Comments (4)
So I don't really have a good answer for you as to the why. Years ago I pulled this code from a Ray Wenderlich tutorial in Objective C (https://www.raywenderlich.com/6475/basic-security-in-ios-5-tutorial-part-1). At the time I didn't have full understanding of the keychain api myself and used the class through several apps, making small changes to it over time, always thinking it would make a good open source library to put out there for other to use. When Swift came out, it was one of the first things I wrote in Swift during the beta as a way to work on learning the language.
So it has evolved over time from that original tutorial, where those values had been encoded and its just not something I've ever considered fully since then.
Do you see a downside to encoding it? The issue with changing it now, is the major migration issues everyone using the wrapper would face for existing keys.
from swiftkeychainwrapper.
Thanks for the background info on this. I agree, it should be changed to use a String. I'll have to think through the best way to do so, but I do like your idea of a legacy story flag. That would be a simple way to address it. I could also do that in conjunction with a fall back, if it attempts to read a key just using a string and can't find it, to try with the encoded key (for users of the wrapper who don't notice the new configuration flag).
from swiftkeychainwrapper.
@jrendel Thank you for the explanation. We will have to figure this one out on our end. Fix of this issue will not help us just for the reason you mentioned, anyway. We already have ~100k users with records with Data
keys (Touch ID protected... bummer...) that we need to somehow migrate.
Couple notes:
- The current status is a bug -
SecAttrAccount
corresponding value should beCFStringRef
,CFDataRef
works by an accident, see: https://developer.apple.com/reference/security/ksecattraccount?language=objc - The solution of the problem could be "versioning" of some kind.
- It could be done on "data level" - projects with old data would read the
Data
, otherwiseString
could be used. This however requires a separate internal Keychain service, just for the sake of the version information storage. - Or - better (?) and easier to implement - versioning could be a configuration option in SDK (for example, a
useLegacyStorage = true
flag).
- It could be done on "data level" - projects with old data would read the
- To give you some context... We discovered the issue during the Keychain data migration. We currently have some keychain items that are protected with Touch ID that were created using the
KeychainWrapper
class. The new library we use needs to work with those keys (we tried to map the Keychain service and accounts), but the new library internally usesString
for the account name - the migration is not easily possible for us. We will have to do it incrementally, as users unlock the Touch ID protected records... The new library we use is a high-level SDK for banking authentication called PowerAuth and it has own implementation of Keychain.
from swiftkeychainwrapper.
I've ran into a bug due to this issue recently when using this library in a MacOS app (I understand that's not officially supported yet). While the current implementations happens to work on iOS apps (I've verified that the Account
value for general password items are set correctly in the keychain sql db), it doesn't work on a MacOS app. On a MacOS app, the general password keychain item gets created without an account value (verifiable via keychain access). Simply changing the value type from data to Strings fixes the issue. I realize it's been a while since this thread was created. Has there been any new insights on a patch? Regarding migration, my limited testing on iOS seems to indicate compatibility with keychains created before the change.
from swiftkeychainwrapper.
Related Issues (20)
- Module compiled with Swift 5.1.3 cannot be imported by the Swift 5.2 compiler HOT 1
- Error trying to install application
- Clear Data HOT 1
- Deprecation warnings for iOS12 HOT 4
- Accessibility is not working HOT 2
- Problem with set(...) in template
- Access Groups clarification HOT 4
- Support for multi platform framework target(tvOS, iOS, macOS) HOT 1
- Can this pod work with Mac Project Catalyst
- SecItemCopyMatching Crash HOT 1
- iOS15 beta clearing keychain HOT 1
- 'NSKeyedUnarchiveFromData' should not be used
- Callback on keychain value change for given key
- I've noticed, that if i store something and immediately retrieve from other function, it not manage to return appropriate value.
- KeyChain access between app and share extension HOT 1
- XCTestCase: set NewValue return False HOT 2
- Incrementing and saving do not work properly HOT 1
- Apple SignIn email is not retrieving
- removeAllKeys does not delete any items that were saved with synchronizable as true
- Receiving "warning: linking against a dylib which is not safe for use in application extensions"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swiftkeychainwrapper.