My Realm db已加密。 encryptionKey存儲在Keychain中。什麼是更安全的方式來管理這個關鍵?在DefaultConfiguration中存儲加密密鑰是否安全?
目前我打電話的方法誰設置了默認配置(schemaVersion,migrationBlock,fileURL等和encryptionKey以及)從application(application:didFinishLaunchingWithOptions:)
,之前任何境界將被實例化。後來Realm在整個應用程序中通過defaultConfiguration實例化。 就像是:
// AppDelegate
var config = Realm.Configuration.defaultConfiguration
config.schemaVersion = 5
config.migrationBlock = { migration, oldSchemaVersion in ... }
config.encryptionKey = KeychainManager.getRealmEncryptionKey()
Realm.Configuration.defaultConfiguration = config
// Somewhere else, later
Realm()
它是安全投入的encryptionKey到defaultConfiguration? defaultConfiguration在運行時存儲在哪裏以及從中擠出密鑰有多簡單?
還是最好的辦法,是從鑰匙扣上的每個領域實例化要求的encryptionKey,放入定製配置,這將只在領域實例的生命存在於內存中?就像這樣:
// AppDelegate
var config = Realm.Configuration.defaultConfiguration
config.schemaVersion = 5
config.migrationBlock = { migration, oldSchemaVersion in ... }
Realm.Configuration.defaultConfiguration = config
// Somewhere else, later
var configTemp = Realm.Configuration.defaultConfiguration
configTemp.encryptionKey = KeychainManager.getRealmEncryptionKey()
Realm(configuration: configTemp)