Collaborate Disseminate
This question might have an obvious answer but I think a clear explanation is a missing piece on the internet.
Isn’t it (or is it) a security risk that macOS’s Keychain.db files located at ~/Library/Keychains/*.db seems to be regular unpro… Continue reading Is it a security risk that macOS Keychain.db files are accessible by any process on the system?
In my app, the user must use a private key to sign a transaction (on a blockchain). (It is quite common)
I am facing questions regarding how to store my user’s private key on the device. I am to use a keychain module to store the private k… Continue reading Storing a private key in android/ios keychain encrypted or not
As of iOS 15, users can pair their stored passwords with tokens. These are automatically populated by the OS via Safari on websites, when the user tries to login. That means, although the information is encrypted on the device, it has all … Continue reading How secure are passwords, usernames and tokens stored in KeyChain (iOS 15)
Context
On macOS, when an app requests permission to access a keychain item, a prompt like this is presented:
git-credential-osxkeychain wants to use your confidential information stored in "github.com" in your keychain. The au… Continue reading Determine path of app prompting for access to macOS keychain item
Is there anyway to export a configuration profile from an IOS device that you have root on? So I have a device with an MDM profile with login credentials for a wifi network, VPN, and email authentication certificates. Is ther… Continue reading Export IOS Certificates and Configuration Profiles
If an iOS device is jailbroken, I understand an attacker cannot extricate key material from the secure enclave. But would they be able to use keys using CryptoKit within the enclave to encrypt a password stored within keycha… Continue reading iOS secure enclave and jailbreak
The common approach to secure user secrets in native applications seems to be storing the secret in keychain and adding an additional layer of protection by way of biometrics/touchId/FaceID.
My questions:
Does adding the ad… Continue reading Securing user secrets in KeyChain vs Keychain+Biometrics
I tend to avoid putting my master keychain password in the keychain itself (in OSX, for example), but sometimes with federation of accounts and things, it would be convenient to do so.
Am I right to avoid this? I can’t real… Continue reading Storing the master password in a keychain
The researcher says it works without root or administrator privileges and without password prompts. But he’s not revealing how it works to Apple because there’s no money for him in its invite-only/iOS-only bounties. Continue reading KeySteal could allow someone to steal your Apple Keychain passwords
I can not get gpg to prompt me for my passphrase when I want to decrypt a file. I tried including:
default-cache-ttl 0
max-cache-ttl 0
(also flipped the bit to 1)
within ~/.gnupg/gpg-agent.conf and then running either:
… Continue reading Why is GPG-agent still caching my passphrase?