granoff / strongbox Goto Github PK
View Code? Open in Web Editor NEWStrongbox is a Swift utility class for storing data securely in the keychain. Use it to store small, sensitive bits of data securely.
License: MIT License
Strongbox is a Swift utility class for storing data securely in the keychain. Use it to store small, sensitive bits of data securely.
License: MIT License
Could you please change
public func unarchive(objectForKey key:String) -> Any? {
guard let data = self.data(forKey: key) else {
return nil
}
let unarchiver = NSKeyedUnarchiver(forReadingWith: data as Data)
return unarchiver.decodeObject(forKey: key)
}
to
public func unarchive(objectForKey key:String) -> Any? throws {
guard let data = self.data(forKey: key) else {
return nil
}
let unarchiver = NSKeyedUnarchiver(forReadingWith: data as Data)
return unarchiver.decodeTopLevelObject(forKey: key)
It allows to catch the exception in case of failure to decode data
.
In my case module name was changed (it's being used as kind of workspace) and I got crash
when trying to decode the object encoded with old module name.
Error Domain=NSCocoaErrorDomain Code=4864 "*** -[NSKeyedUnarchiver decodeObjectForKey:]: cannot decode object of class (MyOldTargetName.MyClass) for key (root); the class may be defined in source code or a library that is not linked" UserInfo={NSDebugDescription=*** -[NSKeyedUnarchiver decodeObjectForKey:]: cannot decode object of class (MyOldTargetName.MyClass) for key (root); the class may be defined in source code or a library that is not linked}
Thanks in advance.
I want to store a dictionary that stores a custom enum and a bool. How exactly do I make that conform to NSSecureCoding?
Any plans of supporting Swift Package Manager? ๐
https://cocoapods.org/pods/Strongbox references 0.3.1; however, the latest version is 0.4.0. Please publish 0.4.0 to Cocoa Pods.
in Strongbox.swift
Line 73
let archiver = NSKeyedArchiver(forWritingWith: data)
'init(forWritingWith:)' was deprecated in iOS 12.0: Use -initRequiringSecureCoding: instead
and Line 95:
let unarchiver = NSKeyedUnarchiver(forReadingWith: data as Data)
'init(forReadingWith:)' was deprecated in iOS 12.0: Use -initForReadingFromData:error: instead
I know this can work with iOS 9 but I can't get it to with the deployment only set for iOS 10 on cocoapods spec.
if let token = sb.unarchive(objectForKey: "token") as? String {
.. if correct token segue to logged in screen
} else{
segue to non-logged in screen
}
I have a issue while using strongbox when launching my app for the first time. When there is no token found, I cannot segue to another screen. The problem is not that the segue is not initiated (I even override the prepare(for segue ..) function and code inside this is even executed. The next viewcontroller however is never displayed.
This problem is solved when I manually add a valid token, or when I add a random string (E.G. " " ) to the archive.
How can I resolve this issue?
I would love to see this have Carthage support :)
How to write a function to perform deleting a particular key value in Keychains
My AppDelegate's didFinishLaunchingWithOptions
only has this code:
if let existingUser = Strongbox().unarchive(objectForKey: "currentUserAccount") as? [String:String] {
Singleton.shared.currentUser = (existingUser["username"]!,existingUser["cookievalue"]!,existingUser["cookie"]!)
}
In testing this has worked mostly fine. But sometimes I have noticed a bit slowness but haven't been able to consistently reproduce this.
Today, my app got rejected with this crashlog:
exhausted real (wall clock) time allowance of 19.85 seconds
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libsystem_kernel.dylib 0x00000001f7dae0f4 0x1f7d96000 + 98548
1 libsystem_kernel.dylib 0x00000001f7dad5a0 0x1f7d96000 + 95648
2 libdispatch.dylib 0x00000001f7c13880 0x1f7bfc000 + 96384
3 libdispatch.dylib 0x00000001f7c13d10 0x1f7bfc000 + 97552
4 libxpc.dylib 0x00000001f7e72a04 0x1f7e68000 + 43524
5 Security 0x00000001f8e83edc 0x1f8e58000 + 179932
6 Security 0x00000001f8e8445c 0x1f8e58000 + 181340
7 Security 0x00000001f8eda414 0x1f8e58000 + 533524
8 Security 0x00000001f8ed92f4 0x1f8e58000 + 529140
9 Security 0x00000001f8ed7c60 0x1f8e58000 + 523360
10 Security 0x00000001f8ed85f4 0x1f8e58000 + 525812
11 Security 0x00000001f8eda31c 0x1f8e58000 + 533276
12 Security 0x00000001f8ed6284 0x1f8e58000 + 516740
13 Security 0x00000001f8ed89dc 0x1f8e58000 + 526812
14 AppName 0x00000001010af1b0 Strongbox.data(forKey:) + 405936 (Strongbox.swift:140)
15 AppName 0x00000001010aeae4 Strongbox.unarchive(objectForKey:) + 404196 (Strongbox.swift:83)
It seems that the unarchiving is taking too long.
I read through a few issues on SO and keychain related slowness is apparently a common issue. This one in particular seemed interesting:
https://stackoverflow.com/questions/10536859/ios-keychain-not-retrieving-values-from-background
So I have changed kSecAttrAccessibleWhenUnlocked
to kSecAttrAccessibleAfterFirstUnlock
in Strongbox and am resubmitting the app to see if it goes through. Something you might want to change in the library too as kSecAttrAccessibleWhenUnlocked
is too restrictive imo.
Docs say:
kSecAttrAccessibleAfterFirstUnlock Item data can only be
accessed once the device has been unlocked after a restart. This is
recommended for items that need to be accesible by background
applications. Items with this attribute will migrate to a new device
when using encrypted backups.kSecAttrAccessibleWhenUnlocked Item data can only be accessed
while the device is unlocked. This is recommended for items that only
need be accesible while the application is in the foreground. Items
with this attribute will migrate to a new device when using encrypted
backups.
So kSecAttrAccessibleWhenUnlocked
might cause issues for developers who try to access strongbox when the device is not unlocked (think of notification center widgets, notifications etc).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.