Keychain vs File Data Protection

petere,

From an architectural perspective, files stored in the Keychain with the protection level, kSecAttrAccessibleAfterFirstUnlock do provide migration to a new device when using encrypted backups. While files saved with FileManager specifically need to be tagged for iCloud storage in order to be included in iCloud syncs.

From a security advantage perspective, there's not really a definitive answer here. The iOS Security Guide does provide insight into how/where items are stored on iOS; for example FileManager is storing data on the file system and the Keychain is storing data as a SQLite database on the file system. Knowing this, the best option for your application is probably best left up your requirements and what your are specifically looking to achieve. In securing data I would think about what type of data you are storing in either option. For example, the Keychain can save files but is really meant to save smaller files, while if you have a larger file this would be more suited to save in the file system using the FileManager and FileProtectionType.completeUntilFirstUserAuthentication.

For other's reference, the iOS Security Guide I am referring to is found here:

<https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf>

Can you provide more detail on your 'security perspective'?

Perhaps if you talked more about what prompts your question, and what if any concerns drive it, someone can layout detailed advantages, -and- risks, you can then use to form an actionable course that best fits whatever it is you're dealing with.

What platforms are being targeted, what specs you are trying to meet, what specific risks you expect to face, is there a certain threat you've been tasked to address, etc.

Thanks so much for this explanation! And as I said below, sorry for my vague question.

As I just mentioned in my other reply below, the specific case that prompted my question was deciding whether sensitive tokens (strings) should be stored in an existing Core Data database, or separately in Keychain.

Since both methods involved an SQLite file on the file system, with (potentially) equivalent data protection levels on each file, I was trying to understand in what attack scenarios the latter architecture (Keychain) would make these tokens less vulnerable than the former (Core Data). (I do understand that it's hard to generalize without discussing particular exploits.)

petere,

No problem at all.

In regards to your question, both options use several secure keys to encrypt the data on both the file system and in the Keychain. Both options also encrypt the file related metadata also. The Keychain even protects the metadata keys with the secure enclave. The iOS Security Guide also states that both storage options are derived from the same level of protection, i.e., "Keychain data is protected using a class structure similar to the one used in file Data Protection. These classes have behaviors equivalent to file Data Protection classes, but use distinct keys and are part of APIs that are named differently." Based upon this information and the type of data you wish to store I am going to recommend using the Keychain for this solution because this is exactly what the Keychain was designed for. Enhanced access control on a per process basis can also be setup for Keychain Items and is enforced via the securityd daemon.