keychain keys are not cleared

evgenyneu / keychain-swift

Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS.

MIT License

2.85k stars 345 forks source link

keychain keys are not cleared #144

Open ihassanalattas opened 3 years ago

ihassanalattas commented 3 years ago

When I uninstall the app and reinstall it again the keys are still exists

Library setup method: Swift Package Manager.
Version of the library: 19.0.0.
Xcode version: 12.0 (12A7209).
OS version: iOS 14.0.

evgenyneu commented 3 years ago

HI @ihassanalattas, thanks for reporting this. I noticed this as well, Keychain is not removed when the app is uninstalled.

ChrisMarshallNY commented 3 years ago

Is this a bug, or is it the way the keychain is supposed to work? I am not an expert in keychain, so forgive my naiveté.

The keychain is designed to distribute across iCloud, so I assume that it has some persistence.

evgenyneu commented 3 years ago

Not sure if it's a bug or a feature of Keychain. It persists locally after the app is removed, so probably not related to iCloud.

josh150 commented 3 years ago

That's how the Keychain works.

If you want your Keychain values to be tied to an app install you need to add a salt to your key and store that locally. This way you lose access to the key when the app is removed.

The general idea is:

let baseKey = UUID().uuidString
UserDefaults.standard.setValue(baseKey, forKey: "jwtKeyBase")

keychain.set(token, forKey: "jwt-\(baseKey)")

That said, it could be a nice feature for this package to provide this option of a two-stage key.

bitops commented 2 years ago

This Apple Developer forums thread has more information related to what @josh150 wrote above.