How can we store a username-password combination in keychain in encrypted format

问题

I need to implement offline login in my application.Currently I am storing passwords in keychain which have been used to login at least once when the app is online.But right now I am not checking the username password combination. If I have multiple users for a single device , storing only passwords won't be enough. So Can anyone of you suggest something which can be done with no security breaches.

回答1:

I suggest you to store the password, using the login as a key. something like : acccount_test@test.com / password.

You can encode the md5 value of the passcode to improve security too

回答2:

you can use NSURLCredential depend on this link

Store

NSURLCredential *credential;

credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent];
[[NSURLCredentialStorage sharedCredentialStorage] setCredential:credential forProtectionSpace:self.loginProtectionSpace];

Get Store Data

NSURLCredential *credential;
NSDictionary *credentials;

credentials = [[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:self.loginProtectionSpace];
credential = [credentials.objectEnumerator nextObject];
NSLog(@"User %@ already connected with password %@", credential.user, credential.password);

回答3:

You can save it in the device Keychain which designed to save sensitive information. Download a wrapper from this Ray Wenderlich tutorial and encrypt the password with sha512

#import "KeychainWrapper.h"
#include <CommonCrypto/CommonDigest.h>

-(void)createSHA512andSaveToKeychain:(NSString*)unencryptedPasswd {
    const char *passwdBytes= [unencryptedPasswd cStringUsingEncoding:NSUTF8StringEncoding];
    NSData *passwordData = [NSData dataWithBytes:passwdBytes length:unencryptedPasswd.length];
    uint8_t digest[CC_SHA512_DIGEST_LENGTH];
    CC_SHA512(passwordData.bytes, passwordData.length, digest);
    NSMutableString *encryptedPasswd= [NSMutableString  stringWithCapacity:CC_SHA512_DIGEST_LENGTH * 2];
    for(int i = 0; i < CC_SHA512_DIGEST_LENGTH; i++) {
        [encryptedPasswd appendFormat:@"%02x", digest[i]];
    }

    // Save the password in the device keychain
    KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
    [keychainWrapper mySetObject:encryptedPasswd forKey:(__bridge id)kSecValueData];
    [keychainWrapper writeToKeychain];
}

To retrieve the password:

// Retrieve the pwd from the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
NSString *pwd = [keychainWrapper myObjectForKey:@"v_Data"];

来源：https://stackoverflow.com/questions/41018406/how-can-we-store-a-username-password-combination-in-keychain-in-encrypted-format