Skip to content

Utility library for managing keys and signing with Apple's Keychain and Secure Enclave

License

Notifications You must be signed in to change notification settings

EOSLaoMao/eosio-swift-vault

 
 

Repository files navigation

Swift Logo

EOSIO SDK for Swift: Vault EOSIO Alpha

Software License Swift 5.0

EOSIO SDK for Swift: Vault is a utility library for working with public/private keys and signing with Apple's Keychain and Secure Enclave.

The Vault library is a required dependency of the EOSIO SDK for Swift: Vault Signature Provider. It additionally provides key generation, management and signing functions that can be called directly. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Contents

Prerequisites

  • Xcode 10 or higher
  • CocoaPods 1.5.3 or higher
  • For iOS, iOS 11.3+

Installation

If you are using Vault as part of the EOSIO SDK for Swift: Vault Signature Provider pod, Vault will be installed automatically as a dependency.

If you wish to use Vault directly, add the following pods to your Podfile:

use_frameworks!

target "Your Target" do
  pod "EosioSwiftVault", "~> 0.2.1"
end

Then run pod install.

EosioVault

The primary class for interacting with the EOSIO SDK for Swift: Vault is EosioVault. A instance of EosioVault is instantiated with an accessGroup as follows:

import EosioSwiftVault

let vault = EosioVault(accessGroup: accessGroup)

The accessGroup is a App Group Identifier or a Keychain Access Group Identifier that allows the keys to be shared between different apps and app extensions in the same developer account.

Key Generation

The Vault library exposes functions to generate new EOSIO keys. New keys can either be generated and stored in the device's Secure Enclave or the Keychain. Note: If the key is stored in Secure Enclave, it is not possible to directly access or export the private key.

Important: Currently key metadata must conform to the rules for conversion by JSONSerialization. Failure to do so will result in application errors.

To create a key in Secure Enclave:

let newKey = try vault.newVaultKey(secureEnclave: true, protection: .whenUnlockedThisDeviceOnly, bioFactor: .none, metadata: [String: Any])

or use the convenience function:

let newKey = try vault.newSecureEnclaveKey(bioFactor: .none, metadata: [String: Any])

To create a key in Keychain:

let newKey = try vault.newVaultKey(secureEnclave: false, protection: .whenUnlockedThisDeviceOnly, bioFactor: .none, metadata: [String: Any])

The bioFactor is the type of biometric security that will be required by the keychain to sign messages with this key. The metadata can be any data you want to associate with this key.

protection is the accessibility to use the for key.

Each of the above functions will return an EosioVault.VaultKey. To access the EOSIO public and private keys:

let publicKey = newKey.eosioPublicKey
let privateKey = newKey.eosioPrivateKey

For Secure Enclave keys the eosioPrivateKey is nil as it cannot be accessed.

Signing

In most cases, signing is handled via the EOSIO SDK for Swift: Vault Signature Provider. However, a message can also be signed directly with an instance of EosioVault:

let signature = vault.sign(message: message, eosioPublicKey: publicKey, requireBio: true) { (signature, error) in
	// handle signature or error
}

Biometric requirements can set as part of the key, itself, or enforced as a separate software check. The requireBio flag will require biometric identification to sign with this key, even if the key does not require it. However, setting the requireBio to false will not disable biometric identification if required by the key.

Key Management

The Vault library exposes functions to get existing keys, add external keys, delete keys and modify metadata for existing keys.

To get a single VaultKey for an EOSIO public key:

let key = try getVaultKey(eosioPublicKey: publicKey)

To get an array of all keys:

let keys = try getAllVaultKeys() 

To add an external key to the Keychain with the private key:

try vault.addExternal(eosioPrivateKey: privateKey, metadata: [String: Any]) 

To delete a key:

try deleteKey(eosioPublicKey: publicKey)

To update an existing key, update the metadata property and then:

update(key: myKey)

Documentation

Please refer to the generated code documentation at https://eosio.github.io/eosio-swift-vault or by cloning this repo and opening the docs/index.html file in your browser.

Want to help?

Interested in contributing? That's awesome! Here are some Contribution Guidelines and the Code of Conduct.

License

MIT

Important

See LICENSE for copyright and license terms. Block.one makes its contribution on a voluntary basis as a member of the EOSIO community and is not responsible for ensuring the overall performance of the software or any related applications. We make no representation, warranty, guarantee or undertaking in respect of the software or any related documentation, whether expressed or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall we be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or documentation or the use or other dealings in the software or documentation. Any test results or performance figures are indicative and will not reflect performance under all conditions. Any reference to any third party or third-party product, service or other resource is not an endorsement or recommendation by Block.one. We are not responsible, and disclaim any and all responsibility and liability, for your use of or reliance on any of these resources. Third-party resources may be updated, changed or terminated at any time, so the information here may be out of date or inaccurate. Any person using or offering this software in connection with providing software, goods or services to third parties shall advise such third parties of these license terms, disclaimers and exclusions of liability. Block.one, EOSIO, EOSIO Labs, EOS, the heptahedron and associated logos are trademarks of Block.one.

Wallets and related components are complex software that require the highest levels of security. If incorrectly built or used, they may compromise users’ private keys and digital assets. Wallet applications and related components should undergo thorough security evaluations before being used. Only experienced developers should work with this software.

About

Utility library for managing keys and signing with Apple's Keychain and Secure Enclave

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Swift 95.0%
  • Ruby 4.0%
  • Objective-C 1.0%