6

Apple's Documentation says the following:

Protected Unless Open. Files are encrypted. A closed file is inaccessible when the device is locked. After the device is unlocked, your app can open and use the file. If the user has a file open and locks the device (for example, by pressing the sleep button), your app can continue to access the file.

Enabling Store Technologies

And also:

Complete unless already open. The file is encrypted. A closed file is inaccessible while the device is locked. After the user unlocks the device, your app can open the file and use it. If the user locks the device while the file is open, though, your app can continue to access it. Specify the NSDataWritingFileProtectionCompleteUnlessOpen option (NSData) or the NSFileProtectionCompleteUnlessOpen attribute (NSFileManager).

Protecting Data Using On-Disk Encryption

This seems like a great option for allowing me to finish up any remaining work on the file and then closing it myself. What the documentation doesn't say is what happens to the file when I close it. For instance what happens when:

  1. User opens app and opens file within app
  2. User locks device (file remains unprotected because it is open)
  3. App performs remaining operations on file
  4. App closes the file

Now, is the file protected since it is now closed? Or can it be reopened?

4

1 回答 1

3

它使用公钥来确保在设备解锁之前无法打开文件。

受保护,除非打开
(NSFileProtectionCompleteUnlessOpen): 某些文件可能需要在设备锁定时写入。一个很好的例子是在后台下载邮件附件。这种行为是通过使用非对称椭圆曲线加密(ECDH over Curve25519)实现的。除了通常的每个文件密钥外,Data Protection 还会生成一个文件公钥/私钥对。使用文件的私钥和受保护的除非开放类公钥计算共享机密,其对应的私钥受用户密码和设备 UID 保护。每个文件的密钥与此共享密钥的哈希一起包装,并与文件的公钥一起存储在文件的元数据中;然后从内存中擦除相应的私钥。一旦文件关闭,每个文件的密钥也会从内存中擦除。要再次打开文件,共享密钥是使用 Protected unless Open 类的私钥和文件的临时公钥重新创建的;它的哈希用于解包每个文件的密钥,然后用于解密文件。

来自http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf(第 10 页)

于 2013-07-16T05:21:55.253 回答