SlideShare a Scribd company logo
1 of 33
Download to read offline
iOS 안전하게
KeyChain.
키키킼
흰
민디
KeyChain 🔑
한번 살펴볼게요.
Why
use
KeyChain
What
is
KeyChain
Using
KeyChain
😈 🧐 😎
앱 안의 수많은 개인정보
😈
😈
😈 😈
😈
😈
😈
😈
😈
😈
똑같은 비밀번호를 여러 곳에 사용합니까?
여러 개의 계정에 (모든 계정은 아니지만)
같은 비밀번호를 사용한다
모든 계정에 다 다른 비밀번호를 사용한다
모든 계정에 같은 비밀번호를 사용한다
Online Security Survey by Google / Harris Poll
편리한 사용자 경험 VS. 개인정보 보호
KeyChain.
Security Framework
🔑 KeyChain
KeyChain
KeyChain Item
KeyChain Item
Add
Search
Update
Delete
let item = SecKeychainItem()X
Add / Search / Update / Delete
KeyChain Item
KeyChain Item
Data
Item Class
Key / Value
Attributes
Item Attribute
Key / Value
query[kSecClass as String] = kSecClassGenericPassword
Class / Attribute - Key : Value
KeyChain Item - Class
Access.
Sharing.
Access Group 가족 앱끼리 비밀 공유하기 🤫
Access Group
특정 그룹 이름으로 태깅된 앱들의 logical collection
Access Group 가족 앱끼리 비밀 공유하기 🤫
🔓
group name
Access Group 가족 앱끼리 비밀 공유하기 🤫
1. KeyChain Access Groups (Optional)
2. Application Identifier
3. Application Groups
Access Group List
System
App
Access Group 비밀 Access Group을 만들어보자 🤫
[$(teamID).com.example.AppOne] AppID
Access Group 가족 앱끼리 비밀 공유하기 🤫
[$(teamID).com.example.AppOne] [$(teamID).com.example.AppTwo]
Access Group 가족 앱끼리 비밀 공유하기 🤫
Access Group 가족 앱끼리 비밀 공유하기 🤫
[$(teamID).com.example.SharedItems,
$(teamID).com.example.AppOne]
[$(teamID).com.example.SharedItems,
$(teamID).com.example.AppTwo]
1. KeyChain Access Groups (Optional)
2. Application Identifier
3. Application Groups
Restricting.
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
kSecAttrAccessible
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
When Passcode Set
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
When Unlocked
After First Unlock
Always
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
Restricting Keychain Access 디바이스 상태에 따라 접근 제어
Wrapper.
Wrapper 사용 복잡혀,,,🤯
Security
대부분 C 언어로 작성
low-level API 🤯
func readPassword() throws -> String {
/*
Build a query to find the item that matches the service, account and
access group.
*/
var query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup:
essGroup)
query[kSecMatchLimit as String] = kSecMatchLimitOne
query[kSecReturnAttributes as String] = kCFBooleanTrue
query[kSecReturnData as String] = kCFBooleanTrue
// Try to fetch the existing keychain item that matches the query.
var queryResult: AnyObject?
let status = withUnsafeMutablePointer(to: &queryResult) {
SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0))
}
// Check the return status and throw an error if appropriate.
guard status != errSecItemNotFound else { throw KeychainError.noPassword }
guard status == noErr else { throw KeychainError.unhandledError(status: status) }
// Parse the password string from the query result.
guard let existingItem = queryResult as? [String : AnyObject],
let passwordData = existingItem[kSecValueData as String] as? Data,
let password = String(data: passwordData, encoding: String.Encoding.utf8)
else {
throw KeychainError.unexpectedPasswordData
}
return password
}
func savePassword(_ password: String) throws {
// Encode the password into an Data object.
let encodedPassword = password.data(using: String.Encoding.utf8)!
do {
// Check for an existing item in the keychain.
try _ = readPassword()
// Update the existing item with the new password.
var attributesToUpdate = [String : AnyObject]()
attributesToUpdate[kSecValueData as String] = encodedPassword as AnyObject?
let query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup:
accessGroup)
let status = SecItemUpdate(query as CFDictionary, attributesToUpdate as CFDictionary)
// Throw an error if an unexpected status was returned.
guard status == noErr else { throw KeychainError.unhandledError(status: status) }
}
static func passwordItems(forService service: String, accessGroup
[KeychainPasswordItem] {
// Build a query for all items that match the service and
var query = KeychainPasswordItem.keychainQuery(withService
query[kSecMatchLimit as String] = kSecMatchLimitAll
query[kSecReturnAttributes as String] = kCFBooleanTrue
query[kSecReturnData as String] = kCFBooleanFalse
// Fetch matching items from the keychain.
var queryResult: AnyObject?
let status = withUnsafeMutablePointer(to: &queryResult) {
SecItemCopyMatching(query as CFDictionary, UnsafeMutab
}
// If no items were found, return an empty array.
guard status != errSecItemNotFound else { return [] }
// Throw an error if an unexpected status was returned.
guard status == noErr else { throw KeychainError.unhandled
// Cast the query result to an array of dictionaries.
guard let resultData = queryResult as? [[String : AnyObjec
KeychainError.unexpectedItemData }
// Create a `KeychainPasswordItem` for each dictionary in
var passwordItems = [KeychainPasswordItem]()
for result in resultData {
guard let account = result[kSecAttrAccount as String]
KeychainError.unexpectedItemData }
let passwordItem = KeychainPasswordItem(service: servi
accessGroup)
passwordItems.append(passwordItem)
Wrapper를 사용하는 이유.
var query = [String : AnyObject]()
query[kSecClass as String] = kSecClassGenericPassword
query[kSecAttrService as String] = service as AnyObject?
Wrapper 사용 복잡혀,,,🤯
Generic Keychain
감사합니다.

More Related Content

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 

Recently uploaded (20)

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 

Featured (20)

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 

[iOS] KeyChain by 흰 & 민디

  • 3. 앱 안의 수많은 개인정보 😈 😈 😈 😈 😈 😈 😈 😈 😈 😈
  • 4. 똑같은 비밀번호를 여러 곳에 사용합니까? 여러 개의 계정에 (모든 계정은 아니지만) 같은 비밀번호를 사용한다 모든 계정에 다 다른 비밀번호를 사용한다 모든 계정에 같은 비밀번호를 사용한다 Online Security Survey by Google / Harris Poll
  • 5. 편리한 사용자 경험 VS. 개인정보 보호
  • 10. KeyChain Item Add Search Update Delete let item = SecKeychainItem()X Add / Search / Update / Delete
  • 11. KeyChain Item KeyChain Item Data Item Class Key / Value Attributes Item Attribute Key / Value query[kSecClass as String] = kSecClassGenericPassword Class / Attribute - Key : Value
  • 15. Access Group 가족 앱끼리 비밀 공유하기 🤫 Access Group 특정 그룹 이름으로 태깅된 앱들의 logical collection
  • 16. Access Group 가족 앱끼리 비밀 공유하기 🤫 🔓 group name
  • 17. Access Group 가족 앱끼리 비밀 공유하기 🤫 1. KeyChain Access Groups (Optional) 2. Application Identifier 3. Application Groups Access Group List System App
  • 18. Access Group 비밀 Access Group을 만들어보자 🤫 [$(teamID).com.example.AppOne] AppID
  • 19. Access Group 가족 앱끼리 비밀 공유하기 🤫 [$(teamID).com.example.AppOne] [$(teamID).com.example.AppTwo]
  • 20. Access Group 가족 앱끼리 비밀 공유하기 🤫
  • 21. Access Group 가족 앱끼리 비밀 공유하기 🤫 [$(teamID).com.example.SharedItems, $(teamID).com.example.AppOne] [$(teamID).com.example.SharedItems, $(teamID).com.example.AppTwo] 1. KeyChain Access Groups (Optional) 2. Application Identifier 3. Application Groups
  • 23. Restricting Keychain Access 디바이스 상태에 따라 접근 제어
  • 24. Restricting Keychain Access 디바이스 상태에 따라 접근 제어 kSecAttrAccessible
  • 25. Restricting Keychain Access 디바이스 상태에 따라 접근 제어 When Passcode Set
  • 26. Restricting Keychain Access 디바이스 상태에 따라 접근 제어 When Unlocked After First Unlock Always
  • 27. Restricting Keychain Access 디바이스 상태에 따라 접근 제어
  • 28. Restricting Keychain Access 디바이스 상태에 따라 접근 제어
  • 30. Wrapper 사용 복잡혀,,,🤯 Security 대부분 C 언어로 작성 low-level API 🤯
  • 31. func readPassword() throws -> String { /* Build a query to find the item that matches the service, account and access group. */ var query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup: essGroup) query[kSecMatchLimit as String] = kSecMatchLimitOne query[kSecReturnAttributes as String] = kCFBooleanTrue query[kSecReturnData as String] = kCFBooleanTrue // Try to fetch the existing keychain item that matches the query. var queryResult: AnyObject? let status = withUnsafeMutablePointer(to: &queryResult) { SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0)) } // Check the return status and throw an error if appropriate. guard status != errSecItemNotFound else { throw KeychainError.noPassword } guard status == noErr else { throw KeychainError.unhandledError(status: status) } // Parse the password string from the query result. guard let existingItem = queryResult as? [String : AnyObject], let passwordData = existingItem[kSecValueData as String] as? Data, let password = String(data: passwordData, encoding: String.Encoding.utf8) else { throw KeychainError.unexpectedPasswordData } return password } func savePassword(_ password: String) throws { // Encode the password into an Data object. let encodedPassword = password.data(using: String.Encoding.utf8)! do { // Check for an existing item in the keychain. try _ = readPassword() // Update the existing item with the new password. var attributesToUpdate = [String : AnyObject]() attributesToUpdate[kSecValueData as String] = encodedPassword as AnyObject? let query = KeychainPasswordItem.keychainQuery(withService: service, account: account, accessGroup: accessGroup) let status = SecItemUpdate(query as CFDictionary, attributesToUpdate as CFDictionary) // Throw an error if an unexpected status was returned. guard status == noErr else { throw KeychainError.unhandledError(status: status) } } static func passwordItems(forService service: String, accessGroup [KeychainPasswordItem] { // Build a query for all items that match the service and var query = KeychainPasswordItem.keychainQuery(withService query[kSecMatchLimit as String] = kSecMatchLimitAll query[kSecReturnAttributes as String] = kCFBooleanTrue query[kSecReturnData as String] = kCFBooleanFalse // Fetch matching items from the keychain. var queryResult: AnyObject? let status = withUnsafeMutablePointer(to: &queryResult) { SecItemCopyMatching(query as CFDictionary, UnsafeMutab } // If no items were found, return an empty array. guard status != errSecItemNotFound else { return [] } // Throw an error if an unexpected status was returned. guard status == noErr else { throw KeychainError.unhandled // Cast the query result to an array of dictionaries. guard let resultData = queryResult as? [[String : AnyObjec KeychainError.unexpectedItemData } // Create a `KeychainPasswordItem` for each dictionary in var passwordItems = [KeychainPasswordItem]() for result in resultData { guard let account = result[kSecAttrAccount as String] KeychainError.unexpectedItemData } let passwordItem = KeychainPasswordItem(service: servi accessGroup) passwordItems.append(passwordItem) Wrapper를 사용하는 이유. var query = [String : AnyObject]() query[kSecClass as String] = kSecClassGenericPassword query[kSecAttrService as String] = service as AnyObject?