Lockbox v3 is now available, sporting a vastly more robust yet less complex API for storing data into and retrieving data from the iOS keychain.
The basic premise of Lockbox has not changed: make it easy to store data securely in the iOS keychain, and make it easy to retrieve.
What has changed are the APIs. This is due to the fact that for anything but the most basic of (supported) Foundation data types, Lockbox didn’t work as expected. The best example of this is trying to store and retrieve an array of arrays. While the former operation succeeded, the latter returned an array of something-not-resembling-an-array. Clearly, not OK.
Lockbox v3 introduces two new APIs, and deprecates all the old APIs. The new APIs are:
-(BOOL)archiveObject:(id<NSSecureCoding>)object forKey:(NSString *)key; -(BOOL)archiveObject:(id<NSSecureCoding>)object forKey:(NSString *)key accessibility:(CFTypeRef)accessibility; -(id)unarchiveObjectForKey:(NSString *)key;
Ok, that’s three, but the first calls the second with a default argument for accessibility.
So what is going on here? First, we’ve made Lockbox type agnostic, meaning, as long as your object (and any contained objects) conforms to NSSecureCoding, you can store it in the keychain using Lockbox. Second, as the API names might suggest, Lockbox is no longer storing any specific data types, but rather the NSData contained in an NSKeyedArchive produced by archiving your object. Neat, huh? Why didn’t we do it this way to begin with? We were young and foolish, but we’ve learned a thing or two since 2012.
The old -setXxx APIs are deprecated, and the new APIs are not compatible with them. That means if you stored something using -setString:forKey: you cannot retrieve it using -unarchiveObjectForKey:.
Instead, you will need to migrate manually by using -stringForKey: and then -archiveObjectForKey: before you can use -unarchiveObjectForKey:. Luckily, you need only do this once, and then store a value somewhere to indicate you’ve migrated.
These changes to Lockbox put the onus on the developer to know what data types are being stored and retrieved, and to ensure that the objects all conform to NSSecureCoding. The beauty of this is that the Lockbox APIs are much simpler and Lockbox is now simply a way to store whatever data you like securely in the iOS keychain.