Using Touch ID with Keychain and LocalAuthentication

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Using Touch ID with Keychain and LocalAuthentication

Ben Rubinstein via use-livecode
Hello Mark or Monte or any knowledgeable soul,


We are working with the United Nations to create their first LMS mobile
App. The problem is they are security freaks. It took their hackers about 4
hours to send me screen shots of the encryption key I scripted in LiveCode
and compiled for iOS. Normally we don't put code like this in our apps, but
they are insisting to use the LocalAuthentication with the TouchID to
unlock the App.

LocalAuthentication, does not actually store any values, it just validates
that the fingerprint matches. The MergeExt mergLA
http://mergext.com/home/mergla/ does the trick - well done.

The problem is how do I store a unique key to retrieve the UN/PW on the
server or even just store the values on the local device? I can use
encryption, they can read the key from code and have said it is NOT an
option. So, my good friends at the UN have suggested that I use the iOS
Keychain functionality.

They have provided a sample of what Apple is doing and suggest that
LiveCode be able to do the same. Is there any way to utilize the Keychain
functionality on the device?

WDC session video and presentation: You will need Safri to watch the video:
https://developer.apple.com/videos/play/wwdc2014/711/

Here is their Code:
https://developer.apple.com/library/content/samplecode/KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/uid/TP40014530-Intro-DontLinkElementID_2

So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
using LocalAuthentication. I think many of LC app developers must be facing
the same problem.

--Todd
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Using Touch ID with Keychain and LocalAuthentication

Ben Rubinstein via use-livecode
Why not open a session with your server and have it transmit a key that is
unique to the device/user?

On Thu, Aug 17, 2017 at 9:35 AM, Todd Fabacher via use-livecode <
[hidden email]> wrote:

> Hello Mark or Monte or any knowledgeable soul,
>
>
> We are working with the United Nations to create their first LMS mobile
> App. The problem is they are security freaks. It took their hackers about 4
> hours to send me screen shots of the encryption key I scripted in LiveCode
> and compiled for iOS. Normally we don't put code like this in our apps, but
> they are insisting to use the LocalAuthentication with the TouchID to
> unlock the App.
>
> LocalAuthentication, does not actually store any values, it just validates
> that the fingerprint matches. The MergeExt mergLA
> http://mergext.com/home/mergla/ does the trick - well done.
>
> The problem is how do I store a unique key to retrieve the UN/PW on the
> server or even just store the values on the local device? I can use
> encryption, they can read the key from code and have said it is NOT an
> option. So, my good friends at the UN have suggested that I use the iOS
> Keychain functionality.
>
> They have provided a sample of what Apple is doing and suggest that
> LiveCode be able to do the same. Is there any way to utilize the Keychain
> functionality on the device?
>
> WDC session video and presentation: You will need Safri to watch the video:
> https://developer.apple.com/videos/play/wwdc2014/711/
>
> Here is their Code:
> https://developer.apple.com/library/content/samplecode/
> KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/
> uid/TP40014530-Intro-DontLinkElementID_2
>
> So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
> using LocalAuthentication. I think many of LC app developers must be facing
> the same problem.
>
> --Todd
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



--
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Using Touch ID with Keychain and LocalAuthentication

Ben Rubinstein via use-livecode
In reply to this post by Ben Rubinstein via use-livecode
Hi Todd

Reading and writing to the keychain is not very complicated but you will need an external or if you are using the latest versions of LC 9 then it can be done with the objective-c FFI from infinite LiveCode. Probably best to contact Business Services if you are in a hurry.

Cheers

Monte

> On 17 Aug 2017, at 11:35 pm, Todd Fabacher via use-livecode <[hidden email]> wrote:
>
> Hello Mark or Monte or any knowledgeable soul,
>
>
> We are working with the United Nations to create their first LMS mobile
> App. The problem is they are security freaks. It took their hackers about 4
> hours to send me screen shots of the encryption key I scripted in LiveCode
> and compiled for iOS. Normally we don't put code like this in our apps, but
> they are insisting to use the LocalAuthentication with the TouchID to
> unlock the App.
>
> LocalAuthentication, does not actually store any values, it just validates
> that the fingerprint matches. The MergeExt mergLA
> http://mergext.com/home/mergla/ does the trick - well done.
>
> The problem is how do I store a unique key to retrieve the UN/PW on the
> server or even just store the values on the local device? I can use
> encryption, they can read the key from code and have said it is NOT an
> option. So, my good friends at the UN have suggested that I use the iOS
> Keychain functionality.
>
> They have provided a sample of what Apple is doing and suggest that
> LiveCode be able to do the same. Is there any way to utilize the Keychain
> functionality on the device?
>
> WDC session video and presentation: You will need Safri to watch the video:
> https://developer.apple.com/videos/play/wwdc2014/711/
>
> Here is their Code:
> https://developer.apple.com/library/content/samplecode/KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/uid/TP40014530-Intro-DontLinkElementID_2
>
> So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
> using LocalAuthentication. I think many of LC app developers must be facing
> the same problem.
>
> --Todd
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode