From 3bdb0e997deafe7f7ccbb133fd026342a7411c8b Mon Sep 17 00:00:00 2001 From: Yannick Spreen Date: Wed, 28 Apr 2021 09:09:56 +0200 Subject: [PATCH] Move and rename key. --- DGCAVerifier/Services/Enclave.swift | 1 - DGCAVerifier/Services/SecureStorage.swift | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DGCAVerifier/Services/Enclave.swift b/DGCAVerifier/Services/Enclave.swift index acfaa48..c2d45a8 100644 --- a/DGCAVerifier/Services/Enclave.swift +++ b/DGCAVerifier/Services/Enclave.swift @@ -31,7 +31,6 @@ import Foundation struct Enclave { static let encryptAlg = SecKeyAlgorithm.eciesEncryptionCofactorVariableIVX963SHA256AESGCM static let signAlg = SecKeyAlgorithm.ecdsaSignatureMessageX962SHA512 - static let symmetricKey = generateOrLoadKey(with: "symmetricKey") static func tag(for name: String) -> Data { "\(Bundle.main.bundleIdentifier ?? "app").\(name)".data(using: .utf8)! diff --git a/DGCAVerifier/Services/SecureStorage.swift b/DGCAVerifier/Services/SecureStorage.swift index 343376c..2e08123 100644 --- a/DGCAVerifier/Services/SecureStorage.swift +++ b/DGCAVerifier/Services/SecureStorage.swift @@ -36,6 +36,7 @@ struct SecureDB: Codable { struct SecureStorage { let documents: URL! = try? FileManager.default.url(for: .documentDirectory, in: .userDomainMask, appropriateFor: nil, create: true) var path: URL! { URL(string: documents.absoluteString + "secure.db") } + let secureStorageKey = Enclave.generateOrLoadKey(with: "secureStorageKey") /** Loads encrypted db and overrides it with an empty one if that fails. @@ -60,7 +61,7 @@ struct SecureStorage { guard let (data, signature) = read(), - let key = Enclave.symmetricKey, + let key = secureStorageKey, Enclave.verify(data: data, signature: signature, with: key).0 else { completion?(nil) @@ -82,7 +83,7 @@ struct SecureStorage { public func save(_ instance: T, completion: ((Bool) -> Void)? = nil) { guard let data = try? JSONEncoder().encode(instance), - let key = Enclave.symmetricKey, + let key = secureStorageKey, let encrypted = Enclave.encrypt(data: data, with: key).0 else { completion?(false)