views:

133

answers:

2

I want to create an app which holds sensitive information (imagine it's bank account details, thought it's not). The user enters this information on a form the first time the app starts up. I want this info to be saved, and available, any time the user uses the app (without having to enter a password). However, if the iPhone has a password lock on it, and is stolen, I don't want the data to be easily accessible from the file system.

What is the best way of encrypting or obfuscating the data? There is not a lot of data, just a dozen NSStrings from the UITextFields on the form.

I'm aware there are encryption export restrictions on the iPhone for non-US developers (I am in UK), so I would prefer to avoid going jumping through any of Apple's app submission hoops to get it on the store.

A: 

I don't know if a jailbroken iPhone device lets you read NSUserDefaults from other applications or not. If not, you could just store your information in there instead of as a file.

Alternatively, you could generate some salt based on (but not equal to) the device ID, and simply XOR it with the bytes of the strings. As long as your algorithm to generate the salt isn't trivial and the strings aren't too long, the data will be fairly safe. Without getting into heavier encryption stuff, you can't guarantee too much more than "fairly safe".

Ed Marty
+4  A: 

Why not use the built in Keychain Services? That's what it is for.

EDIT: There an article in SDKDevFAQ.com about Keychain Services that points to a tutorial and sample code on github. Also, check out this blog entry about using the Keychain.

progrmr
Do you know of a good tutorial which uses Keychain for the purposes outlined in my question?
cannyboy
I've added to my answer links to some sample code and discussion about how to use the Keychain.
progrmr