On Nov 3, 2009, at 4:51 AM, David HM Spector wrote:
Is there a pattern commonly followed regarding storage of passwords or other credential type data in core data..? Given the existence and security profile of the KeyChain, it would clearly be best to keep passwords there, but can I map this into a core data model so that I keep a reference of some kind to a password (or other credential, such as an SSH key) thats really stored in the keychain in the core data model rather than the actual value..?
IMHO the nicest way to do this is to have a keychain item whose attributes indicate what account it's for (server name, etc.) and then to do a keychain search based on those attributes when you need the item. This has a handful of advantages: the Keychain Access app acts as a password manager GUI for you; the connection between a document and a keychain item isn't as mysterious and magical; etc.
It's possible to get a persistent reference to a keychain item (a CFData blob) using SecKeychainItemCreatePersistentReference() or SecItemCopyMatching(kSecReturnPersistentRef=YES, ...). So you could store that in Core Data and convert it back to a keychain item ref when you need it. (I haven't actually used these APIs so I don't know how functional they are. FYI, the unique item identifier you can get from SecKeychainItemGetUniqueRecordID() isn't persistent or transportable.)
_______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
