Local Storage in iOS: Keychain
Keychain is a secure storage in iOS. It is used to store sensitive data, such as passwords, credit card numbers, and encryption keys. The Keychain is protected by the device’s passcode, so only the user can access the data that is stored in it.
When should you not use the Keychain?
You should not use the Keychain to store data that is not sensitive. For example, you should not store the user’s name or email address in the Keychain.
What is Encryption algorithm that used in keychain?
The Keychain in iOS uses the AES-256-GCM encryption algorithm to encrypt data. AES-256-GCM is a symmetric encryption algorithm that is considered to be very secure. It uses a 256-bit key to encrypt the data, and it also uses a 96-bit authentication tag to verify the integrity of the data
Advantages of using the Keychain:
- All items saved in keychain are encrypted: The Keychain is a secure storage system that uses the device’s passcode to protect the data that is stored in it. This means that only the user can access the data, even if someone gains physical access to the device.
- There is a lot of open source wrappers with user-friendly Swift APIs: There are many open source libraries that provide Swift APIs for accessing the Keychain. This makes it easy to use the Keychain in your app, even if you are not familiar with the Keychain Services framework.
- Thread safety: The Keychain is thread-safe, which means that multiple threads can access the data that is stored in it at the same time without causing any problems.
Disadvantages of using the Keychain:
- Speed: Reading or saving a lot of information into Keychain can be slow. This is because the Keychain uses encryption to protect the data that is stored in it.
- Not recommended for storing large objects: The Keychain is not recommended for storing large objects. This is because the Keychain has a limited amount of space.
Now let’s take a simple example to explanation How to use it:
import Foundation
import Security
class KeychainExample {
func savePassword(password: String, forAccount account: String) {
// Get the default keychain access group.
let accessGroup = Bundle.main.object(forInfoDictionaryKey: "AppGroup") as? String
// Create a dictionary to store the password.
let keychainItem = [
kSecClass: kSecClassGenericPassword,
kSecAttrAccount: account,
kSecAttrService: "MyApp",
kSecAttrAccessGroup: accessGroup,
kSecValueData: password.data(using: .utf8)!
] as [String: Any]
// Add the password to the keychain.
let status = SecItemAdd(keychainItem as CFDictionary, nil)
if status != errSecSuccess {
print("Error adding password to keychain: \(status)")
}
}
func getPassword(forAccount account: String) -> String? {
// Get the default keychain access group.
let accessGroup = Bundle.main.object(forInfoDictionaryKey: "AppGroup") as? String
// Create a dictionary to fetch the password.
let keychainItem = [
kSecClass: kSecClassGenericPassword,
kSecAttrAccount: account,
kSecAttrService: "MyApp",
kSecAttrAccessGroup: accessGroup,
kSecReturnData: true
] as [String: Any]
var passwordData: Data?
let status = SecItemCopyMatching(keychainItem as CFDictionary, &passwordData)
if status == errSecSuccess {
// The password was found in the keychain.
return String(data: passwordData!, encoding: .utf8)
} else if status == errSecItemNotFound {
// The password was not found in the keychain.
return nil
} else {
// An error occurred.
print("Error getting password from keychain: \(status)")
return nil
}
}
}Two Things must keep in mind about the Keychain:
- It is not a good way to store sensitive data that needs to be accessible across devices.
- It is not a good place to store large amounts of data.
- It can be slow to access, especially if you are trying to access a lot of data.
Finally For more information about Keychain you can look here
Thanks for reading and Don’t forget to follow me for more
