Ios 将字典存储在钥匙链中

可以使用

KeychainItemWrapper

（或不使用）在

iPhone

钥匙链中存储

NSDictionary

？

---

如果不可能，您是否有其他解决方案？

您可以存储任何内容，只需将其序列化即可

NSData *data = [NSKeyedArchiver archivedDataWithRootObject:dictionary];

---

您应该能够将该数据存储在钥匙链中。

编码：

[dic描述]

---

解码：

[dic propertyList]

您必须正确序列化

NSDictionary

，然后才能将其存储到钥匙链中。 使用：

您将得到一个只包含

NSString

对象的

NSDictionary

集合。如果要维护对象的数据类型，可以使用

NSPropertyListSerialization

KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"arbitraryId" accessGroup:nil]
NSString *error;
//The following NSData object may be stored in the Keychain
NSData *dictionaryRep = [NSPropertyListSerialization dataFromPropertyList:dictionary format:NSPropertyListXMLFormat_v1_0 errorDescription:&error];
[keychain setObject:dictionaryRep forKey:kSecValueData];

//When the NSData object object is retrieved from the Keychain, you convert it back to NSDictionary type
dictionaryRep = [keychain objectForKey:kSecValueData];
NSDictionary *dictionary = [NSPropertyListSerialization propertyListFromData:dictionaryRep mutabilityOption:NSPropertyListImmutable format:nil errorDescription:&error];

if (error) {
    NSLog(@"%@", error);
}

---

第二次调用

NSPropertyListSerialization

返回的

NSDictionary

将保持

NSDictionary

集合中的原始数据类型。

我发现钥匙链包装器只需要字符串。甚至连数据都没有。因此，要存储字典，您必须按照Bret的建议执行，但需要额外的步骤将NSData序列化转换为字符串。像这样：

NSString *error;
KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:MY_STRING accessGroup:nil];
NSData *dictionaryRep = [NSPropertyListSerialization dataFromPropertyList:dictToSave format:NSPropertyListXMLFormat_v1_0 errorDescription:&error];
NSString *xml = [[NSString alloc] initWithBytes:[dictionaryRep bytes] length:[dictionaryRep length] encoding:NSUTF8StringEncoding];
[keychain setObject:xml forKey:(__bridge id)(kSecValueData)];

重读：

NSError *error;
NSString *xml = [keychain objectForKey:(__bridge id)(kSecValueData)];
if (xml && xml.length) {
    NSData *dictionaryRep = [xml dataUsingEncoding:NSUTF8StringEncoding];
    dict = [NSPropertyListSerialization propertyListWithData:dictionaryRep options:NSPropertyListImmutable format:nil error:&error];
    if (error) {
        NSLog(@"%@", error);
    }
}

---

使用

KeychainItemWrapper

依赖项需要修改库/示例代码以接受

NSData

作为加密的有效负载，这不是未来的证明。此外，仅为了使用

KeychainItemWrapper

而执行

NSDictionary>NSData>NSString

转换序列是低效的：

KeychainItemWrapper

将字符串转换回

NSData

，以对其进行加密

这里有一个完整的解决方案，它通过直接利用keychain库来解决上述问题。它被实现为一个类别，因此您可以这样使用它：

// to store your dictionary
[myDict storeToKeychainWithKey:@"myStorageKey"];

// to retrieve it
NSDictionary *myDict = [NSDictionary dictionaryFromKeychainWithKey:@"myStorageKey"];

// to delete it
[myDict deleteFromKeychainWithKey:@"myStorageKey"];

以下是分类：

@implementation NSDictionary (Keychain)

-(void) storeToKeychainWithKey:(NSString *)aKey {
    // serialize dict
    NSString *error;
    NSData *serializedDictionary = [NSPropertyListSerialization dataFromPropertyList:self format:NSPropertyListXMLFormat_v1_0 errorDescription:&error];

    // encrypt in keychain
    if(!error) {
        // first, delete potential existing entries with this key (it won't auto update)
        [self deleteFromKeychainWithKey:aKey];

        // setup keychain storage properties
        NSDictionary *storageQuery = @{
            (id)kSecAttrAccount:    aKey,
            (id)kSecValueData:      serializedDictionary,
            (id)kSecClass:          (id)kSecClassGenericPassword,
            (id)kSecAttrAccessible: (id)kSecAttrAccessibleWhenUnlocked
        };
        OSStatus osStatus = SecItemAdd((CFDictionaryRef)storageQuery, nil);
        if(osStatus != noErr) {
            // do someting with error
        }
    }
}


+(NSDictionary *) dictionaryFromKeychainWithKey:(NSString *)aKey {
    // setup keychain query properties
    NSDictionary *readQuery = @{
        (id)kSecAttrAccount: aKey,
        (id)kSecReturnData: (id)kCFBooleanTrue,
        (id)kSecClass:      (id)kSecClassGenericPassword
    };

    NSData *serializedDictionary = nil;
    OSStatus osStatus = SecItemCopyMatching((CFDictionaryRef)readQuery, (CFTypeRef *)&serializedDictionary);
    if(osStatus == noErr) {
        // deserialize dictionary
        NSString *error;
        NSDictionary *storedDictionary = [NSPropertyListSerialization propertyListFromData:serializedDictionary mutabilityOption:NSPropertyListImmutable format:nil errorDescription:&error];
        if(error) {
            NSLog(@"%@", error);
        }
        return storedDictionary;
    }
    else {
        // do something with error
        return nil;
    }
}


-(void) deleteFromKeychainWithKey:(NSString *)aKey {
    // setup keychain query properties
    NSDictionary *deletableItemsQuery = @{
        (id)kSecAttrAccount:        aKey,
        (id)kSecClass:              (id)kSecClassGenericPassword,
        (id)kSecMatchLimit:         (id)kSecMatchLimitAll,
        (id)kSecReturnAttributes:   (id)kCFBooleanTrue
    };

    NSArray *itemList = nil;
    OSStatus osStatus = SecItemCopyMatching((CFDictionaryRef)deletableItemsQuery, (CFTypeRef *)&itemList);
    // each item in the array is a dictionary
    for (NSDictionary *item in itemList) {
        NSMutableDictionary *deleteQuery = [item mutableCopy];
        [deleteQuery setValue:(id)kSecClassGenericPassword forKey:(id)kSecClass];
        // do delete
        osStatus = SecItemDelete((CFDictionaryRef)deleteQuery);
        if(osStatus != noErr) {
            // do something with error
        }
        [deleteQuery release];
    }
}


@end

---

事实上，您可以很容易地修改它，以便在密钥链中存储任何类型的可序列化对象，而不仅仅是一个字典。只需为您要存储的对象创建一个

NSData

表示。

对Dts类别进行了一些小的更改。转换为圆弧并使用NSKeyedArchiver存储自定义对象

@implementation NSDictionary (Keychain)

-(void) storeToKeychainWithKey:(NSString *)aKey {
    // serialize dict
    NSData *serializedDictionary = [NSKeyedArchiver archivedDataWithRootObject:self];
    // encrypt in keychain
        // first, delete potential existing entries with this key (it won't auto update)
        [self deleteFromKeychainWithKey:aKey];

        // setup keychain storage properties
        NSDictionary *storageQuery = @{
                                       (__bridge id)kSecAttrAccount:    aKey,
                                       (__bridge id)kSecValueData:      serializedDictionary,
                                       (__bridge id)kSecClass:          (__bridge id)kSecClassGenericPassword,
                                       (__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleWhenUnlocked
                                       };
        OSStatus osStatus = SecItemAdd((__bridge CFDictionaryRef)storageQuery, nil);
        if(osStatus != noErr) {
            // do someting with error
        }
}


+(NSDictionary *) dictionaryFromKeychainWithKey:(NSString *)aKey {
    // setup keychain query properties
    NSDictionary *readQuery = @{
                                (__bridge id)kSecAttrAccount: aKey,
                                (__bridge id)kSecReturnData: (id)kCFBooleanTrue,
                                (__bridge id)kSecClass:      (__bridge id)kSecClassGenericPassword
                                };

    CFDataRef serializedDictionary = NULL;
    OSStatus osStatus = SecItemCopyMatching((__bridge CFDictionaryRef)readQuery, (CFTypeRef *)&serializedDictionary);
    if(osStatus == noErr) {
        // deserialize dictionary
        NSData *data = (__bridge NSData *)serializedDictionary;
        NSDictionary *storedDictionary = [NSKeyedUnarchiver unarchiveObjectWithData:data];
        return storedDictionary;
    }
    else {
        // do something with error
        return nil;
    }
}


-(void) deleteFromKeychainWithKey:(NSString *)aKey {
    // setup keychain query properties
    NSDictionary *deletableItemsQuery = @{
                                          (__bridge id)kSecAttrAccount:        aKey,
                                          (__bridge id)kSecClass:              (__bridge id)kSecClassGenericPassword,
                                          (__bridge id)kSecMatchLimit:         (__bridge id)kSecMatchLimitAll,
                                          (__bridge id)kSecReturnAttributes:   (id)kCFBooleanTrue
                                          };

    CFArrayRef itemList = nil;
    OSStatus osStatus = SecItemCopyMatching((__bridge CFDictionaryRef)deletableItemsQuery, (CFTypeRef *)&itemList);
    // each item in the array is a dictionary
    NSArray *itemListArray = (__bridge NSArray *)itemList;
    for (NSDictionary *item in itemListArray) {
        NSMutableDictionary *deleteQuery = [item mutableCopy];
        [deleteQuery setValue:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass];
        // do delete
        osStatus = SecItemDelete((__bridge CFDictionaryRef)deleteQuery);
        if(osStatus != noErr) {
            // do something with error
        }
    }
}

@end

---

我将访问组支持和模拟器安全添加到Amols解决方案中：

//
//  NSDictionary+SharedKeyChain.h
//  LHSharedKeyChain
//

#import <Foundation/Foundation.h>

@interface NSDictionary (SharedKeyChain)

/**
 *  Returns a previously stored dictionary from the KeyChain.
 *
 *  @param  key          NSString    The name of the dictionary. There can be multiple dictionaries stored in the KeyChain.
 *  @param  accessGroup  NSString    Access group for shared KeyChains, set to nil for no group.
 *
 *  @return NSDictionary    A dictionary that has been stored in the Keychain, nil if no dictionary for the key and accessGroup exist.
 */
+ (NSDictionary *)dictionaryFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;

/**
 *  Deletes a previously stored dictionary from the KeyChain.
 *
 *  @param  key          NSString    The name of the dictionary. There can be multiple dictionaries stored in the KeyChain.
 *  @param  accessGroup  NSString    Access group for shared KeyChains, set to nil for no group.
 */
+ (void)deleteFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;

/**
 *  Save dictionary instance to the KeyChain. Any previously existing data with the same key and accessGroup will be overwritten.
 *
 *  @param  key          NSString    The name of the dictionary. There can be multiple dictionaries stored in the KeyChain.
 *  @param  accessGroup  NSString    Access group for shared KeyChains, set to nil for no group.
 */
- (void)storeToKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;

@end

---

是的，但是当我读取数据时，我有一个对空NSString的引用。-[KeychainItemWrapper writeToKeychain]”中的断言失败，无法添加Keychain项。然后，您必须提供更多详细信息。“无法添加Keychain项”可能有很多原因。我编辑了代码，以更准确地反映它如何与KeychainItemWrapper一起使用。这将数据存储在

kSecAttrService

中，该字段不是加密字段。我相信您打算在这里使用

kSecValueData

，这是加密的有效负载。由于某些原因，您的代码在ios7中无法工作。会考虑把它更新得更清楚些。例如，您说我们需要使用[dic description]，但在您的示例中没有dic变量。@user798719-如果您想在NSDictionary对象中维护数据类型，我实际上是说不要使用[dic description]和[dic propertyList]。代码不起作用，传递密钥

kSecValueData

的

NSData

会破坏

KeychainItemWrapper

，因为它在内部期望此密钥的值为

NSString

（即密码）。这是因为它需要加密

kSecValueData

的有效负载，在加密之前需要将其转换为

NSData

。因此，

KeychainItemWrapper

已经在内部执行了

[payloadString DataUsingEncode:NSUTF8StringEncoding]

，如果您将

NSData

作为

payloadString

传递，则会将

无法识别的选择器发送到实例异常

。请查看我在本页上的答案以了解更多详细信息和解决方案。并非所有数据都是有效的UTF-8，因此这将不起作用。最好的选择是编码到Base64；在所有XML都以声明UTF-8编码开始之后。我相信苹果在XML中将数据编码为Base64（参见示例）。如果真的失败了，那么你的回退到Base64是个好主意。看起来不错。我使用了你的方法，只是我将deleteFromKeychainWithKey作为一个类方法，这样我也可以在没有字典的情况下执行一般的清理。效果很好。我添加了KeychainItemWrapper中最好的部分。请问如何调用dictionaryFromKeychainWithKey？

//
//  NSDictionary+SharedKeyChain.h
//  LHSharedKeyChain
//

#import <Foundation/Foundation.h>

@interface NSDictionary (SharedKeyChain)

/**
 *  Returns a previously stored dictionary from the KeyChain.
 *
 *  @param  key          NSString    The name of the dictionary. There can be multiple dictionaries stored in the KeyChain.
 *  @param  accessGroup  NSString    Access group for shared KeyChains, set to nil for no group.
 *
 *  @return NSDictionary    A dictionary that has been stored in the Keychain, nil if no dictionary for the key and accessGroup exist.
 */
+ (NSDictionary *)dictionaryFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;

/**
 *  Deletes a previously stored dictionary from the KeyChain.
 *
 *  @param  key          NSString    The name of the dictionary. There can be multiple dictionaries stored in the KeyChain.
 *  @param  accessGroup  NSString    Access group for shared KeyChains, set to nil for no group.
 */
+ (void)deleteFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;

/**
 *  Save dictionary instance to the KeyChain. Any previously existing data with the same key and accessGroup will be overwritten.
 *
 *  @param  key          NSString    The name of the dictionary. There can be multiple dictionaries stored in the KeyChain.
 *  @param  accessGroup  NSString    Access group for shared KeyChains, set to nil for no group.
 */
- (void)storeToKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;

@end

//
//  NSDictionary+SharedKeyChain.m
//  LHSharedKeyChain
//

#import "NSDictionary+SharedKeyChain.h"

@implementation NSDictionary (SharedKeyChain)

- (void)storeToKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;
{
    // serialize dict
    NSData *serializedDictionary = [NSKeyedArchiver archivedDataWithRootObject:self];
    // encrypt in keychain
    // first, delete potential existing entries with this key (it won't auto update)
    [NSDictionary deleteFromKeychainWithKey:key accessGroup:accessGroup];

    // setup keychain storage properties
    NSDictionary *storageQuery = @{
        (__bridge id)kSecAttrAccount: key,
#if TARGET_IPHONE_SIMULATOR
// Ignore the access group if running on the iPhone simulator.
//
// Apps that are built for the simulator aren't signed, so there's no keychain access group
// for the simulator to check. This means that all apps can see all keychain items when run
// on the simulator.
//
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
// simulator will return -25243 (errSecNoAccessForItem).
#else
        (__bridge id)kSecAttrAccessGroup: accessGroup,
#endif
        (__bridge id)kSecValueData: serializedDictionary,
        (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
        (__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleWhenUnlocked
    };
    OSStatus status = SecItemAdd ((__bridge CFDictionaryRef)storageQuery, nil);
    if (status != noErr)
    {
        NSLog (@"%d %@", (int)status, @"Couldn't save to Keychain.");
    }
}


+ (NSDictionary *)dictionaryFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;
{
    // setup keychain query properties
    NSDictionary *readQuery = @{
        (__bridge id)kSecAttrAccount: key,
#if TARGET_IPHONE_SIMULATOR
// Ignore the access group if running on the iPhone simulator.
//
// Apps that are built for the simulator aren't signed, so there's no keychain access group
// for the simulator to check. This means that all apps can see all keychain items when run
// on the simulator.
//
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
// simulator will return -25243 (errSecNoAccessForItem).
#else
        (__bridge id)kSecAttrAccessGroup: accessGroup,
#endif
        (__bridge id)kSecReturnData: (id)kCFBooleanTrue,
        (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword
    };

    CFDataRef serializedDictionary = NULL;
    OSStatus status = SecItemCopyMatching ((__bridge CFDictionaryRef)readQuery, (CFTypeRef *)&serializedDictionary);
    if (status == noErr)
    {
        // deserialize dictionary
        NSData *data = (__bridge NSData *)serializedDictionary;
        NSDictionary *storedDictionary = [NSKeyedUnarchiver unarchiveObjectWithData:data];
        return storedDictionary;
    }
    else
    {
        NSLog (@"%d %@", (int)status, @"Couldn't read from Keychain.");
        return nil;
    }
}


+ (void)deleteFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup;
{
    // setup keychain query properties
    NSDictionary *deletableItemsQuery = @{
        (__bridge id)kSecAttrAccount: key,
#if TARGET_IPHONE_SIMULATOR
// Ignore the access group if running on the iPhone simulator.
//
// Apps that are built for the simulator aren't signed, so there's no keychain access group
// for the simulator to check. This means that all apps can see all keychain items when run
// on the simulator.
//
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
// simulator will return -25243 (errSecNoAccessForItem).
#else
        (__bridge id)kSecAttrAccessGroup: accessGroup,
#endif
        (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
        (__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll,
        (__bridge id)kSecReturnAttributes: (id)kCFBooleanTrue
    };

    CFArrayRef itemList = nil;
    OSStatus status = SecItemCopyMatching ((__bridge CFDictionaryRef)deletableItemsQuery, (CFTypeRef *)&itemList);
    // each item in the array is a dictionary
    NSArray *itemListArray = (__bridge NSArray *)itemList;
    for (NSDictionary *item in itemListArray)
    {
        NSMutableDictionary *deleteQuery = [item mutableCopy];
        [deleteQuery setValue:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass];
        // do delete
        status = SecItemDelete ((__bridge CFDictionaryRef)deleteQuery);
        if (status != noErr)
        {
            NSLog (@"%d %@", (int)status, @"Couldn't delete from Keychain.");
        }
    }
}

@end