Comments (5)
All the data is stored locally using Apple's native Core Data framework. Therefore the keys are stored encrypted and on your device only.
Does this clarify your question?
from pgpro.
Yes, thanks. Good to add it to the documentation, as it is a central question for such an app.
--> I am no expert at all in iOS dev nor in security, but I came across this post: https://security.stackexchange.com/questions/147312/is-data-stored-in-core-data-on-ios-secure
and wonder if storing the private key in the keychain would be more appropriate ?
from pgpro.
I did consider storing the private keys in the iOS Keychain. What made me decide against it, is that Apple encourages users (maybe it's even the default?) to sync the Keychain via iCloud.
While this happens end-to-end encrypted, one cannot be certain that Apple doesn't (have to) have a master key.
(This is also the reason why there is currently no option to "remember" the passphrases for private keys.)
That said, I am open for discussion on this topic.
from pgpro.
Indeed, the 'weak' point will be if and when data is stored on iCloud, either the Keychain or CoreData database.
It would be interesting to compare how other crypto apps did address this (e.g. https://github.com/status-im).
from pgpro.
It seems that status-im they is using the Keychain and bind the keychain to the device, so to prevent that it can be accessed on iCloud at all:
https://github.com/status-im/status-react/blob/develop/src/status_im/utils/keychain/core.cljs
--> https://developer.apple.com/documentation/security/ksecattraccessiblewhenpasscodesetthisdeviceonly
from pgpro.
Related Issues (20)
- Failed to decode mime content
- Auto derive public key from private key?
- Decryption option to read from QR code HOT 1
- Унок
- И
- Удалил ключ. Как восстановить? HOT 2
- UI Problem
- how to transfer an app to another iphone
- message is invalid
- Недействительное сообщение HOT 1
- Features request: Add file encryption/decryption/signature/verification features
- Show key ids in key list
- Colorize expired keys in all lists
- Automatically select the private key for decryption
- Set a default key pair
- -BEGIN PGP PUBLIC KEY BLOCK-SBCADUR1bT/1nFLHwI9wr8JCNMqUTT5Q9AzeyL3FF OubwXjwr SEOAggv8AWO8PgtcDSZdj0I0htVqvv2bl mF4eCoIcEuYXCTh8qSWе6M48HnP5AsnyGKOKxz Jn! y5M818Kq2k+YwdEfXI fKAbjQdDn5H5e8BRCb8GIh omB8n6SZd7eIUL3DwsHCFqIL6UeWBm5t005aKfx6 8qjrdFxzKu40zfOGWGCngs TL3vABEBAAG0Jm9uaW NACHJvdG9ubWFpbC5jb20+iQFOBBMBCgA4FiEEGA EFAMBOPPSCGwMFCwk IBwMFFQoJCASFFgIDAQACHgl
- Listen opening from me HOT 1
- Email Integration in iOS HOT 1
- Апатиты HOT 1
- Удалила ключ. Помогите срочно восстановить
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pgpro.