钥匙串 keyChain 存储账号密码

目前我们存储账号密码，一般存在 偏好设置表里，如果明文存储，安全上又有很大隐患，所以今天给大家推荐一种更安全的密码存储方式。

不知道大家是否注意过，当我们使用百度系列的产品时，比如说：我登录上了百度糯米app后，然后我又下载了一个百度云盘，当我打开百度云盘app的时候，我居然自动登录了！这里就是用到了keyChain来保存账号密码，并通过应用组的方式在 应用间共享一套账户密码。

iOS设备中的keyChain是一个安全的存储容器，可以用来为不同应用保存敏感信息（用户名，密码，网络密码等）。同时，keyChain是一个相对独立的空间，当应用替换或删除时并不会删除keyChain的内容，目前看来，使用keyChain来保存用户名和用户密码是最优的解决方案。

本例本着简单易用的原则，提供了一些利用keyChain对账号信息进行增、删、改、查的功能。

先看一下使用：

#import "ViewController.h"#import "GZKeyChain.h"@interface ViewController ()@end@implementation ViewController- (void)viewDidLoad {    [super viewDidLoad];    //保存或更新    [GZKeyChain saveUserName:@"张三" pwd:@"asdfghjkl"];    [GZKeyChain saveUserName:@"lisi" pwd:@"asrtyui"];    [GZKeyChain saveUserName:@"张三" pwd:@"rtghnm,loi"];//会覆盖先前密码    //查询所有用户的账号密码    NSDictionary *dic = [GZKeyChain loadAccountInfo];    NSLog(@"dic = %@",dic);    //查询某一用户的账号密码    NSString *pwd = [GZKeyChain loadPwdForUserName:@"lisi"];    NSLog(@"userPwd = %@",pwd);    //删除某一用户的账号密码    [GZKeyChain removeForUserName:@"张三"];    NSLog(@"dic1 = %@",[GZKeyChain loadAccountInfo]);    //删除所有用户的账号密码    [GZKeyChain removeAll];    NSLog(@"dic2 = %@",[GZKeyChain loadAccountInfo]);}@end

工具实现

// 需要引入 Security 框架

.h

#import <Foundation/Foundation.h>#import <Security/Security.h>@interface GZKeyChain : NSObject/** 保存或更新 用户名、密码 */+ (void)saveUserName:(NSString *)userName pwd:(NSString *)pwd;+ (void)saveUserName:(NSString *)userName pwd:(NSString *)pwd service:(NSString *)service;/** 加载所有 用户名、密码 信息 。    key：用户名， value：密码 */+ (NSDictionary *)loadAccountInfo;+ (NSDictionary *)loadAccountInfoWithService:(NSString *)service;/** 加载某一用户的密码 */+ (NSString *)loadPwdForUserName:(NSString *)userName;+ (NSString *)loadPwdForUserName:(NSString *)userName service:(NSString *)service;/** 移除所有账号信息 */+ (void)removeAll;+ (void)removeAllWithService:(NSString *)service;/** 移除某一账号的密码信息 */+ (void)removeForUserName:(NSString *)userName;+ (void)removeForUserName:(NSString *)userName service:(NSString *)service;@end

.m

#import "GZKeyChain.h"@implementation GZKeyChain+ (NSString *)defaultService{    return [[NSBundle mainBundle] bundleIdentifier] ? : @"";}+ (NSMutableDictionary *)getKeychainQuery:(NSString *)service {    if (!service) service = self.defaultService;    return [NSMutableDictionary dictionaryWithObjectsAndKeys:            (id)kSecClassGenericPassword,(id)kSecClass,            service, (id)kSecAttrService,            service, (id)kSecAttrAccount,            (id)kSecAttrAccessibleAfterFirstUnlock,(id)kSecAttrAccessible,            nil];}#pragma mark 写入+ (void)saveUserName:(NSString *)userName pwd:(NSString *)pwd{    [self saveUserName:userName pwd:pwd service:nil];}+ (void)saveUserName:(NSString *)userName pwd:(NSString *)pwd service:(NSString *)service{    if (![userName isKindOfClass:[NSString class]]) return;    if (!userName || !pwd) return;    NSMutableDictionary *query = [self getKeychainQuery:service];    NSDictionary *results = [self loadAccountInfoWithService:service];    SecItemDelete((CFDictionaryRef)query);    NSMutableDictionary *dataDic = [NSMutableDictionary dictionaryWithDictionary:results ?:@{}];    [dataDic setObject:pwd forKey:userName];    [query setObject:[NSKeyedArchiver archivedDataWithRootObject:dataDic] forKey:(id)kSecValueData];    SecItemAdd((CFDictionaryRef)query, NULL);}#pragma mark 读取+ (NSDictionary *)loadAccountInfo{    return [self loadAccountInfoWithService:nil];}+ (NSDictionary *)loadAccountInfoWithService:(NSString *)service {    id ret = nil;    NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];    [keychainQuery setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];    [keychainQuery setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];    CFDataRef keyData = NULL;    if (SecItemCopyMatching((CFDictionaryRef)keychainQuery, (CFTypeRef *)&keyData) == noErr) {        @try {            ret = [NSKeyedUnarchiver unarchiveObjectWithData:(__bridge NSData *)keyData];        } @catch (NSException *e) {            NSLog(@"Unarchive of %@ failed: %@", service, e);        } @finally {        }    }    if (keyData)        CFRelease(keyData);    return ret;}+ (NSString *)loadPwdForUserName:(NSString *)userName{    return [self loadPwdForUserName:userName service:nil];}+ (NSString *)loadPwdForUserName:(NSString *)userName service:(NSString *)service{    if (!userName) return nil;    NSDictionary *results = [self loadAccountInfoWithService:service];    if (![results isKindOfClass:[NSDictionary class]]) return nil;    return [results objectForKey:userName];}#pragma mark 删除+ (void)removeAll{    [self removeAllWithService:nil];}+ (void)removeAllWithService:(NSString *)service {    NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];    SecItemDelete((CFDictionaryRef)keychainQuery);}+ (void)removeForUserName:(NSString *)userName{    [self removeForUserName:userName service:nil];}+ (void)removeForUserName:(NSString *)userName service:(NSString *)service{    NSDictionary *results = [self loadAccountInfoWithService:service];    if (!results) return;    NSMutableDictionary *dataDic = [NSMutableDictionary dictionaryWithDictionary:results];    [dataDic removeObjectForKey:userName];    NSMutableDictionary *query = [self getKeychainQuery:service];    SecItemDelete((CFDictionaryRef)query);    [query setObject:[NSKeyedArchiver archivedDataWithRootObject:dataDic] forKey:(id)kSecValueData];    SecItemAdd((CFDictionaryRef)query, NULL);}@end

觉得对你有用就给个 star 支持一下吧！详细demo下载

如有问题，欢迎评论交流！