SecureKeyValueStorage
public class SecureKeyValueStorage
This class offers a key-value storage, where the values are encrypted and the keys are hashed, with a private hashing function. The key-value storage backend cannot link keys or values with others, assuming there are multiple users, using the same backend. If a network is used, an anonymous communication network should be used in order to avoid linkability through traffic data.
Warning
The values are not protected by padding, meaning that the backend provider could still guess the content based on its size.
Warning
There is no access protection of the keys. The sole protection is, that nobody can get your keys. The values are protected by encryption, so confidentiality and integrity are protected, but availability is not. The backend provider, who knows which keys are stored in the backend, could delete or overwrite them.
-
The context that is used for deriving the cryptographic keys from a master key.
Declaration
Swift
public typealias Context = MasterKey.Context
-
An error that might occur when storing or retrieving values.
See moreDeclaration
Swift
public enum Error : Swift.Error
-
The index used for deriving the key for private hashing from the master key.
Declaration
Swift
private static let HashKeyId: UInt64
-
The index used for deriving the secret key for encrypting values from the master key.
Declaration
Swift
private static let SecretKeyId: UInt64
-
The backend used for storing encrypted values.
Declaration
Swift
let backend: KeyValueStorageBackend
-
The secret box used for encrypting values.
Declaration
Swift
let secretBox: SecretBox
-
The key used for private hashing.
Declaration
Swift
let hashKey: GenericHash.Key
-
Initialize a secure key-value storage with a given backend.
Declaration
Swift
init(with backend: KeyValueStorageBackend, and masterKey: MasterKey, context: Context)
Parameters
backend
The backend used for storing encrypted values.
masterKey
The master key used for deriving they keys for encrypting values and the key used for private hashing.
context
The context used for deriving the keys from the master key.
-
Initialize a secure key-value storage with a given P-Service.
Declaration
Swift
public convenience init(with service: PrivacyService, and masterKey: MasterKey, context: Context)
Parameters
service
The P-Service used for storing encrypted values.
masterKey
The master key used for deriving they keys for encrypting values and the key used for private hashing.
context
The context used for deriving the keys from the master key.
-
Initialize a secure key-value storage with a given backend and a given persona.
Declaration
Swift
convenience init?(with backend: KeyValueStorageBackend, for persona: Persona, context: Context)
Parameters
backend
The backend used for storing encrypted values.
persona
The persona, whose keys are used.
context
The context used for deriving the keys from the master key of the persona.
Return Value
nil
if there is an issue creating or retrieving the persona’s keys from the Keychain. -
Initialize a secure key-value storage with a given P-Service and a given persona.
Declaration
Swift
public convenience init?(with service: PrivacyService, for persona: Persona, context: Context)
Parameters
service
The P-Service used for storing encrypted values.
persona
The persona, whose keys are used.
context
The context used for deriving the keys from the master key of the persona.
Return Value
nil
if there is an issue creating or retrieving the persona’s keys from the Keychain. -
Perform private hashing on a key (as in key-value).
Declaration
Swift
func encrypt(_ key: Key) -> EncryptedKey
Parameters
key
The key (as in key-value).
Return Value
A private hash.
-
Encrypt a value.
Declaration
Swift
func encrypt(_ value: Value) -> EncryptedValue
Parameters
value
The plaintext value.
Return Value
The encrypte value.
-
Decrypt a value.
Throws
failedToDecrypt
if the value could not be decrypted.Declaration
Swift
func decrypt(_ encrytedValue: EncryptedValue) throws -> Value
Parameters
encryptedValue
The encrypted value.
Return Value
The plaintext value.
-
Store a value in the key-value storage for a given key. The value will be encrypted. Both the original key and the plaintext value cannot be accessed by the backend.
Example
storage.store(key: "My PIN", value: Data("1234".utf8)) { optionalError in if let error = optionalError { // TODO Handle error } }
Declaration
Swift
public func store(value: Value, for key: Key, finished: @escaping (Swift.Error?) -> Void)
Parameters
value
The value that should be stored.
key
The key that identifies the value.
finished
A closure that is called asynchronuously once the operation is finished.
error
An optional error that might have occurred during storing.
-
Retrieve a value from the key-value storage for a given key. The value, which is stored encrypted at the backend, will be automatically decrypted.
Example
storage.retrieve(for: "My PIN") { optionalValue, optionalError in precondition((optionalValue != nil) == (optionalError != nil)) guard let value = optionalValue else { let error = optionalError! // TODO Handle error return } // Success, do something with `value` }
Postcondition
(
value
=nil
) ⊻ (error
=nil
)Declaration
Swift
public func retrieve(for key: Key, finished: @escaping (Value?, Swift.Error?) -> Void)
Parameters
key
The key that identifies the value.
finished
A closure that is called asynchronuously once the operation is finished.
value
The value if no error occurred,
nil
else.error
An optional error that might have occurred during storing.
-
Remove the value from the key-value storage for a given key.
Example
storage.remove(key: "name") { optionalError in if let error = optionalError { // TODO Handle error } }
Declaration
Swift
public func remove(for key: KeyValueStorage.Key, finished: @escaping (Swift.Error?) -> Void)
Parameters
key
The key that identifies the value.
finished
A closure that is called asynchronuously once the operation is finished.
error
An optional error that might have occurred during storing.