Collaborate Disseminate
Is there anyway to export a configuration profile from an IOS device that you have root on? So I have a device with an MDM profile with login credentials for a wifi network, VPN, and email authentication certificates. Is ther… Continue reading Export IOS Certificates and Configuration Profiles
If an iOS device is jailbroken, I understand an attacker cannot extricate key material from the secure enclave. But would they be able to use keys using CryptoKit within the enclave to encrypt a password stored within keycha… Continue reading iOS secure enclave and jailbreak
The common approach to secure user secrets in native applications seems to be storing the secret in keychain and adding an additional layer of protection by way of biometrics/touchId/FaceID.
My questions:
Does adding the ad… Continue reading Securing user secrets in KeyChain vs Keychain+Biometrics
I tend to avoid putting my master keychain password in the keychain itself (in OSX, for example), but sometimes with federation of accounts and things, it would be convenient to do so.
Am I right to avoid this? I can’t real… Continue reading Storing the master password in a keychain
The researcher says it works without root or administrator privileges and without password prompts. But he’s not revealing how it works to Apple because there’s no money for him in its invite-only/iOS-only bounties. Continue reading KeySteal could allow someone to steal your Apple Keychain passwords
I can not get gpg to prompt me for my passphrase when I want to decrypt a file. I tried including:
default-cache-ttl 0
max-cache-ttl 0
(also flipped the bit to 1)
within ~/.gnupg/gpg-agent.conf and then running either:
… Continue reading Why is GPG-agent still caching my passphrase?
The keychain is a secure database store for passwords and certificates and is created for each user account on Mac OS X. The system software itself uses keychains for secure storage. […]
The post Mac OS X Security Keychain appeared first on Security… Continue reading Mac OS X Security Keychain
Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many othe… Continue reading Common Security Mistakes when Developing Swift Applications – Part I
Is it safe to use the following stateless authorization mechanism between a client (iOS & Android) and server?
Sign up
The client provides an email and password and saves the clear password on the Keychain of iOS and u… Continue reading Is it safe to use a stateless authorization mechanism where the clear password is stored on the keychain?
I was trying to extract an un-exportable key from OS X Keychain. I used this tool to extract the key. The tool gives me a hexdump of the private key. An RSA 2048 bit key came out to be 2441 bits, after extracting through the … Continue reading What format is an decrypted RSA private key in, specifically in OS X Keychain?