What encryption algorithm does the iOS keychain use to protect data?

ios security keychain
James picture James · Jun 11, 2011 · Viewed 9k times · Source

After extensive googling I haven't managed to find an answer to this question1, which is surprising, since `security through obscurity' isn't really security at all...

Is there a reliable source of an answer to this question (such as a certification application for iOS, source code, or similar)?

1The only mention I could find was that it might use 3DES.

Answer

Mateusz Wlodarczyk picture Mateusz Wlodarczyk · Jan 12, 2017

According to this official Apple webpage :

Keychain items are encrypted using two different AES-256-GCM keys: a table key (metadata), and a per-row key (secret-key).

UPDATE: Update from May 2019. Encryption changed from 128 to 256.

Related questions

Save and Load from KeyChain | Swift

How to simply store a String in Keychain and load when needed. There are several SO solution which mostly refers to Git repo. But I need the smallest and the simplest solution on latest Swift. Certainly, I don't want to …

Read More
Enumerate all Keychain items in my iOS application

What's the easiest way to programmatically (from within my app) get all items stored in the keychain? It probably has something to do with SecItemCopyMatching(), but the documentation for that function is not very clear (and I failed to find …

Read More
Is it possible to update a Keychain item's kSecAttrAccessible value?

Is it possible to update the value of the attribute kSecAttrAccessible of existing items in the Keychain? It seems that it cannot be changed after the item was added to the Keychain. The following steps back up my assumption. Add …

Read More