View on GitHub
SecureKeyValueStorage Class Reference
SecureKeyValueStorage
public class SecureKeyValueStorageThis class offers a key-value storage, where the values are encrypted and the keys are hashed, with a private hashing function. The key-value storage backend cannot link keys or values with others, assuming there are multiple users, using the same backend. If a network is used, an anonymous communication network should be used in order to avoid linkability through traffic data.
Warning
The values are not protected by padding, meaning that the backend provider could still guess the content based on its size.
Warning
There is no access protection of the keys. The sole protection is, that nobody can get your keys. The values are protected by encryption, so confidentiality and integrity are protected, but availability is not. The backend provider, who knows which keys are stored in the backend, could delete or overwrite them.
-
The context that is used for deriving the cryptographic keys from a master key.
Declaration
Swift
public typealias Context = MasterKey.Context -
An error that might occur when storing or retrieving values.
See moreDeclaration
Swift
public enum Error : Swift.Error -
The index used for deriving the key for private hashing from the master key.
Declaration
Swift
private static let HashKeyId: UInt64 -
The index used for deriving the secret key for encrypting values from the master key.
Declaration
Swift
private static let SecretKeyId: UInt64 -
The backend used for storing encrypted values.
Declaration
Swift
let backend: KeyValueStorageBackend -
The secret box used for encrypting values.
Declaration
Swift
let secretBox: SecretBox -
The key used for private hashing.
Declaration
Swift
let hashKey: GenericHash.Key -
Initialize a secure key-value storage with a given backend.
Declaration
Swift
init(with backend: KeyValueStorageBackend, and masterKey: MasterKey, context: Context)Parameters
backendThe backend used for storing encrypted values.
masterKeyThe master key used for deriving they keys for encrypting values and the key used for private hashing.
contextThe context used for deriving the keys from the master key.
-
Initialize a secure key-value storage with a given P-Service.
Declaration
Swift
public convenience init(with service: PrivacyService, and masterKey: MasterKey, context: Context)Parameters
serviceThe P-Service used for storing encrypted values.
masterKeyThe master key used for deriving they keys for encrypting values and the key used for private hashing.
contextThe context used for deriving the keys from the master key.
-
Initialize a secure key-value storage with a given backend and a given persona.
Declaration
Swift
convenience init?(with backend: KeyValueStorageBackend, for persona: Persona, context: Context)Parameters
backendThe backend used for storing encrypted values.
personaThe persona, whose keys are used.
contextThe context used for deriving the keys from the master key of the persona.
Return Value
nilif there is an issue creating or retrieving the persona’s keys from the Keychain. -
Initialize a secure key-value storage with a given P-Service and a given persona.
Declaration
Swift
public convenience init?(with service: PrivacyService, for persona: Persona, context: Context)Parameters
serviceThe P-Service used for storing encrypted values.
personaThe persona, whose keys are used.
contextThe context used for deriving the keys from the master key of the persona.
Return Value
nilif there is an issue creating or retrieving the persona’s keys from the Keychain. -
Perform private hashing on a key (as in key-value).
Declaration
Swift
func encrypt(_ key: Key) -> EncryptedKeyParameters
keyThe key (as in key-value).
Return Value
A private hash.
-
Encrypt a value.
Declaration
Swift
func encrypt(_ value: Value) -> EncryptedValueParameters
valueThe plaintext value.
Return Value
The encrypte value.
-
Decrypt a value.
Throws
failedToDecryptif the value could not be decrypted.Declaration
Swift
func decrypt(_ encrytedValue: EncryptedValue) throws -> ValueParameters
encryptedValueThe encrypted value.
Return Value
The plaintext value.
-
Store a value in the key-value storage for a given key. The value will be encrypted. Both the original key and the plaintext value cannot be accessed by the backend.
Example
storage.store(key: "My PIN", value: Data("1234".utf8)) { optionalError in if let error = optionalError { // TODO Handle error } }Declaration
Swift
public func store(value: Value, for key: Key, finished: @escaping (Swift.Error?) -> Void)Parameters
valueThe value that should be stored.
keyThe key that identifies the value.
finishedA closure that is called asynchronuously once the operation is finished.
errorAn optional error that might have occurred during storing.
-
Retrieve a value from the key-value storage for a given key. The value, which is stored encrypted at the backend, will be automatically decrypted.
Example
storage.retrieve(for: "My PIN") { optionalValue, optionalError in precondition((optionalValue != nil) == (optionalError != nil)) guard let value = optionalValue else { let error = optionalError! // TODO Handle error return } // Success, do something with `value` }Postcondition
(
value=nil) ⊻ (error=nil)Declaration
Swift
public func retrieve(for key: Key, finished: @escaping (Value?, Swift.Error?) -> Void)Parameters
keyThe key that identifies the value.
finishedA closure that is called asynchronuously once the operation is finished.
valueThe value if no error occurred,
nilelse.errorAn optional error that might have occurred during storing.
-
Remove the value from the key-value storage for a given key.
Example
storage.remove(key: "name") { optionalError in if let error = optionalError { // TODO Handle error } }Declaration
Swift
public func remove(for key: KeyValueStorage.Key, finished: @escaping (Swift.Error?) -> Void)Parameters
keyThe key that identifies the value.
finishedA closure that is called asynchronuously once the operation is finished.
errorAn optional error that might have occurred during storing.