TopDogLabs/LocalData
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>

Browse Source
This commit is contained in:
Matt Bruce 2026-01-14 13:53:01 -06:00
parent 8368900f49
commit b97fbf2ba9
4 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -163,13 +163,14 @@ You can customize the identifiers used for the master key in the Keychain:
```swift ```swift
let config = EncryptionConfiguration( let config = EncryptionConfiguration(
masterKeyService: "com.myapp.LocalData", masterKeyService: "com.myapp.LocalData",
masterKeyAccount: "MasterKey" masterKeyAccount: "MasterKey",
pbkdf2Iterations: 50_000
) )
await StorageRouter.shared.updateEncryptionConfiguration(config) await StorageRouter.shared.updateEncryptionConfiguration(config)
``` ```
> [!WARNING] > [!WARNING]
> Changing the `masterKeyService` or `masterKeyAccount` in an existing app will cause the app to look for the master key in a new location. Previously encrypted data will be lost. > Changing the `masterKeyService`, `masterKeyAccount`, or `pbkdf2Iterations` in an existing app will cause the app to look for or derive keys differently. Previously encrypted data will be inaccessible.
#### Global Sync Configuration #### Global Sync Configuration

5
Sources/LocalData/Configuration/EncryptionConfiguration.swift
View File

@ -6,17 +6,20 @@ public struct EncryptionConfiguration: Sendable {
public let masterKeyAccount: String public let masterKeyAccount: String
public let masterKeyLength: Int public let masterKeyLength: Int
public let defaultHKDFInfo: String public let defaultHKDFInfo: String
public let pbkdf2Iterations: Int
public init( public init(
masterKeyService: String = "LocalData", masterKeyService: String = "LocalData",
masterKeyAccount: String = "MasterKey", masterKeyAccount: String = "MasterKey",
masterKeyLength: Int = 32, masterKeyLength: Int = 32,
defaultHKDFInfo: String = "LocalData.Encryption" defaultHKDFInfo: String = "LocalData.Encryption",
pbkdf2Iterations: Int = 10_000
) { ) {
self.masterKeyService = masterKeyService self.masterKeyService = masterKeyService
self.masterKeyAccount = masterKeyAccount self.masterKeyAccount = masterKeyAccount
self.masterKeyLength = masterKeyLength self.masterKeyLength = masterKeyLength
self.defaultHKDFInfo = defaultHKDFInfo self.defaultHKDFInfo = defaultHKDFInfo
self.pbkdf2Iterations = pbkdf2Iterations
} }
public static let `default` = EncryptionConfiguration() public static let `default` = EncryptionConfiguration()

2
Sources/LocalData/Models/SecurityPolicy.swift
View File

@ -21,7 +21,7 @@ public enum SecurityPolicy: Sendable {
} }
public enum KeyDerivation: Sendable { public enum KeyDerivation: Sendable {
case pbkdf2(iterations: Int, salt: Data? = nil) case pbkdf2(iterations: Int? = nil, salt: Data? = nil)
case hkdf(salt: Data? = nil, info: Data? = nil) case hkdf(salt: Data? = nil, info: Data? = nil)
} }
} }

3
Sources/LocalData/Services/EncryptionHelper.swift
View File

@ -104,10 +104,11 @@ actor EncryptionHelper {
switch derivation { switch derivation {
case .pbkdf2(let iterations, let customSalt): case .pbkdf2(let iterations, let customSalt):
let salt = customSalt ?? defaultSalt(for: keyName) let salt = customSalt ?? defaultSalt(for: keyName)
let actualIterations = iterations ?? configuration.pbkdf2Iterations
let derivedKeyData = try pbkdf2SHA256( let derivedKeyData = try pbkdf2SHA256(
password: baseKeyMaterial, password: baseKeyMaterial,
salt: salt, salt: salt,
iterations: iterations, iterations: actualIterations,
keyLength: configuration.masterKeyLength keyLength: configuration.masterKeyLength
) )
return SymmetricKey(data: derivedKeyData) return SymmetricKey(data: derivedKeyData)