TopDogLabs/SecureStorageSample
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a71670f9d
SecureStorageSample/README.md

130 lines
4.5 KiB
Markdown
Raw Blame History

# SecureStorgageSample
A sample iOS app demonstrating the LocalData package capabilities for secure, typed storage across multiple domains.
## Features
This app provides interactive demos for all LocalData storage options:
| Tab | Demo | Storage Domain |
|-----|------|----------------|
| **Defaults** | Save/load/remove values | UserDefaults |
| **Keychain** | Secure credentials with biometrics | Keychain |
| **Files** | User profiles with Codable models | File System |
| **Encrypted** | Encrypted logs (AES or ChaCha20) | Encrypted File System |
| **Sync** | Platform availability & sync policies | Multiple |
The project also includes a watchOS companion app target for watch-specific demos.
## Requirements
- iOS 17.0+
- watchOS 10.0+ (companion app target)
- Xcode 15+
## Getting Started
1. Open `SecureStorgageSample.xcodeproj`
2. Select an iOS simulator or device
3. Build and run (⌘R)
4. To use App Group demos, enable the App Group entitlement for each target that should share data. The identifier is derived from the bundle ID via SharedKit constants.
## Project Structure
```
SharedPackage/
├── Package.swift
└── Sources/
└── SharedKit/
├── Constants/
│ ├── StorageKeyNames.swift
│ └── StorageServiceIdentifiers.swift
└── Models/
└── UserProfile.swift
SecureStorgageSample/
├── ContentView.swift # Tabbed navigation
├── Models/
│ ├── Credential.swift
│ └── SampleLocationData.swift
├── StorageKeys/
│ ├── UserDefaults/
│ ├── Keychain/
│ ├── FileSystem/
│ ├── EncryptedFileSystem/
│ ├── AppGroup/
│ └── Platform/
├── WatchOptimized.swift # Watch data models
├── Services/
│ ├── AppStorageCatalog.swift
│ ├── ExternalKeyMaterialProvider.swift
│ └── WatchConnectivityService.swift
└── Views/
├── UserDefaultsDemo.swift
├── KeychainDemo.swift
├── FileSystemDemo.swift
├── EncryptedStorageDemo.swift
└── PlatformSyncDemo.swift
SecureStorageSample Watch App/
├── SecureStorageSampleApp.swift
├── ContentView.swift
├── Protocols/
│ └── WatchDataHandling.swift
├── State/
│ └── WatchProfileStore.swift
└── Services/
├── WatchConnectivityService.swift
└── Handlers/
└── UserProfileWatchHandler.swift
```
## Storage Key Examples
The app demonstrates various storage configurations:
### UserDefaults
- Simple string storage with automatic sync
- App Group UserDefaults support for shared preferences
### Keychain
- 7 accessibility options (whenUnlocked, afterFirstUnlock, etc.)
- 6 access control options (biometry, passcode, etc.)
### File System
- Documents directory (persisted, backed up)
- Caches directory (can be purged)
- JSON and PropertyList serializers
### App Group Storage
- Shared UserDefaults via App Group identifier
- Shared files in the App Group container
- Requires App Group entitlements in all participating targets
### Encrypted Storage
- AES-256-GCM or ChaCha20-Poly1305 encryption
- PBKDF2 or HKDF key derivation
- Complete file protection
- External key material example via `KeyMaterialProviding`
### Platform & Sync
- Platform availability (phoneOnly, watchOnly, all)
- Sync policies (never, manual, automaticSmall)
## Dependencies
- [LocalData](../localPackages/LocalData) - Local package for typed secure storage
- SharedKit - Local package for shared iOS/watch models and constants
## Notes
- Storage keys are now split into one file per key and grouped by domain; platform-focused keys live in `StorageKeys/Platform` with comments calling out availability/sync focus.
- The shared model/constants live in `SharedPackage` (`SharedKit`) to keep the watch/iOS data contract centralized.
- Keychain service IDs and App Group identifiers are centralized in `SharedKit/Constants/StorageServiceIdentifiers.swift` to avoid hardcoded strings in keys.
- The watch app uses a handler-based WatchConnectivity layer so new payload types can be added in `Services/Handlers` without bloating the main service.
- A `StorageKeyCatalog` sample is included to generate a security audit report of all storage keys.
- Each `StorageKey` includes a `description` used in audit reports.
- The catalog is registered at app startup to enforce key registration and catch duplicates.
## License
This sample is provided for demonstration purposes.
Reference in New Issue View Git Blame Copy Permalink