So I was going about implementing AES encryption of data on an iPhone app, when I was puzzled by how to store the encryption key. I can easily enough encrypt data using a user-entered password, the encryption key. However, if I store the key unencrypted, the encryption is useless as anyone with access could easily enough decrypt the data with the readily-available encryption key. I could encrypt the key, but then there would be another unencrypted key floating around and someone could just follow the chain down to the data. It seemed clear that I could not store the key, so I thought that I could have the key be only in the user's mind. It would be very secure, but I would have no way to check if the decryption worked correctly and all data would be lost in the event that the user forgot their password, which is unacceptable.
Essentially, how can I securely store an encryption key for AES?
I'm sure this situation has been encountered before, as other questions have shown, but they seemed web-focused. I am interested in an iPhone-centric solution, potentially using CommonCrypto?