marinehero/keychain-swift

Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS.

Helper functions for storing text in Keychain for iOS, OS X, tvOS and WatchOS

[][carthage] [][cocoadocs] [][cocoadocs] [][cocoadocs] [cocoadocs]: http://cocoadocs.org/docsets/KeychainSwift [carthage]: https://github.com/Carthage/Carthage

This is a collection of helper functions for saving text and data in the Keychain. As you probably noticed Apple's keychain API is a bit verbose. This library was designed to provide shorter syntax for accomplishing a simple task: reading/writing text values for specified keys.

What's Keychain?

Keychain is a secure storage. You can store all kind of sensitive data in it: user passwords, credit card numbers, secret tokens etc. Once stored in Keychain this information is only available to your app, other apps can't see it. Besides that, operating system makes sure this information is kept and processed securely. For example, text stored in Keychain can not be extracted from iPhone backup or from its file system. Apple recommends storing only small amount of data in the Keychain. If you need to secure something big you can encrypt it manually, save to a file and store the key in the Keychain.

Setup

There are three ways you can add KeychainSwift to your Xcode project.

Add source (iOS 7+)

Simply add KeychainSwiftDistrib.swift file into your Xcode project.

Setup with Carthage (iOS 8+)

Alternatively, add github "marketplacer/keychain-swift" ~> 3.0 to your Cartfile and run carthage update.

Setup with CocoaPods (iOS 8+)

If you are using CocoaPods add this text to your Podfile and run pod install.

use_frameworks!
pod 'KeychainSwift', '~> 3.0'

Here is how to use KeychainSwift in a WatchKit extension with CocoaPods.

use_frameworks!

target 'YourWatchApp Extension Target Name' do
  platform :watchos, '2.0'
  pod 'KeychainSwift', '~> 3.0'
end

Setup in Swift 1.2 project

Use the previous version of the library.

Usage

Add import KeychainSwift to your source code if you used Carthage or CocoaPods setup methods.

let keychain = KeychainSwift()

keychain.set("hello world", forKey: "my key")

keychain.get("my key")

keychain.delete("my key")

keychain.clear() // Delete everything from app's Keychain

In addition to strings one can set/get NSData objects.

let keychain = KeychainSwift()

keychain.set(nsDataObject, forKey: "my key")

keychain.getData("my key")

Advanced options

Keychain item access

Use withAccess parameter to specify the security level of the keychain storage. By default the .AccessibleWhenUnlocked option is used. It is one of the most restrictive options and provides good data protection.

KeychainSwift().set("Hello world", forKey: "key 1", withAccess: .AccessibleWhenUnlocked)

You can use .AccessibleAfterFirstUnlock if you need your app to access the keychain item while in the background. Note that it is less secure than the .AccessibleWhenUnlocked option.

See the list of all available access options.

Sharing keychain items

In order to share keychain items between apps they need to have common Keychain Groups registered in Capabilities > Keychain Sharing settings. There is no way of sharing a keychain item between the watchOS 2.0 and its paired device: https://forums.developer.apple.com/thread/5938

Keychain access groups

Use accessGroup property to specify an access group that will be used to access keychain items. When access group value is nil all application access groups are being accessed. Access group name is used by all functions: set, get, delete and clear.

In the following example we specify an access group "CS671JRA62.com.myapp.KeychainGroup" that will be used to set, get and delete an item "my key". If there are "my key" items in different access groups they will not be affected unless accessGroup property is set to nil.

let keychain = KeychainSwift()
keychain.accessGroup = "CS671JRA62.com.myapp.KeychainGroup"

keychain.set("hello world", forKey: "my key")
keychain.get("my key")
keychain.delete("my key")
keychain.clear()

Setting key prefix

One can pass a keyPrefix argument when initializing a KeychainSwift object. The string passed in keyPrefix argument will be used as a prefix to all the keys used in set, get, getData and delete methods. I use the prefixed keychain in tests. This prevents the tests from changing the Keychain keys that are used when the app is launched manually.

Note that clear method still clears everything from the Keychain regardless of the prefix used.

let keychain = KeychainSwift(keyPrefix: "myTestKey_")
keychain.set("hello world", forKey: "hello")
// Value will be stored under "myTestKey_hello" key

Check if operation was successful

One can verify if set, delete and clear methods finished successfully by checking their return values. Those methods return true on success and false on error.

if keychain.set("hello world", forKey: "my key") {
  // Keychain item is saved successfully
} else {
  // Report error
}

To get a specific failure reason use the lastResultCode property containing result code for the last operation. See Keychain Services Result Codes.

keychain.set("hello world", forKey: "my key")
if keychain.lastResultCode != noErr { /* Report error */ }

Demo app

Alternative solutions

Here are some other Keychain libraries for iOS.

• DanielTomlinson/Latch
• jrendel/SwiftKeychainWrapper
• kishikawakatsumi/KeychainAccess
• matthewpalmer/Locksmith
• phuonglm86/SwiftyKey
• s-aska/KeyClip
• yankodimitrov/SwiftKeychain

Credits

• The code is based on this example: https://gist.github.com/s-aska/e7ad24175fb7b04f78e7
• Huge thanks to pepibumur for adding OS X, watchOS and tvOS support.

License

Keychain Swift is released under the MIT License.