我对iOS钥匙串的理解是对越狱设备不安全。
我想知道是否有人使用kSecAccessControlTouchIDAny在this example from Apple中使用- (void)addTouchIDItemAsync {
CFErrorRef error = NULL;
// Should be the secret invalidated when passcode is removed? If not then use kSecAttrAccessibleWhenUnlocked
SecAccessControlRef sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
kSecAccessControlTouchIDAny, &error);
if (sacObject == NULL || error != NULL) {
NSString *errorString = [NSString stringWithFormat:@"SecItemAdd can't create sacObject: %@", error];
self.textView.text = [self.textView.text stringByAppendingString:errorString];
return;
}
/*
We want the operation to fail if there is an item which needs authentication so we will use
`kSecUseNoAuthenticationUI`.
*/
NSData *secretPasswordTextData = [@"SECRET_PASSWORD_TEXT" dataUsingEncoding:NSUTF8StringEncoding];
NSDictionary *attributes = @{
(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService: @"SampleService",
(__bridge id)kSecValueData: secretPasswordTextData,
(__bridge id)kSecUseNoAuthenticationUI: @YES,
(__bridge id)kSecAttrAccessControl: (__bridge_transfer id)sacObject
};
dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
OSStatus status = SecItemAdd((__bridge CFDictionaryRef)attributes, nil);
NSString *message = [NSString stringWithFormat:@"SecItemAdd status: %@", [self keychainErrorToString:status]];
[self printMessage:message inTextView:self.textView];
});
存储一个值,如果有额外的保护级别,即使在越狱设备上也是如此?
将文本存储到钥匙串中的示例的相关摘录:
{{1}}
}
答案 0 :(得分:1)
这取决于您如何定义安全性。请记住,在越狱设备上,任何API都可能受到中间人攻击的影响。因此后端存储机制可能无关紧要。越狱设备上的攻击者可以简单地拦截您对Keychain API的调用,并读取您传递给它的任何参数。