Re: Looking for guidance re: password/credential storage and Core Data
Re: Looking for guidance re: password/credential storage and Core Data
- Subject: Re: Looking for guidance re: password/credential storage and Core Data
- From: Wim Lewis <email@hidden>
- Date: Tue, 3 Nov 2009 12:14:36 -0800
On Nov 3, 2009, at 4:51 AM, David HM Spector wrote:
Is there a pattern commonly followed regarding storage of passwords
or other credential type data in core data..? Given the existence
and security profile of the KeyChain, it would clearly be best to
keep passwords there, but can I map this into a core data model so
that I keep a reference of some kind to a password (or other
credential, such as an SSH key) thats really stored in the keychain
in the core data model rather than the actual value..?
IMHO the nicest way to do this is to have a keychain item whose
attributes indicate what account it's for (server name, etc.) and then
to do a keychain search based on those attributes when you need the
item. This has a handful of advantages: the Keychain Access app acts
as a password manager GUI for you; the connection between a document
and a keychain item isn't as mysterious and magical; etc.
It's possible to get a persistent reference to a keychain item (a
CFData blob) using SecKeychainItemCreatePersistentReference() or
SecItemCopyMatching(kSecReturnPersistentRef=YES, ...). So you could
store that in Core Data and convert it back to a keychain item ref
when you need it. (I haven't actually used these APIs so I don't know
how functional they are. FYI, the unique item identifier you can get
from SecKeychainItemGetUniqueRecordID() isn't persistent or
transportable.)
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden