我下载了一个使用NSFileProtectionComplete类的iOS应用程序来保护包含敏感信息的sqlite文件.
根据iOS安全文档(http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf),当一台设备(iPhone / iPad)与笔记本电脑配对时,笔记本电脑从移动设备获取托管密钥包.密钥包包含解密设备信息所需的所有类密钥.
但是,我注意到,当我将设备与笔记本电脑配对并使用iExplorer浏览文件系统时,sqlite文件仅在设备解锁时可用.当手机被锁定(仍然配对)时,文件不可读.当设备被锁定时,可以查看不使用NSFileProtectionComplete的文件.
如果托管密钥包包含解密信息的所有类密钥,为什么我必须解锁设备才能通过iExplorer进行访问?
我在iPad3上使用iOS 6.0,并使用ios-dataprotection工具(https://github.com/ciso/ios-dataprotection)来确定文件使用的数据保护等级.
iOS应用程序:AccountVault
文件:PointMinder.sqlite
任何帮助将不胜感激.
谢谢.
解决方法
Complete Protection (NSFileProtectionComplete): The class key is
protected with a key derived from the user passcode and the device
UID. Shortly after the user locks a device (10 seconds,if the Require
Password setting is Immediately),the decrypted class key is
discarded,rendering all data in this class inaccessible until the
user enters the passcode again.
因此,如果要访问该文件,则应解锁设备.那就是苹果公司制造的.
编辑:在“黑客和保护iOS应用程序”中找到:
Protection class keys are master encryption keys used to unlock files based on their access policy.
Protection classes are the encryption mechanism used to enforce the access policies of files.Some files are so important that the operating system should be able to decrypt them only when the device’s user interface is unlocked. These files’ encryption keys are wrapped with a class key that is available only after the user has entered his passcode. When the device locks again,the key is wiped from memory,making the files unavailable again.
Protection class master keys are stored in an escrow known as a keybag. The keybag contains the encrypted protection class master keys,as well as other keys to system files on the device. The system keybag is encrypted using another encryption key named BAGI,which is also stored in the effaceable storage of the NAND. Whenever the user authenticates to meet a specific security protection policy,the encrypted keys in the keybag can be decrypted.