1

We want to encrypt credit card informations and save on our server. The encrypt/decrypt keys will be saved on the user's iPhone. But if the user reinstalls the app, we will have lost the keys and we will have no way to decode the card informations.

We want to find a way to save keys on any other safe places. Any suggestions on this issue?

Envisability
  • 15
  • 6
  • Are you familiar with [PCI](https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) regulations WRT saving credit card information? Also see [PCI Security Standards](https://www.pcisecuritystandards.org). – zaph Jul 18 '16 at 16:15
  • Thank you. I hate any scenario where I assume responsibility of centralizing a location of user credit card information. (also another long overdue response) thank you. – Envisability Aug 10 '17 at 22:13

1 Answers1

1

Keychain data stays in place after an app gets deleted. You could eventually rely on this to store the keys (also, this is the most secure place where you can store them).

References:

Community
  • 1
  • 1
Alessandro Orrù
  • 3,443
  • 20
  • 24
  • While the Keychain is the most secure place where you can store keys it also depends on the user having set a PIN and the PIN being secret. The fact that they remain after the app is deleted may be a liability. – zaph Jul 18 '16 at 16:17
  • I surely agree, anyway in that case the insecureness would be a user's fault, not a programmer one. As a programmer, the keychain is the (Apple provided) place to go. – Alessandro Orrù Jul 18 '16 at 16:23
  • Thank you everyone for the feedback. I appreciate it. – Envisability Jul 27 '16 at 17:37