9

首先,我观看了 WWDC 2013 关于使用钥匙串保护机密的会议。我想做一个基本的密码存储。观看了整个视频,但在视频的前 10 分钟找到了我需要的内容。看起来很简单,但我并不完全理解数据编码和检索是如何工作的。

问题:在 secItemCopyMatching 之后,我检查了我的 NSData 对象以确保它在将其转换为 NSString 之前不为零。问题是,它总是零。下面是我如何保存钥匙串条目或更新,然后是我如何检索它。任何帮助和解释将不胜感激。

更新(已编辑):果味极客,感谢您的回复。我已经使用 __bridge 更新了下面的代码。我的问题现在归结为,我是否正确存储和检索密码?我都错了还是只是其中之一?我的 NSData 实例始终为零。我正在检查返回代码,并且我的 SecItemAdd 和 SecItemUpdate(当 keychaing 条目存在时)工作正常。我似乎无法检索存储的数据(密码)的字符串值以将其与用户输入的密码进行比较。感谢帮助的家伙和女孩。这是我现在正在做的事情:

更新 #2:(使用 Fruity Geek 的答案和最终工作版本进行编辑。我的编辑仅包括对以下代码的更改。)

设置钥匙串条目:

NSData *secret = [_backupPassword dataUsingEncoding:NSUTF8StringEncoding];
NSDictionary *query = @{
    (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
    (__bridge id)kSecAttrService: twServiceName,
    (__bridge id)kSecAttrAccount: twAccountName,
    (__bridge id)kSecValueData: secret,
};
OSStatus status =
    SecItemAdd((__bridge CFDictionaryRef)query, NULL);

if (status == errSecDuplicateItem) {
    // this item exists in the keychain already, update it
    query = @{
        (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
        (__bridge id)kSecAttrService: twServiceName,
        (__bridge id)kSecAttrAccount: twAccountName,
    };
    NSDictionary *changes = @{
        (__bridge id)kSecValueData: secret,
    };
    status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)changes);
}

从钥匙串中检索密码:

NSDictionary *query = @{
    (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
    (__bridge id)kSecAttrService: twServiceName,
    (__bridge id)kSecAttrAccount: twAccountName,
    (__bridge id)kSecReturnData: @YES,
};
NSData *data = NULL;
CFTypeRef dataTypeRef = (__bridge CFTypeRef)data;
OSStatus status =
    SecItemCopyMatching((__bridge CFDictionaryRef)query, &dataTypeRef);

NSData *data = (__bridge NSData *)dataTypeRef;

NSString *passcode = @"none";
if (status == errSecSuccess) {
    // we found a keychain entry, set the passcode
    if (data)
        passcode = [NSString stringWithUTF8String:[data bytes]];
}

twServiceName 和 twAccountName 是静态 NSString。

As I said, I don't quite what I am doing with __bridge or CFTypeRef. I looked through apples docs, numerous posts here and other sites, but keychain and these terms are brand new to me and I'm still trying to figure it out. Hoping someone here can point out my error and help me understand. Thanks in advance for the help.

iOS 7 / Xcode 5

4

1 回答 1

12

You don't own any of the Core Foundation objects (you didn't create or copy them) and you don't want to retain or release them, so CFBridgingRelease and CFBridgingRetainis incorrect. Use (__bridge id) instead whenever you want to cast to an Objective-C object. 

(__bridge id)kSecAttrService

when should you use __bridge vs. CFBridgingRelease/CFBridgingRetain?

Your data variable and dataTypeRef are two distinct pointers. Only the dataTypeRef was filled with data in SecItemCopyMatching. Cast your CFTypeRef to NSData after it has been populated by SecItemCopyMatching so your data isn't always nil 

CFTypeRef dataTypeRef = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &dataTypeRef);
NSData *data = (__bridge NSData *)dataTypeRef;

You should look more closely at the OSStatus returned by all your SecItem functions calls. There are many possible return codes that are not success. In your case, you are detecting a duplicate item in SecItemAdd - then updating it to the exact same item (doing nothing). Instead, you should try retrieving it first using SecItemCopyMatching. If no match is found, use SecItemAdd. If a match was found, use SecItemUpdate.

The example code from Apple is terrible, not written for ARC and confusing, but it exists. In particular, the writeToKeychain method is what you need. https://developer.apple.com/library/ios/documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html#//apple_ref/doc/uid/TP30000897-CH208-SW1

于 2013-10-09T23:23:23.047 回答