Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
As far as I know, NSURLCredentialStorage is just a wrapper for the keychain services with a more convenient API. Which is why I’d like to use it. But I also want to take advantage of the Data Protection feature kSecAttrAccessibleWhenUnlockedThisDeviceOnly that keychain offers.
Is there a way to set this attribute when using NSURLCredentialStorage to store credentials?
Turns out the answer is Yes, kind of. I looked into the keychain item that
NSURLCredentialStoragecreated. It is of the classkSecClassInternetPasswordand has the access keykSecAttrAccessibleset to “ak”, which iskSecAttrAccessibleWhenUnlocked. So the password is not decrypted while the device is locked.The only downside is that
NSURLCredentialStoragedoesn’t offer a way to change that tokSecAttrAccessibleWhenUnlockedThisDeviceOnlyto get an additional level of security for your backed-up data. You could only change that attribute manually on the keychain item using the lower level keychain APIs (i.e.SecItemUpdate).