Uploaded byLeeDaheen
943 views

[iOS] KeyChain by 흰 & 민디

iOS Security Framework 의 KeyChain Service 에 대해 알아봅니다.

Embed presentation

Download to read offline
iOS 안전하게 KeyChain. 키키킼 흰 민디
KeyChain 🔑 한번 살펴볼게요. Why use KeyChain What is KeyChain Using KeyChain 😈 🧐 😎
앱 안의 수많은 개인정보 😈 😈 😈 😈 😈 😈 😈 😈 😈 😈
똑같은 비밀번호를 여러 곳에 사용합니까? 여러 개의 계정에 (모든 계정은 아니지만) 같은 비밀번호를 사용한다 모든 계정에 다 다른 비밀번호를 사용한다 모든 계정에 같은 비밀번호를 사용한다 Online Security Survey by Google / Harris Poll
편리한 사용자 경험 VS. 개인정보 보호
KeyChain.
Security Framework 🔑 KeyChain
KeyChain
KeyChain Item
KeyChain Item Add Search Update Delete let item = SecKeychainItem()X Add / Search / Update / Delete
KeyChain Item KeyChain Item Data Item Class Key / Value Attributes Item Attribute Key / Value query[kSecClass as String] = kSecClassGenericPassword Class / Attribute - Key : Value
KeyChain Item - Class
Access.
Sharing.
Access Group 가족 앱끼리 비밀 공유하기 🤫 Access Group 특정 그룹 이름으로 태깅된 앱들의 logical collection
Access Group 가족 앱끼리 비밀 공유하기 🤫 🔓 group name
Access Group 가족 앱끼리 비밀 공유하기 🤫 1. KeyChain Access Groups (Optional) 2. Application Identifier 3. Application Groups Access Group List System App
Access Group 비밀 Access Group을 만들어보자 🤫 [$(teamID).com.example.AppOne] AppID
Access Group 가족 앱끼리 비밀 공유하기 🤫 [$(teamID).com.example.AppOne] [$(teamID).com.example.AppTwo]
Access Group 가족 앱끼리 비밀 공유하기 🤫
Access Group 가족 앱끼리 비밀 공유하기 🤫 [$(teamID).com.example.SharedItems, $(teamID).com.example.AppOne] [$(teamID).com.example.SharedItems, $(teamID).com.example.AppTwo] 1. KeyChain Access Groups (Optional) 2. Application Identifier 3. Application Groups
Restricting.
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
Restricting Keychain Access 디바이스 상태에 따라 접근 제어 kSecAttrAccessible
Restricting Keychain Access 디바이스 상태에 따라 접근 제어 When Passcode Set
Restricting Keychain Access 디바이스 상태에 따라 접근 제어 When Unlocked After First Unlock Always
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
Wrapper.
Wrapper 사용 복잡혀,,,🤯 Security 대부분 C 언어로 작성 low-level API 🤯
func readPassword() throws -> String { /* Build a query to find the item that matches the service, account and access group. */ var query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup: essGroup) query[kSecMatchLimit as String] = kSecMatchLimitOne query[kSecReturnAttributes as String] = kCFBooleanTrue query[kSecReturnData as String] = kCFBooleanTrue // Try to fetch the existing keychain item that matches the query. var queryResult: AnyObject? let status = withUnsafeMutablePointer(to: &queryResult) { SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0)) } // Check the return status and throw an error if appropriate. guard status != errSecItemNotFound else { throw KeychainError.noPassword } guard status == noErr else { throw KeychainError.unhandledError(status: status) } // Parse the password string from the query result. guard let existingItem = queryResult as? [String : AnyObject], let passwordData = existingItem[kSecValueData as String] as? Data, let password = String(data: passwordData, encoding: String.Encoding.utf8) else { throw KeychainError.unexpectedPasswordData } return password } func savePassword(_ password: String) throws { // Encode the password into an Data object. let encodedPassword = password.data(using: String.Encoding.utf8)! do { // Check for an existing item in the keychain. try _ = readPassword() // Update the existing item with the new password. var attributesToUpdate = [String : AnyObject]() attributesToUpdate[kSecValueData as String] = encodedPassword as AnyObject? let query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup: accessGroup) let status = SecItemUpdate(query as CFDictionary, attributesToUpdate as CFDictionary) // Throw an error if an unexpected status was returned. guard status == noErr else { throw KeychainError.unhandledError(status: status) } } static func passwordItems(forService service: String, accessGroup [KeychainPasswordItem] { // Build a query for all items that match the service and var query = KeychainPasswordItem.keychainQuery(withService query[kSecMatchLimit as String] = kSecMatchLimitAll query[kSecReturnAttributes as String] = kCFBooleanTrue query[kSecReturnData as String] = kCFBooleanFalse // Fetch matching items from the keychain. var queryResult: AnyObject? let status = withUnsafeMutablePointer(to: &queryResult) { SecItemCopyMatching(query as CFDictionary, UnsafeMutab } // If no items were found, return an empty array. guard status != errSecItemNotFound else { return [] } // Throw an error if an unexpected status was returned. guard status == noErr else { throw KeychainError.unhandled // Cast the query result to an array of dictionaries. guard let resultData = queryResult as? [[String : AnyObjec KeychainError.unexpectedItemData } // Create a `KeychainPasswordItem` for each dictionary in var passwordItems = [KeychainPasswordItem]() for result in resultData { guard let account = result[kSecAttrAccount as String] KeychainError.unexpectedItemData } let passwordItem = KeychainPasswordItem(service: servi accessGroup) passwordItems.append(passwordItem) Wrapper를 사용하는 이유. var query = [String : AnyObject]() query[kSecClass as String] = kSecClassGenericPassword query[kSecAttrService as String] = service as AnyObject?
Wrapper 사용 복잡혀,,,🤯 Generic Keychain
감사합니다.

More Related Content

PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
SwiftUI - State & Data Flow
byLeeDaheen
 
PDF
Swift - ARC와 메모리 관리
byLeeDaheen
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
SwiftUI - State & Data Flow
byLeeDaheen
 
Swift - ARC와 메모리 관리
byLeeDaheen
 

Recently uploaded

PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
Exploring-AI-Basics in Artificial Intelligence
bysharmilas219546
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Workflow and decision Automation with Flowable
bychakib ch
 
Exploring-AI-Basics in Artificial Intelligence
bysharmilas219546
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 

Featured

PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
PDF
Introduction to Data Science
byChristy Abraham Joy
 
PDF
Time Management & Productivity - Best Practices
byVit Horky
 
PDF
The six step guide to practical project management
byMindGenius
 
PDF
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
byRachelPearson36
 
PDF
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
byApplitools
 
PDF
12 Ways to Increase Your Influence at Work
byGetSmarter
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
Skeleton Culture Code
bySkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
byChristy Abraham Joy
 
Time Management & Productivity - Best Practices
byVit Horky
 
The six step guide to practical project management
byMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
byRachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
byApplitools
 
12 Ways to Increase Your Influence at Work
byGetSmarter
 

[iOS] KeyChain by 흰 & 민디

  • 1.
  • 2.
  • 3.
    앱 안의 수많은개인정보 😈 😈 😈 😈 😈 😈 😈 😈 😈 😈
  • 4.
    똑같은 비밀번호를 여러곳에 사용합니까? 여러 개의 계정에 (모든 계정은 아니지만) 같은 비밀번호를 사용한다 모든 계정에 다 다른 비밀번호를 사용한다 모든 계정에 같은 비밀번호를 사용한다 Online Security Survey by Google / Harris Poll
  • 5.
    편리한 사용자 경험VS. 개인정보 보호
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
    KeyChain Item Add Search Update Delete let item= SecKeychainItem()X Add / Search / Update / Delete
  • 11.
    KeyChain Item KeyChain Item Data ItemClass Key / Value Attributes Item Attribute Key / Value query[kSecClass as String] = kSecClassGenericPassword Class / Attribute - Key : Value
  • 12.
  • 13.
  • 14.
  • 15.
    Access Group 가족앱끼리 비밀 공유하기 🤫 Access Group 특정 그룹 이름으로 태깅된 앱들의 logical collection
  • 16.
    Access Group 가족앱끼리 비밀 공유하기 🤫 🔓 group name
  • 17.
    Access Group 가족앱끼리 비밀 공유하기 🤫 1. KeyChain Access Groups (Optional) 2. Application Identifier 3. Application Groups Access Group List System App
  • 18.
    Access Group 비밀Access Group을 만들어보자 🤫 [$(teamID).com.example.AppOne] AppID
  • 19.
    Access Group 가족앱끼리 비밀 공유하기 🤫 [$(teamID).com.example.AppOne] [$(teamID).com.example.AppTwo]
  • 20.
    Access Group 가족앱끼리 비밀 공유하기 🤫
  • 21.
    Access Group 가족앱끼리 비밀 공유하기 🤫 [$(teamID).com.example.SharedItems, $(teamID).com.example.AppOne] [$(teamID).com.example.SharedItems, $(teamID).com.example.AppTwo] 1. KeyChain Access Groups (Optional) 2. Application Identifier 3. Application Groups
  • 22.
  • 23.
    Restricting Keychain Access디바이스 상태에 따라 접근 제어
  • 24.
    Restricting Keychain Access디바이스 상태에 따라 접근 제어 kSecAttrAccessible
  • 25.
    Restricting Keychain Access디바이스 상태에 따라 접근 제어 When Passcode Set
  • 26.
    Restricting Keychain Access디바이스 상태에 따라 접근 제어 When Unlocked After First Unlock Always
  • 27.
    Restricting Keychain Access디바이스 상태에 따라 접근 제어
  • 28.
    Restricting Keychain Access디바이스 상태에 따라 접근 제어
  • 29.
  • 30.
    Wrapper 사용 복잡혀,,,🤯 Security 대부분C 언어로 작성 low-level API 🤯
  • 31.
    func readPassword() throws-> String { /* Build a query to find the item that matches the service, account and access group. */ var query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup: essGroup) query[kSecMatchLimit as String] = kSecMatchLimitOne query[kSecReturnAttributes as String] = kCFBooleanTrue query[kSecReturnData as String] = kCFBooleanTrue // Try to fetch the existing keychain item that matches the query. var queryResult: AnyObject? let status = withUnsafeMutablePointer(to: &queryResult) { SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0)) } // Check the return status and throw an error if appropriate. guard status != errSecItemNotFound else { throw KeychainError.noPassword } guard status == noErr else { throw KeychainError.unhandledError(status: status) } // Parse the password string from the query result. guard let existingItem = queryResult as? [String : AnyObject], let passwordData = existingItem[kSecValueData as String] as? Data, let password = String(data: passwordData, encoding: String.Encoding.utf8) else { throw KeychainError.unexpectedPasswordData } return password } func savePassword(_ password: String) throws { // Encode the password into an Data object. let encodedPassword = password.data(using: String.Encoding.utf8)! do { // Check for an existing item in the keychain. try _ = readPassword() // Update the existing item with the new password. var attributesToUpdate = [String : AnyObject]() attributesToUpdate[kSecValueData as String] = encodedPassword as AnyObject? let query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup: accessGroup) let status = SecItemUpdate(query as CFDictionary, attributesToUpdate as CFDictionary) // Throw an error if an unexpected status was returned. guard status == noErr else { throw KeychainError.unhandledError(status: status) } } static func passwordItems(forService service: String, accessGroup [KeychainPasswordItem] { // Build a query for all items that match the service and var query = KeychainPasswordItem.keychainQuery(withService query[kSecMatchLimit as String] = kSecMatchLimitAll query[kSecReturnAttributes as String] = kCFBooleanTrue query[kSecReturnData as String] = kCFBooleanFalse // Fetch matching items from the keychain. var queryResult: AnyObject? let status = withUnsafeMutablePointer(to: &queryResult) { SecItemCopyMatching(query as CFDictionary, UnsafeMutab } // If no items were found, return an empty array. guard status != errSecItemNotFound else { return [] } // Throw an error if an unexpected status was returned. guard status == noErr else { throw KeychainError.unhandled // Cast the query result to an array of dictionaries. guard let resultData = queryResult as? [[String : AnyObjec KeychainError.unexpectedItemData } // Create a `KeychainPasswordItem` for each dictionary in var passwordItems = [KeychainPasswordItem]() for result in resultData { guard let account = result[kSecAttrAccount as String] KeychainError.unexpectedItemData } let passwordItem = KeychainPasswordItem(service: servi accessGroup) passwordItems.append(passwordItem) Wrapper를 사용하는 이유. var query = [String : AnyObject]() query[kSecClass as String] = kSecClassGenericPassword query[kSecAttrService as String] = service as AnyObject?
  • 32.
  • 33.