12.6. Securing Files on Disk
You want to make sure that the files that you are working with on disk are locked and encrypted when the iOS device is locked, and not accessible by an attacker.
Create your file using the
method or your folders using the
error: instance method of the
NSFileManager and use the
NSFileProtectionKey key in the
attributes dictionary with one of the following values:
The file will be encrypted on disk and will be accessible by your app only after the user has unlocked the device. The user can then lock the device back, but while you have the handle to the file, you can continue to read from and write to the file.
The file is encrypted on disk and is not accessible by your app unless the user unlocks the device. If you have a handle to the file when the device is unlocked, you will not be able to read from or write to the file if the user decides to lock the device again.
The file is encrypted on disk and you can read from it or write to it only after the user has at least unlocked the device once. After that one-time unlocking, you can read from and write to the file. The user can lock the device, but that won’t affect you and your file handle.
iOS uses the passcode that the user sets for her device as a seed to the encryption applied ...