1

I am developing an app and need a way to securely store API secrets and IDs. I understand that storing these strings directly within source-code is insecure as the code can be decompiled by hackers. I was wondering what the best way of hiding and securing these strings is and whether there is standard practise for doing such? I know this

From my own research I understand that hashing only allows a one-way encryption for verification of a string and that encryption allows two way encryption/decryption via the use of an encryption key. Therefore it may be necessary to hide the encrypted keys and their string's within a file.

Thanks

D

rmaddy
  • 307,833
  • 40
  • 508
  • 550
dgee4
  • 361
  • 3
  • 16
  • Who has given a -1 ? Its an important and intersting question of "How to store a secret during compile time and deliver it?" I am thinking of internal API keys, the user never will see, but need to be present at runtime. – ThorstenC Jun 08 '15 at 08:03
  • you can see a discussion of your question here: http://stackoverflow.com/questions/5525305/how-to-store-a-secret-api-key-in-an-applications-binary?rq=1 – ThorstenC Jun 08 '15 at 08:08

1 Answers1

-1

The place to save keys and API secrets is the App Keychain.

The keychain is designed to store secrets in a secure encrypted manner, there is no better way in iOS.

See iOS Keychain Services Tasks.
There are many source on SO of how to access the keychain.

zaph
  • 110,296
  • 20
  • 185
  • 221
  • You have to get the keys into the keychain firstly. So if it's a static API key this isn't a solution. – SmileBot Jan 11 '22 at 16:11