These days at school, chances are high that your first contact with programming was with C#, just like it was C, C++ or Java years before. Maybe you made some “Hello World!” application for the text console or used WPF to “design” your UI and then do something on a button’s click. That’s all fascinating but you don’t really see why you would put further effort into this. And so the basic C# knowledge sits there in the back of your head, waiting to be resurrected.
What’s this about?
Today, I have updated an old piece of code I wrote long ago when I started with Xamarin.iOS – back then still known as MonoTouch and I thought, why not let the world know? Maybe some folks might find the code useful.
In this article we will deal with accessing the iOS keychain and how to store and retrieve passwords.
In this post I’m going to walk you through a tutorial that will show you the basics of Apple’s new SpriteKit API for iOS7. To follow the tutorial, you will need basic knowledge of iOS application development and C# / Xamarin.iOS.
To build the demo project, you will need Xamarin.iOS 7 (Indie Edition will do), Xcode 5 and iOS SDK7.
If you don’t know what SpriteKit is all about, you can check out the details on Apple’s developer pages (a developer account is required to access them): SpriteKit introduction
For all you eager-beavers who cannot wait to download the project before even knowing what it is all about, here’s the link:
Let’s have a look at what we’re going to build:
Some folks may recognize the ball: it’s the good old Amiga Boing Ball from the 1980s! I found a perfect remake of its animation at the AmigaLog where the images can be downloaded. Very well done and perfect for our little tutorial.
Of course we want to tweak things a bit in order to show SpriteKit’s abilities, so my version has an option to let it snow – not just because it’s already close to that time of year, but mainly to demonstrate the use of particle effects:
CoinSitter is an expense tracking application for iPhone.
Where did my money go? Yesterday I had $50 in my wallet and today only $20 is left!
“CoinSitter” allows you to store your expenses quickly. The application is optimized for efficient input and offers you:
- See expenses sorted by date.
- Search functionality for expenses and categories.
- Categories are created on the fly while you type.
- Categories are offered in a quick selection menu.
- Statistics about your expenses grouped by years and months.
Find it on the Apple App Store at: https://itunes.apple.com/us/app/coinsitter/id603109671?l=de&ls=1&mt=8
You can send me an email if you need support: firstname.lastname@example.org
For quite a while I’ve been trying to figure out the whole truth about hardware encryption, data protection and keychain protection on iOS4 in combination with iPhone 3GS, iPhone 4 or iPad.
Starting with iPhone 3GS a hardware encryption chip is build into the device. Great! But what does it mean to me as a developer? How can I make use of all of this encrypting and masquerading?
First off, one needs to understand how all the encryption business works on iOS devices.
Best thing to do is to watch Episode 209: “Securing Application Data” from Apple’s WWDC 2010 conference (http://developer.apple.com/videos/wwdc/2010/) – note that you have to be a registered iOS developer to access the videos.
Next, navigate to http://anthonyvance.com/blog/forensics/ios4_data_protection/ and read the infos there.
Then understand the iOS devices’ different folders by going through this document
Now you’re set.
For me a few questions remained unanswered even after watching the video and reading dozens of articles on the web. I will try to answer them now as good as I can using my findings:
- The keychain allows defining a class “available when unlocked, this device only” which prevents a keychain record from getting transferred to another device using backup/restore. To my understanding there is nothing similar for files, or is there? How can I prevent FILE data being restored on another device?
- NSData allows storing files with protection and NSFileManager allows changing the security class of an existing file. I wonder if there are any disadvantages if I first store the file unencrypted and the use NSFileManager to change the class?
- If the user does not specify a PIN or passcode, there does not seem to be real protection. Does that mean, data is encrypted using the device key only, as introduced with the 3GS?
- If I change my PIN, what has to be re-encrypted by the OS? All of the encrypted files?
- Is there evidence that a PIN/or password protected device’s content which was protected using the “protect always” has been successfully hacked?
- My device contains files which are stored in encrypted format. If now I make a backupof my device in iTunes and do not select to encrypt and password protect that backup, are my backed up files still which were encrypted on the device still secure?
I have just updated this post a bit. Storing a password now supports data encryption. This means you can specify when the stored password is accessible (e.g. only if the device is unlocked).
After searching the web a lot I could not find a resource providing examples on how to store a password securely on an iOS device. StackOverflow.com pointed me to the iOS’s KeyChain and I found this example which does the magic using ObjectiveC:https://github.com/ldandersen/scifihifi-iphone/
As I want to give the community something back I offer a MonoTouch implementation inspired by to code referenced above for download here.
My code contains three static methods:
/// <summary> /// Deletes a username/password record. /// </summary> /// <param name="sUsername">the username to query. May not be NULL.</param> /// <param name="sService">the service description to query. May not be NULL.</param> /// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns> public static SecStatusCode DeletePasswordForUsername ( string sUsername, string sService ) /// <summary> /// Sets a password for a specific username. /// </summary> /// <param name="sUsername">the username to add the password for. May not be NULL.</param> /// <param name="sPassword">the password to associate with the record. May not be NULL.</param> /// <param name="sService">the service description to use. May not be NULL.</param> /// <param name="eSecAccessible">defines how the keychain record is protected</param> /// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns> public static SecStatusCode SetPasswordForUsername ( string sUsername, string sPassword, string sService, SecAccessible eSecAccessible ) /// <summary> /// Gets a password for a specific username. /// </summary> /// <param name="sUsername">the username to query. May not be NULL.</param> /// <param name="sService">the service description to use. May not be NULL.</param> /// <returns> /// The password or NULL if no matching record was found. /// </returns> public static string GetPasswordForUsername ( string sUsername, string sService )
You can find the demo project on Github: https://github.com/Krumelur/iOSPasswordStorage