View on GitHub
SecureKeyValueStorage Class Reference
SecureKeyValueStorage
public class SecureKeyValueStorageThis class offers a key-value storage, where the values are encrypted and the keys are hashed, with a private hashing function. The key-value storage backend cannot link keys or values with others, assuming there are multiple users, using the same backend. If a network is used, an anonymous communication network should be used in order to avoid linkability through traffic data.
Warning
The values are not protected by padding, meaning that the backend provider could still guess the content based on its size.
Warning
There is no access protection of the keys. The sole protection is, that nobody can get your keys. The values are protected by encryption, so confidentiality and integrity are protected, but availability is not. The backend provider, who knows which keys are stored in the backend, could delete or overwrite them.
-
The context that is used for deriving the cryptographic keys from a master key.
Declaration
Swift
public typealias Context = MasterKey.Context -
An error that might occur when storing or retrieving values.
See moreDeclaration
Swift
public enum Error : Swift.Error -
Initialize a secure key-value storage with a given P-Service.
Declaration
Swift
public convenience init(with service: PrivacyService, and masterKey: MasterKey, context: Context)Parameters
serviceThe P-Service used for storing encrypted values.
masterKeyThe master key used for deriving they keys for encrypting values and the key used for private hashing.
contextThe context used for deriving the keys from the master key.
-
Initialize a secure key-value storage with a given P-Service and a given persona.
Declaration
Swift
public convenience init?(with service: PrivacyService, for persona: Persona, context: Context)Parameters
serviceThe P-Service used for storing encrypted values.
personaThe persona, whose keys are used.
contextThe context used for deriving the keys from the master key of the persona.
Return Value
nilif there is an issue creating or retrieving the persona’s keys from the Keychain.
-
Store a value in the key-value storage for a given key. The value will be encrypted. Both the original key and the plaintext value cannot be accessed by the backend.
Example
storage.store(key: "My PIN", value: Data("1234".utf8)) { optionalError in if let error = optionalError { // TODO Handle error } }Declaration
Swift
public func store(value: Value, for key: Key, finished: @escaping (Swift.Error?) -> Void)Parameters
valueThe value that should be stored.
keyThe key that identifies the value.
finishedA closure that is called asynchronuously once the operation is finished.
errorAn optional error that might have occurred during storing.
-
Retrieve a value from the key-value storage for a given key. The value, which is stored encrypted at the backend, will be automatically decrypted.
Example
storage.retrieve(for: "My PIN") { optionalValue, optionalError in precondition((optionalValue != nil) == (optionalError != nil)) guard let value = optionalValue else { let error = optionalError! // TODO Handle error return } // Success, do something with `value` }Postcondition
(
value=nil) ⊻ (error=nil)Declaration
Swift
public func retrieve(for key: Key, finished: @escaping (Value?, Swift.Error?) -> Void)Parameters
keyThe key that identifies the value.
finishedA closure that is called asynchronuously once the operation is finished.
valueThe value if no error occurred,
nilelse.errorAn optional error that might have occurred during storing.
-
Remove the value from the key-value storage for a given key.
Example
storage.remove(key: "name") { optionalError in if let error = optionalError { // TODO Handle error } }Declaration
Swift
public func remove(for key: KeyValueStorage.Key, finished: @escaping (Swift.Error?) -> Void)Parameters
keyThe key that identifies the value.
finishedA closure that is called asynchronuously once the operation is finished.
errorAn optional error that might have occurred during storing.