How to implement secure storage for sensitive data in iOS?

like user credentials and payment information

3 min readFeb 10

iOS has always placed great emphasis on user privacy and security, making it a priority for developers to ensure that sensitive information such as user credentials and payment information is stored securely. In this article, we will explore two popular libraries for securing sensitive data in iOS — CryptoSwift and KeychainAccess, and also recommend the use of biometric authentication for an added layer of security.

CryptoSwift is a library for iOS and macOS that provides cryptographic functionality, including data encryption and decryption. To use CryptoSwift, we need to first install the library using the CocoaPods package manager.

Here is an example of how to encrypt data using AES 256 encryption with CryptoSwift:

import CryptoSwift

let plainText = "secret data"
let key = "secretkey12345678"
let iv = "randomiv123456"

do {
    let aes = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7)
    let ciphertext = try aes.encrypt(Array(plainText.utf8))
    print(ciphertext.toHexString())
} catch {
    print(error)
}

The code above uses AES 256 encryption with CBC block mode and PKCS7 padding to encrypt the plain text. The encryption key and initialization vector (IV) are generated randomly and should be kept secret.

Once the data is encrypted, we need to store it securely. This is where KeychainAccess comes in. KeychainAccess is a simple Swift wrapper around the iOS Keychain to allow us to store and retrieve data securely.

Here is an example of how to store and retrieve data using KeychainAccess:

import KeychainAccess

let keychain = Keychain(service: "com.example.myapp")
try keychain.set("secret data", key: "secret_data")

let value = try keychain.get("secret_data")
print(value)

In this example, we created a Keychain object with a service name of “com.example.myapp” and used the set method to store a string value under the key "secret_data". To retrieve the value, we used the get method and passed the same key.

In addition to encryption and secure storage, biometric authentication such as Face ID can also be used to…

How to implement secure storage for sensitive data in iOS?

like user credentials and payment information

Written by Brahim Siempay

More from Brahim Siempay

Introducing Phind: The Revolutionary Search Engine for Developers

“Say Goodbye to Endless Search Results and Hello to Phind — Your New Best Friend in the World of Tech!”

Why Tabby is the Trending Terminal Emulator on GitHub

A terminal for a more modern age

All iOS Design patterns you should know

Design patterns are definitely something you must consider learning one day

Demystifying SwiftData: An Interview with Julia — The SwiftData Pro

Let’s delve into the world of SwiftData, a powerful framework in SwiftUI, through an enlightening conversation with Julia, a seasoned…

Recommended from Medium

Prevent Screen Capture in iOS App

Have you ever wondered how we can prevent screenshot from iPhone app? Well, you are in a right document and we will be discussing the same.

New in Swift 5.9 : NonCopyable Type

The latest version of Swift, version 5.9, provides impressive updates such as NonCopyable, Macros, if and switch expressions, and more. To…

Lists

General Coding Knowledge

It's never too late or early to start something

Coding & Development

Stories to Help You Grow as a Software Developer

Multi-Threading in Swift

“What is multi-threading? “.

Install Ubuntu on MAC M1 powered by UTM

Because of no official support on VirtualBox, I decided to use UTM for my M1 Mac.

Using Property Wrappers and Swinject Autoregistration for Dependency Injection Swift iOS

Introduction:

Multipart Request with URLSession and async/await in Swift

If you want to read the Spanish version of this article, you can find it here…