How to check if something is stored in the iPhone keychain? - iphone

I have this code currently storing the information into the iPhone keychain. How can I check with a simple if statement if there is something under the same name already stored there to prevent double storage and to tell me if this is the first time the user is using the app?
KeychainItemWrapper* keychain = [[KeychainItemWrapper alloc] initWithIdentifier:#"KeychainTest" accessGroup:nil];
[keychain setObject:username.text forKey:(__bridge id)(kSecAttrAccount)];
[keychain setObject:password.text forKey:(__bridge id)(kSecValueData)];
keychain = nil;
usernameAll = [keychain objectForKey:(__bridge id)kSecAttrAccount];
passwordAll = [keychain objectForKey:(__bridge id)kSecValueData];

You won't cause double storage. You will overwrite any existing value.
Create your keychain object, then call objectForKey:. If the result is nil then you know that there is no existing value for the key.
KeychainItemWrapper* keychain = [[KeychainItemWrapper alloc] initWithIdentifier:#"KeychainTest" accessGroup:nil];
if ([keychain objectForKey:(__bridge id)(kSecAttrAccount)]) {
// existing value
} else {
// no existing value
}
Checking to see if a user is using an app for the first time is usually done by writing a value to NSUserDefaults the first time the app is used. On startup, this value is checked. If the value exists, it's not the first run. If you need this check to survive an app deletion and reinstall, then use the keychain instead of NSUserDefaults to store this flag.

Related

Access Keychain elements in different view

I use a Multi View, tabbed app. From the FirstViewController, I use PresentViewController to display LoginViewController.
On LoginViewController, I'm using Keychain to save a username and a password when a user logs in on my app.
KeychainItemWrapper *keychainItem = [[KeychainItemWrapper alloc] initWithIdentifier:#"LoginInfos" accessGroup:nil];
[keychainItem setObject:_password forKey:(__bridge id)(kSecValueData)];
[keychainItem setObject:_pseudo forKey:(__bridge id)(kSecAttrAccount)];
Now, I'd like to be able to check on FirstViewController if something is set in the keychain, and if so, obviously NOT display LoginViewController. But when I try to access the keychain from FirstViewController, even after doing #import 'KeychainItemWrapper.h', I get an error saying I'm using an undeclared identifier 'keychainItem'.
NSString *mdp = [keychainItem objectForKey:(__bridge id)(kSecValueData)];
NSString *username = [keychainItem objectForKey:(__bridge id)(kSecAttrAccount)];
How can I access the info stored in the Keychain from another view? And is there a better solution (for eg, a global variable?) to check if a user is logged in?
It sounds like you just need to initialize an instance of KeychainItemWrapper in your FirstViewController... Just do:
KeychainItemWrapper *keychainItem = [[KeychainItemWrapper alloc] initWithIdentifier:#"LoginInfos" accessGroup:nil];
again before you try retrieving values from it.

iOS Keychain occasionally return empty string

I write very secure application (for Bank) and I keep the private key in the Keychain.
I keep the Private key using the following code:
+(void)savePrivatekey:(NSString *)Key
{
KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:#"pKey" accessGroup:nil];
[keychain setObject:Key forKey:(id)kSecValueData];
[keychain release];
}
and for get the private key using the following code:
+(NSString *)privateKey
{
KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:#"pKey"accessGroup:nil];
NSString *privateKey = [keychain objectForKey:(id)kSecValueData];
[keychain release];
return privateKey;
}
i don't save the private key in local variable from security reasons.
because every call to server I need the private key i call to to function
"GetPrivateKey" a lot of times.
Maybe that's why sometimes i get from the keychain empty string.
i can't think of why this might happen.
I noticed that in most cases this happens when the application return from background but no only...
thanks...
I opened ticket at Apple's engineers and they responded to me:
Are you setting the kSecAttrAccessible attribute when you create the keychain item initially?
I always create the same shape keychain:
KeychainItemWrapper * keychain = [[KeychainItemWrapper alloc] initWithIdentifier: # "pKey" accessGroup: nil];
Does anyone know what their intent?
thanks...
I answered my own question a while back regarding this. I'm not sure if this is your exact problem as your code seems to look/work fine. So regarding your keychain access, I'm guessing it is a bit different. This may or may not help, but might steer you in the right direction.
iOS KeyChain not retrieving values from background
If your class is using ARC the following works for me every time.
KeychainItemWrapper *testKeychain = [[KeychainItemWrapper alloc] initWithIdentifier:#"AppUniqueID" accessGroup:nil];
NSString *privateKey = [testKeychain objectForKey:(__bridge id)(kSecValueData)];
NSLog(#"Private Key: %# \n", privateKey);

IOS store more than one password in keychain

in my app I can save an read fine 1 password store in the keychain using this code
// save password
[keychainItem setObject:textFieldPassword.text forKey:(__bridge id)(kSecValueData)];
//get pasword from keychain
NSString *_password = [keychainItem objectForKey:(__bridge id)(kSecValueData)];
My question is: how can I store more than 1 password at a time in the keychain?
Keychain programming is hard. I use a wrapper class called SFHFKeychainUtils. It has very simple class methods for storing and retrieving passwords.
Check it out: https://github.com/ldandersen/scifihifi-iphone/tree/master/security
You store items with keys you make up. So you could have #"WiFiPasswordKey", #"LoginPasswordKey", etc.
Thank you all for your answers.
Here the solution I used:
adding to my project the files KeychainItemWrapper.h/m
allocating 2 keychain items:
//aloc for user password
keychainItem = [[KeychainItemWrapper alloc] initWithIdentifier:#"passowrdKey1" accessGroup:nil];
//aloc for user password2
keychainItem2 = [[KeychainItemWrapper alloc] initWithIdentifier:#"passowrdKey1" accessGroup:nil];
then just use this to read/write
//WRITE
// save password
[keychainItem setObject:#"password1" forKey:(__bridge id)(kSecValueData)];
// save password2
[keychainItem2 setObject:#"password2" forKey:(__bridge id)(kSecValueData)];
//READ
//get pasword from keychain
NSString *_pass = [keychainItem objectForKey:(__bridge id)(kSecValueData)];
//get pasword from keychain
NSString *_pass2 = [keychainItem2 objectForKey:(__bridge id)(kSecValueData)];

Reading using Keychain Wrapper class return Null - IOS

I am using Keychainwrapper class downloaded from Apple documentation for storing login information like password. In my apps when user click on sign in button, I am storing in key chain like below...
KeychainItemWrapper *keychainItem = [[KeychainItemWrapper alloc]
initWithIdentifier : #"vmo_login" accessGroup:nil];
[keychainItem setObject:email_id.text forKey:(__bridge NSString*)kSecAttrAccount];
[keychainItem setObject:password.text forKey:(__bridge NSString*)kSecValueData];
And if user click on sign out I am exiting application with exit(1). Once application is launched again, I am reading from keychain like below..
NSString *loc_email1 = [keychainItem objectForKey:(__bridge NSString*)kSecAttrAccount];
NSString *loc_pwd1 = [keychainItem objectForKey:(__bridge NSString*)kSecValueData];
I have not got what I have stored below, it returns NULL. Any Idea?.
thanks.
I have found the problem..
KeychainItemWrapper *keychainItem = [[KeychainItemWrapper alloc]
initWithIdentifier : #"<need to give same as when we write>" accessGroup:nil];
Working fine now.

iOS unique user identifier [duplicate]

This question already has answers here:
UIDevice uniqueIdentifier deprecated - What to do now?
(32 answers)
Closed 8 years ago.
I'm writting an application for iphone, which communicates with my server using REST. The main problem is, I need to identify user somehow. Not so long ago, we were allowed to use UDID, but now its not allowed anymore. So what should I use instead? I need some kind of identifier on iphone, so user will delete application, install it again, and he will get same id.
I used CFUUIDCreate() to create a UUID:
+ (NSString *)GetUUID {
CFUUIDRef theUUID = CFUUIDCreate(NULL);
CFStringRef string = CFUUIDCreateString(NULL, theUUID);
CFRelease(theUUID);
return [(NSString *)string autorelease];
}
Then set the above UUID to my NSString:
NSString *UUID = [nameofclasswhereGetUUIDclassmethodresides UUID];
I then stored that UUID to the Keychain using SSKeyChain
To set the UUID with SSKeyChain:
[SSKeychain setPassword:UUID forService:#"com.yourapp.yourcompany" account:#"user"];
To Retrieve it:
NSString *retrieveuuid = [SSKeychain passwordForService:#"com.yourapp.yourcompany" account:#"user"];
When you set the UUID to the Keychain, it will persist even if the user completely uninstalls the App and then installs it again.
To make sure ALL devices have the same UUID in the Keychain.
Setup your app to use iCloud.
Save the UUID that is in the Keychain to NSUserDefaults as well.
Pass the UUID in NSUserDefaults to the Cloud with Key-Value Data Store.
On App first run, Check if the Cloud Data is available and set the UUID in the Keychain on the New Device.
You now have a Unique Identifier that is persistent and shared/synced with all devices.
Firstly, the UDID is only deprecated in iOS 5. That doesn't mean it's gone (yet).
Secondly, you should ask yourself if you really need such a thing. What if the user gets a new device and installs your app on that? Same user, but the UDID has changed. Meanwhile, the original user might have sold his old device so now a completely new user installs your app and you think it's a different person based on the UDID.
If you don't need the UDID, use CFUUIDCreate() to create a unique ID and save it to the user defaults on the first launch (use CFUUIDCreateString() to convert the UUID to a string first). It will survive backups and restores and even come along with the original user when they switch to a new device. It's in many ways a better option that the UDID.
If you really need a unique device identifier (it doesn't sound like you do), go for the MAC address as pointed out in Suhail's answer.
I was updating my application that was working based only on Unique Identifier which supported iOS 4.3 and above. So,
1) I was unable to use [UIDevice currentDevice].uniqueIdentifier; as it was no longer available
2) I could not use [UIDevice currentDevice].identifierForVendor.UUIDString because it was Available in iOS 6.0 and later only and was unable to use for lower iOS versions.
3) The mac address was not an option as it wasn't allowed in iOS-7
4) OpenUDID was deprecated some time ago and also had issues with iOS-6.
5) Advertisement identifiers were also not available for iOS-5 and below
Finally this was what i did
a) Added SFHFKeychainUtils to the project
b) Generated CFUUID key String
CFUUIDRef cfuuid = CFUUIDCreate(kCFAllocatorDefault);
udidString = (NSString*)CFBridgingRelease(CFUUIDCreateString(kCFAllocatorDefault, cfuuid));
c) Saved it to Key Chain Utils or else it will generate a new Unique Each Time
Final Code
+ (NSString *)GetDeviceID {
NSString *udidString;
udidString = [self objectForKey:#"deviceID"];
if(!udidString)
{
CFUUIDRef cfuuid = CFUUIDCreate(kCFAllocatorDefault);
udidString = (NSString*)CFBridgingRelease(CFUUIDCreateString(kCFAllocatorDefault, cfuuid));
CFRelease(cfuuid);
[self setObject:udidString forKey:#"deviceID"];
}
return udidString;
}
+(void) setObject:(NSString*) object forKey:(NSString*) key
{
NSString *objectString = object;
NSError *error = nil;
[SFHFKeychainUtils storeUsername:key
andPassword:objectString
forServiceName:#"LIB"
updateExisting:YES
error:&error];
if(error)
NSLog(#"%#", [error localizedDescription]);
}
+(NSString*) objectForKey:(NSString*) key
{
NSError *error = nil;
NSString *object = [SFHFKeychainUtils getPasswordForUsername:key
andServiceName:#"LIB"
error:&error];
if(error)
NSLog(#"%#", [error localizedDescription]);
return object;
}
For further Details
Some people want to know more about the different options available, and if you do, take a look at the answer from #NSQuamber.java. If you want to know how to use the NSUUID and sync with iCloud, keep reading. This post ended up being more long-winded than I originally wanted, but I hope that it makes it clear for anyone taking these steps!
Using NSUUID
I use the NSUUID class to create the UUID:
NSUUID *uuid = [NSUUID UUID];
Then to create the string, you only need to call the UUIDString method:
NSString *uuidString = [uuid UUIDString];
or do it in one line:
NSString *uuidString = [[NSUUID UUID] UUIDString];
IMHO, this is much easier than trying to use CFUUIDCreate and have a method you have to maintain.
EDIT: I now use UICKeyChainStore
To set the UUID with UICKeyChainStore:
UICKeyChainStore *keychain = [UICKeyChainStore keyChainStoreWithService:#"com.sample.MyApp"];
keychain[#"com.sample.MyApp.user"] = userID;
To retrieve it:
UICKeyChainStore *keychain = [UICKeyChainStore keyChainStoreWithService:#"com.sample.MyApp"];
NSString *userID = keychain[#"com.sample.MyApp.user"];
I then stored that UUID to the Keychain using SSKeyChain
To set the UUID with SSKeyChain:
[SSKeychain setPassword:userID forService:#"com.sample.MyApp.user" account:#"com.sample.MyApp"];
To retrieve it:
NSString *userID = [SSKeychain passwordForService:#"com.sample.MyApp.user" account:#"com.sample.MyApp"];
When you set the UUID to the Keychain, it will persist even if the user completely uninstalls the App and then installs it again.
Syncing with iCloud
So it's useful to make sure that all the user's devices use the same UUID. This is to ensure that data is synchronized across all the devices, rather than each device thinking it is a unique user.
There were several questions in the comments for my answer on how synchronization would work, so now that I've got it all working, I'll provide more details.
Configuring iCloud/NSUbiquitousKeyValueStore Use
Click on your project at the top of the Project Navigator in Xcode.
Select Capabilities.
Turn on iCloud.
It should now look something like this:
Using NSUbiquitousKeyValueStore
Using iCloud is fairly simple. To write:
// create the UUID
NSUUID *userUUID = [[NSUUID UUID];
// convert to string
NSString *userID = [userUUID UUIDString];
// create the key to store the ID
NSString *userKey = #"com.sample.MyApp.user";
// Save to iCloud
[[NSUbiquitousKeyValueStore defaultStore] setString:userID forKey:userKey];
To read:
// create the key to store the ID
NSString *userKey = #"com.sample.MyApp.user";
// read from iCloud
NSString *userID = [[NSUbiquitousKeyValueStore defaultStore] stringForKey:userKey];
Before you can write the NSUbiquitousKeyValueStore documentation states that you are required to read from iCloud first. To force a read, call the following method:
[[NSUbiquitousKeyValueStore defaultStore] synchronize];
To have your app receive notifications of changes in iCloud, add the following notification:
[[NSNotificationCenter defaultCenter] addObserver:self selector:#selector(iCloudStoreDidChange:)
name:NSUbiquitousKeyValueStoreDidChangeExternallyNotification
object:[NSUbiquitousKeyValueStore defaultStore]];
Creating the UUID with iCloud
Combining NSUUID, SSKeychain and NSUbiquityKeyValueStore, here's my method for generating a user ID:
- (NSUUID *)createUserID {
NSString *userKey = #"com.sample.MyApp.user";
NSString *KEYCHAIN_ACCOUNT_IDENTIFIER = #"com.sample.MyApp";
NSString *userID = [SSKeychain passwordForService:userKey account:KEYCHAIN_ACCOUNT_IDENTIFIER];
if (userID) {
return [[NSUUID UUID] initWithUUIDString:userID];
}
// check iCloud
userID = [[NSUbiquitousKeyValueStore defaultStore] stringForKey:userKey];
if (!userID) {
// none in iCloud, create one
NSUUID *newUUID = [NSUUID UUID];
userID = [newUUID UUIDString];
// save to iCloud
[[NSUbiquitousKeyValueStore defaultStore] setString:userID forKey:userKey];
}
// store the user ID locally
[SSKeychain setPassword:userID forService:userKey account:KEYCHAIN_ACCOUNT_IDENTIFIER];
return [[NSUUID UUID] initWithUUIDString:userID];
}
How to ensure that your User ID is in sync
Because writing to iCloud requires a download of any data in iCloud first, I put the synchronize call at the top of the (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions method. I also added the notification registration there as well. That allows me to detect any changes from iCloud and handle them appropriately.
Here's a sample:
NSString *const USER_KEY = #"com.sample.MyApp.user";
NSString *const KEYCHAIN_ACCOUNT_IDENTIFIER = #"com.sample.MyApp";
- (void)iCloudStoreDidChange:(NSNotification *)notification {
NSDictionary *userInfo = notification.userInfo;
NSNumber *changeReason = userInfo[NSUbiquitousKeyValueStoreChangeReasonKey];
NSArray *keysChanged = userInfo[NSUbiquitousKeyValueStoreChangedKeysKey];
if (changeReason) {
switch ([changeReason intValue]) {
default:
case NSUbiquitousKeyValueStoreServerChange:
case NSUbiquitousKeyValueStoreInitialSyncChange:
// check changed keys
for (NSString *keyChanged in keysChanged) {
NSString *iCloudID = [[NSUbiquitousKeyValueStore defaultStore] stringForKey:keyChanged];
if (![keyChanged isEqualToString:USER_KEY]) {
NSLog(#"Unknown key changed [%#:%#]", keyChanged, iCloudID);
continue;
}
// get the local key
NSString *localID = [SSKeychain passwordForService:keyChanged account:KEYCHAIN_ACCOUNT_IDENTIFIER];
if (!iCloudID) {
// no value from iCloud
continue;
}
// local ID not created yet
if (!localID) {
// save the iCloud value locally
[SSKeychain setPassword:iCloudID forService:keyChanged account:KEYCHAIN_ACCOUNT_IDENTIFIER];
continue; // continue because there is no user information on the server, so no migration
}
if ([iCloudID isEqualToString:localID]) {
// IDs match, so continue
continue;
}
[self handleMigration:keyChanged from:localID to:iCloudID];
}
break;
case NSUbiquitousKeyValueStoreAccountChange:
// need to delete all data and download new data from server
break;
}
}
}
When the application is launched or when it comes back to the foreground, I force a synchronization with iCloud and verify the integrity of the UUIDs.
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
[self configureSecKeyWrapper];
// synchronize data from iCloud first. If the User ID already exists, then we can initialize with it
[[NSUbiquitousKeyValueStore defaultStore] synchronize];
[self checkUseriCloudSync];
}
- (void)applicationWillEnterForeground:(UIApplication *)application {
// synchronize changes from iCloud
[[NSUbiquitousKeyValueStore defaultStore] synchronize];
[self checkUseriCloudSync];
}
- (BOOL)checkUseriCloudSync {
NSString *userKey = #"com.sample.MyApp.user";
NSString *KEYCHAIN_ACCOUNT_IDENTIFIER = #"com.sample.MyApp";
NSString *localID = [SSKeychain passwordForService:userKey account:KEYCHAIN_ACCOUNT_IDENTIFIER];
NSString *iCloudID = [[NSUbiquitousKeyValueStore defaultStore] stringForKey:userKey];
if (!iCloudID) {
// iCloud does not have the key saved, so we write the key to iCloud
[[NSUbiquitousKeyValueStore defaultStore] setString:localID forKey:userKey];
return YES;
}
if (!localID || [iCloudID isEqualToString:localID]) {
return YES;
}
// both IDs exist, so we keep the one from iCloud since the functionality requires synchronization
// before setting, so that means that it was the earliest one
[self handleMigration:userKey from:localID to:iCloudID];
return NO;
}
If which UUID came first matters
In my use case of my UserID, I assumed that the value in iCloud is the one to keep, since it would be the first UUID pushed to iCloud, regardless of which device generated the UUID first. Most of you would probably take the same path, since you won't really care which UUID it resolves to, as long as it resolves to a single one. For those of you who actually care about which came first, I suggest you store both the UUID and the timestamp generation ([[NSDate date] timeIntervalSince1970]) so that you can check to see which one is older:
// using dates
NSDate *uuid1Timestamp = [NSDate dateWithTimeIntervalSince1970:timestamp1];
NSDate *uuid2Timestamp = [NSDate dateWithTimeIntervalSince1970:timestamp2];
NSTimeInterval timeDifference = [uuid1 timeIntervalSinceDate:uuid2Timestamp];
// or just subtract
double timeDifference = timestamp1 - timestamp2;
There is a nice alternative on Github which generates a Unique Identifier based on a combination of Mac Address and the Bundle Identifier which works pretty well: UIDevice-with-UniqueIdentifier-for-iOS-5
In iOS7 Apple has introduced a read only property called "identifierForVendor" in the UIDevice class. If you decide to use it you should make note of the following,
This value could be nil if it is accessed before the user unlocks the device
The value changes when the user deletes all of that vendor’s apps from the device and subsequently reinstalls one or more of them.
The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution.
If you need an identifier for advertising purposes, use the advertisingIdentifier property of ASIdentifierManager. However make note that point one discussed above is still true for this as well.
Source: https://developer.apple.com/library/ios/documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html#//apple_ref/occ/instp/UIDevice/identifierForVendor
This is a hot topic indeed. I have an app that I have to migrate because it used the UDID to name an XML file to be stored on a server. Then the device with the app would connect to the server and download its specific udid.xml and parse it to work.
Ive been thinking that indeed if the user moves to a new device, the app will break. So I really should use something else. The thing is, I don't use a database for the data. The data is simply stored in an xml format, one xml file per device stored on the cloud.
Im thinking the best thing would be to have the user fill out the data on the web, have php create a token on the fly which will not be stored in a database but rather sent to the user. The user can then input the token on the target device and retrieve the xml in question.
That would be my solution to the problem. Not sure how to implement the whole 'creating unique tokens' thing though.