越狱设备上,任何 API 都可能受到中间人攻击。所以后端存储机制可能无关紧要。越狱设备上的攻击者可以简单地拦截您对 Keychain API 的调用并读取您传递给它的任何参数。
关于ios - 使用 KeychainTouchID(相对更多)存储的项目在越狱设备上是否安全?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35162592/