vpeschenkov / securedefaults Goto Github PK
View Code? Open in Web Editor NEWElevate the security of your UserDefaults with this lightweight wrapper that adds a layer of AES-256 encryption
License: MIT License
Elevate the security of your UserDefaults with this lightweight wrapper that adds a layer of AES-256 encryption
License: MIT License
I am using older version of SecureDefaults, in the process of upgrading to latest release.
I noticed SecureDefaults.secretObject() function makes use of NSKeyedUnarchiver.unarchiveTopLevelObjectWithData() which was deprecated in iOS 12.0.
Is it safe to use this function as I will be supporting iOS 17.4.1 users as well.
x
in each of the [ ]
)Filling out the following details about bugs will help us solve your issue sooner.
SecureDefaults version:
iOS version:
What you expected to happen
What actually happened
Logs, screenshots, screencast, sample project, funny gif, etc.
Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[__SwiftValue encodeWithCoder:]: unrecognized selector sent to instance 0x600002592800'
terminating with uncaught exception of type NSException
x
in each of the [ ]
)The reason of the crash is the following function:
private func setSecret (_ value: Any?, forKey defaultName: String) { if let value = value { let data = NSKeyedArchiver.archivedData (withRootObject: value) super.set (try? encrypter?.encrypt (data), forKey: defaultName) return } super.set (nil, forKey: defaultName) }
Only NSCoding conforming objects can be stored in NSKeyedArchive as far as I know.
SecureDefaults version: 1.0.7
iOS version: 15.5
It should save the value
crash
If someone was to delete the app off of their device. If they reinstalled the application would these key value pairs still exist and able to be retrieved?
Application crashing if the object against some key is not of Data type, due to force type casting.
private func secretObject(forKey defaultName: String) -> Any?
Above method is to read some object from UserDefaults and its forcefully type casting objects to Data type.
If some older version of App or some other component has stored some other data type object in UserDefaults with same key, then application is crashing.
SecureDefaults version: 1.0.7
iOS version: 15.5
If object fetched from UserDefaults is not of Data type return that object as it is, and return nil if nothing found, although the method is returning Any?
If fetched object is not of Data type application crashes
What actually happened
When installing via carthage update
, I receive the following error message:
Dependency "SecureDefaults" has no shared framework schemes
Totally could be something on my end, but I've tried installing this on a fairly vanilla project w/ Carthage and am receiving this error. Any guidance/hints as to what could be going wrong would be appreciated! π
x
in each of the [ ]
)Filling out the following details about bugs will help us solve your issue sooner.
github "vpeschenkov/SecureDefaults" == 1.0.3
to my Cartfile
carthage update
The framework is downloaded and built.
Error message:
Dependency "SecureDefaults" has no shared framework schemes
Checking into the ~Library/Containers/myapp/Data/Library/Preferences/myappbundleid.plist file (the UserDefaults storage space) of my app, I see an unencrypted value, even though I used SecureDefaults. This kind of defeats the purpose of a secure alternative to stock UserDefaults.
x
in each of the [ ]
)Filling out the following details about bugs will help us solve your issue sooner.
SecureDefaults version: 1.0.6
iOS version: 15.3.1, 15.3, 15.2 (Tested Versions)
SecureDefaults.standard.set("This value will be unencrypted.", forKey: "mykey")
An encrypted, unreadable and secure value.
A completely readable and unencrypted value that could be normally set by UserDefaults.
Demo Project
Demo App SecureDefaults.zip
When using with Xcode 15 there are some deprecation warnings. The wrapper should be updated to the latest interfaces which do not result in compile time warnings when using Xcode 15.
x
in each of the [ ]
)Filling out the following details about bugs will help us solve your issue sooner.
SecureDefaults version: 1.1.0
iOS version: 16.4
Xcode version: 15.0 (15A240d)
No warnings when building.
There are 3-4 deprecation warnings.
Showing All Issues
/<redacted>/SourcePackages/checkouts/SecureDefaults/Sources/SecureDefaults/SecureDefaults.swift:51:45: 'kSecAttrAccessibleAlways' was deprecated in iOS 12.0: Use an accessibility level that provides some user protection, such as kSecAttrAccessibleAfterFirstUnlock
/<redacted>/SourcePackages/checkouts/SecureDefaults/Sources/SecureDefaults/SecureDefaults.swift:265:42: 'unarchiveObject(with:)' was deprecated in iOS 12.0: Use +unarchivedObjectOfClass:fromData:error: instead
/<redacted>/SourcePackages/checkouts/SecureDefaults/Sources/SecureDefaults/SecureDefaults.swift:273:40: 'archivedData(withRootObject:)' was deprecated in iOS 12.0: Use +archivedDataWithRootObject:requiringSecureCoding:error: instead
First of all, thanks for this package! Please forgive me if this question seems uninformed, as I'm somewhat new to iOS development.
I'm wondering how best to use the keychainAccessible
attribute. I see that it can be set after initialization, which I'm glad for, since I'd like to set it to kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
rather than the default of kSecAttrAccessibleAlways
. However, if I change this value after the initial instantiation, I'm met with various crashes such as this one if I set the accessibility before checking if a key is created:
Or this one if I set the accessibility after checking:
As far as I understand, a keychain item's accessibility cannot be modified in place, so I'm not terribly surprised this doesn't Just Workβ’, but is there a way to guard against these crashes? As some additional context, I'm wrapping SecureDefaults to be used in a React Native package, and I'm wondering if there is a way to bubble the [expected?] error to the user so that they can deal with it rather than having a hard requirement that the kSecAttrAccessible
value never be changed for a given suite. Or maybe this will have to be code I'd write outside of SecureDefaults before it is instantiated?
SecureDefaults version: 1.1.0
iOS version: 16.1
suiteName
and some value for keychainAccessible
keychainAccessible
valueNot exactly sure, honestly!
Crash!
I am working in WatchOS, unable to add SecureDefaults pod
What actually happened
-> The platform of the target xxx Watch App
(watchOS 8.0) is not compatible with SecureDefaults (1.1.0)
, which does not support watchOS
.
Can we add watchOS support?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.