search

ionic-team / cordova-plugin-ios-keychain

Apache Cordova (PhoneGap) plugin
Other
62 stars 44 forks source link

Set and Get value that return null #40

Open maxmoridev opened 3 years ago

maxmoridev commented 3 years ago

Hi, i'm new to iOS and keychain and first i need to understand the usage better, but i need to change a few things because a guy who did some security checks on my app noticed that the app needs to improve the security using the "kSecAttrAccessibleWhenUnlockedThisDeviceOnly" attribute instead of "kSecAttrAccessibleWhenUnlocked" for some keychain items ... he wrote to me: "It was possible to identify an issue with the data stored in the iOS keychain through dumping of keychain data or reading backup data (iTunes)"

So i tried using cordova-plugin-ios-keychain to make a change to the keychain items, but i think i don't understand what is the item/key i should change and if i'm doing it right.

I read Apple documentation and the key that have this possible attribute is "kSecAttrAccessible" , so i try to use the plugin like: this.keychain.get('kSecAttrAccessible') .then(value => console.log('Keychain got value: ', value)) .catch(err => console.log('Keychain Error getting: ',err));

but it return always null value, if i try to set the key like: this.keychain.set('kSecAttrAccessible', 'kSecAttrAccessibleWhenUnlockedThisDeviceOnly').then(() => { this.keychain.get('kSecAttrAccessible') .then(value => console.log('Keychain got value: ', value)) .catch(err => console.log('Keychain Error getting: ',err)); }) .catch(err => console.log('Keychain Error setting: ', err));

the app crash ..

Can you help me? suggest where am I wrong?

I used Ionic Framework v3 with Angular v5.*

mzl1988 commented 3 years ago

I have the same problem ios14

maxmoridev commented 3 years ago

@mzl1988 i was read other issues in the history of this plugin .. so i realized that if you try to set a key without param "useTouchID" ( i set it to false ) the app crashed. After i setted it like: this.keychain.set('kSecAttrAccessible', 'kSecAttrAccessibleWhenUnlockedThisDeviceOnly', false).then(() => { ... it seem to work!

but it's strange, because if i read the code of the plugin i see "useTouchID?: boolean" which means that parameter is optional .. but in reality it is not optional!