1 Introduction
In iOS development, we will use more or less Keychainservice to store the user's account password, certificate, or other important information.
According to Apple's introduction, iOS devices
Keychainis a secure storage container (encrypted database), can be used for different App save account passwords, certificates or authentication tokens, and so on.
KeychainIt is a system-level service, even if Appthe uninstall before Appsaving in Keychainthe project will not be cleared unless the device Brush. It is particularly used in identifierForVendor+Keychainplace of solutions device ID. In addition Keychainalso supports Appshared between saved in Keychainthe project, but only shared the same developer account Appshared between. The article will introduce me to Keychianshare relevant experience.
2, Keychain substantially using
For Keychainbasic use introduction I will not do, a lot of online tutorials. It can be combined with official GenericKeychain sample project learning.
Since the native KeychainAPI to use more complicated, so I recommend using a combination of third-party framework to simplify Keychainthe process.
Recommended KeychainFramework:
In addition, attach official on Keychaina number of Demo, facilitate learning:
3, Keychain share
3.1 understand the form of data organization Keychain
First you need to understand, Keychainthe Itemare in accordance with Keychain Access Group(access group) to group access, isolated from each other between the different groups. Figure 3-1 shows two App: AppOne and AppTwo, AppOne only one access group $(teamID).com.example.AppOne, and AppTwo only one access group $(teamID).com.example.AppTwo, access group they belong to different so isolated from each other.
3.2, Keychain Access Group specification
Format as access group: $(teamID).$(组名)group name written preferably in the form of reverse DNS
example:
Suppose team ID is: S5VDKE9N8V, a group named: com.example.AppOne
the access group is written as:S5VDKE9N8V.com.example.AppOne
Question: Where do you see the team ID?
- Open https://developer.apple.com
- Select
Accountand log in account - Select the
Membershiptab to view account information, shown in Figure 3-2, which is the team ID Team ID
Figure 3-2
3.3, App default access group
Each App can have multiple access groups, and has its own default access group.
In the period before the application distribution code signing application, Xcode will automatically prefixed with your team ID and composite applications Bundle Identifier(for example: com.example.AppOne) is stored as a string app ID. This system will be app IDused as the application name and private access group included in the group access to an array of application. The following form:
[$(teamID).com.example.AppOne]
Since the application ID in all applications is unique, and because the application is stored in the ID code signing entitlement protected, so no other application can use it, so no other application in the group. This access and storage group together any keychain itemsare AppOne specific. Similarly, if you have a second application, it Bundle Identifieris com.example.AppTwo, it automatically has their own private group.
[$(teamID).com.example.AppTwo]
Therefore, by default, each application keychain itemsis still isolated from each other and other applications. As described above in Figure 3-1.
3.3, open Keychain share
As the default, each application keychain itemswith other applications isolated from each other, so if you want two applications to share keychain items, you can add both to the same Keychainaccess group. By enabling each application in Xcode Keychain Sharingto do this function, and in each case a group name to add public access to your keychain group list. For example, using a common access group name: com.example.SharedItems. Figure 3-3:
After the above function is enabled AppOne, an array of applications that access group will become:
[$(teamID).com.example.SharedItems,
$(teamID).com.example.AppOne]
If you have access to the same group will also add to AppTwo, its access group becomes an array of applications:
[$(teamID).com.example.SharedItems,
$(teamID).com.example.AppTwo]
Thus, AppOne and AppTwo will overlap region shared project, as shown in FIG 3-4
note:
AppOne and AppTwo must belong to the same developer, how can not or can not share
AppOne not explicitly in
Keychain Sharingadded to the list of access groupscom.example.AppOne, because if not open Keychain Sharing function also automatically add a signature before Xcode package, AppTwo as well. (Application has its own default private access in each group)If AppTwo in
Keychain Sharingthe list of access groups are addedcom.example.AppOne, even if AppOne not open in XcodeKeychain Sharingfunction, AppTwo would still be able to read AppOne use the default private group (com.example.AppOne) keychain items stored, and vice versa. So there is no concept of absolute private keychain Sharing in the Keychain .-
Do not go out to modify the $ entitlements file access group (AppIdentifierPrefix) for their own team ID, because Xcode will automatically handle package before signing
Figure 3-5 In addition, you must use the Keychain in real machine environment, the problem will somehow appear in the simulator environment.
Incidentally attach their KeychainSharing Demo , only to learn reference.
Q: What $ (AppIdentifierPrefix) yes?
A: Actually $ (AppIdentifierPrefix) is the team ID, such as a registration in time will find the App ID App ID Prefix is the team ID, as shown below
