Skip to main content
Information Security

Questions tagged [keychain]

Ask Question

For security questions about Apple's Keychain Access app and the keychain file format on macOS and iOS

47 questions
Newest Active Bountied Unanswered
1 vote
1 answer
135 views

Is Android Keystore/iOS Keychain without biometric authentication still secure against physical access attacks?

I'm implementing refresh token storage in a mobile app and trying to understand the practical security differences between these two approaches: Option 1: Hardware-backed storage WITHOUT biometric ...
Tamlyn's user avatar
Tamlyn
  • 185
0 votes
1 answer
99 views

Keychain iOS: info on other users

I am analyzing an iOS mobile application. I discovered that the app saves all logged-in users in the keychain, specifically saving their first name, last name, email, and id_token. This id_token, ...
moskino11's user avatar
moskino11
  • 127
2 votes
0 answers
243 views

Storing encrypted data in iOS keychain

In my Unity app in C# I am using a 3rd party script which allows me store and retrieve data using iOS keychain. The stored data is a private user generated key which is used to encrypt data before ...
Ando's user avatar
Ando
  • 133
4 votes
1 answer
2k views

How can an application, using Apple's Secure Enclave on macOS or TPM on Windows, protect itself from other applications accessing its private keys?

I'm interested in using Apple's Secure Enclave on macOS or TPM on Windows to protect cryptographic keys used by an application from being accessed by other applications running with the same or higher ...
Pathong's user avatar
Pathong
  • 66
1 vote
0 answers
137 views

Password generation algorithm used by MacOS keychain

What algorithm does MacOS use in its keychain system to generate passwords? (using password assistant accessed through keychain app and using Safari keychain). Does it access/is it the GUI for the /...
gamma_ray's user avatar
gamma_ray
  • 11
6 votes
1 answer
721 views

Do passkeys on iCloud Keychain ever exist unencrypted outside the secure enclave?

Regarding Apple's beta feature of storing WebAuthn passkeys in the iCloud Keychain, does anybody know if the unencrypted passkeys ever leave the secure enclave, and get stored in RAM or anything? With ...
Mohamed Hafez's user avatar
Mohamed Hafez
  • 199
0 votes
0 answers
1k views

Storing a private key in android/ios keychain encrypted or not

In my app, the user must use a private key to sign a transaction (on a blockchain). (It is quite common) I am facing questions regarding how to store my user's private key on the device. I am to use a ...
Raphael St's user avatar
Raphael St
  • 101
1 vote
0 answers
294 views

Storing cleartext password in iOS keychain

I'm having a webservice which I'm using for my app. The webservice is using cookies when authenticated. I want to give my users the option to login via TouchID for faster login. Therefore I'm storing ...
Deserializer19's user avatar
Deserializer19
  • 41
1 vote
0 answers
707 views

Export IOS Certificates and Configuration Profiles

Is there anyway to export a configuration profile from an IOS device that you have root on? So I have a device with an MDM profile with login credentials for a wifi network, VPN, and email ...
AppleTechy's user avatar
AppleTechy
  • 11
3 votes
0 answers
725 views

iOS secure enclave and jailbreak

If an iOS device is jailbroken, I understand an attacker cannot extricate key material from the secure enclave. But would they be able to use keys using CryptoKit within the enclave to encrypt a ...
Ranjit Murali's user avatar
Ranjit Murali
  • 31
4 votes
1 answer
2k views

Why is GPG-agent still caching my passphrase?

I can not get gpg to prompt me for my passphrase when I want to decrypt a file. I tried including: default-cache-ttl 0 max-cache-ttl 0 (also flipped the bit to 1) within ~/.gnupg/gpg-agent.conf ...
Chris's user avatar
Chris
  • 171
7 votes
2 answers
1k views

Is it safe to use a stateless authorization mechanism where the clear password is stored on the keychain?

Is it safe to use the following stateless authorization mechanism between a client (iOS & Android) and server? Sign up The client provides an email and password and saves the clear password on ...
Ignasi's user avatar
Ignasi
  • 123
2 votes
2 answers
855 views

What format is an decrypted RSA private key in, specifically in OS X Keychain?

I was trying to extract an un-exportable key from OS X Keychain. I used this tool to extract the key. The tool gives me a hexdump of the private key. An RSA 2048 bit key came out to be 2441 bits, ...
Vegetto's user avatar
Vegetto
  • 23
2 votes
1 answer
296 views

Why does not updating a MacOS keychain password cause applications to become troublesome? [closed]

I've changed my Macbook computer's password in using recovery mode. I'd changed it once normally, then it suddenly "stopped working" (or I started "mis-remembering" it after using it a few times, ...
user avatar
user115702
0 votes
1 answer
686 views

Creating self-signed root CA using MacOS Keychain

I'd like to use MacOS keychain to create a basic Root CA, which will be able to sign CSRs and/or Intermediate CA which will be able to do that. For knowledge purpose, I'd like to create a Root, and ...
Max13's user avatar
Max13
  • 195

15 30 50 per page
1
2 3 4