Re: Using Touch ID with Keychain and LocalAuthentication

2017-08-17 Thread Monte Goulding via use-livecode 
Hi Todd

Reading and writing to the keychain is not very complicated but you will need 
an external or if you are using the latest versions of LC 9 then it can be done 
with the objective-c FFI from infinite LiveCode. Probably best to contact 
Business Services if you are in a hurry.

Cheers

Monte

> On 17 Aug 2017, at 11:35 pm, Todd Fabacher via use-livecode 
>  wrote:
> 
> Hello Mark or Monte or any knowledgeable soul,
> 
> 
> We are working with the United Nations to create their first LMS mobile
> App. The problem is they are security freaks. It took their hackers about 4
> hours to send me screen shots of the encryption key I scripted in LiveCode
> and compiled for iOS. Normally we don't put code like this in our apps, but
> they are insisting to use the LocalAuthentication with the TouchID to
> unlock the App.
> 
> LocalAuthentication, does not actually store any values, it just validates
> that the fingerprint matches. The MergeExt mergLA
> http://mergext.com/home/mergla/ does the trick - well done.
> 
> The problem is how do I store a unique key to retrieve the UN/PW on the
> server or even just store the values on the local device? I can use
> encryption, they can read the key from code and have said it is NOT an
> option. So, my good friends at the UN have suggested that I use the iOS
> Keychain functionality.
> 
> They have provided a sample of what Apple is doing and suggest that
> LiveCode be able to do the same. Is there any way to utilize the Keychain
> functionality on the device?
> 
> WDC session video and presentation: You will need Safri to watch the video:
> https://developer.apple.com/videos/play/wwdc2014/711/
> 
> Here is their Code:
> https://developer.apple.com/library/content/samplecode/KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/uid/TP40014530-Intro-DontLinkElementID_2
> 
> So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
> using LocalAuthentication. I think many of LC app developers must be facing
> the same problem.
> 
> --Todd
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Using Touch ID with Keychain and LocalAuthentication

2017-08-17 Thread Mike Kerner via use-livecode 
Why not open a session with your server and have it transmit a key that is
unique to the device/user?

On Thu, Aug 17, 2017 at 9:35 AM, Todd Fabacher via use-livecode <
use-livecode@lists.runrev.com> wrote:

> Hello Mark or Monte or any knowledgeable soul,
>
>
> We are working with the United Nations to create their first LMS mobile
> App. The problem is they are security freaks. It took their hackers about 4
> hours to send me screen shots of the encryption key I scripted in LiveCode
> and compiled for iOS. Normally we don't put code like this in our apps, but
> they are insisting to use the LocalAuthentication with the TouchID to
> unlock the App.
>
> LocalAuthentication, does not actually store any values, it just validates
> that the fingerprint matches. The MergeExt mergLA
> http://mergext.com/home/mergla/ does the trick - well done.
>
> The problem is how do I store a unique key to retrieve the UN/PW on the
> server or even just store the values on the local device? I can use
> encryption, they can read the key from code and have said it is NOT an
> option. So, my good friends at the UN have suggested that I use the iOS
> Keychain functionality.
>
> They have provided a sample of what Apple is doing and suggest that
> LiveCode be able to do the same. Is there any way to utilize the Keychain
> functionality on the device?
>
> WDC session video and presentation: You will need Safri to watch the video:
> https://developer.apple.com/videos/play/wwdc2014/711/
>
> Here is their Code:
> https://developer.apple.com/library/content/samplecode/
> KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/
> uid/TP40014530-Intro-DontLinkElementID_2
>
> So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
> using LocalAuthentication. I think many of LC app developers must be facing
> the same problem.
>
> --Todd
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Using Touch ID with Keychain and LocalAuthentication

2017-08-17 Thread Todd Fabacher via use-livecode 
Hello Mark or Monte or any knowledgeable soul,


We are working with the United Nations to create their first LMS mobile
App. The problem is they are security freaks. It took their hackers about 4
hours to send me screen shots of the encryption key I scripted in LiveCode
and compiled for iOS. Normally we don't put code like this in our apps, but
they are insisting to use the LocalAuthentication with the TouchID to
unlock the App.

LocalAuthentication, does not actually store any values, it just validates
that the fingerprint matches. The MergeExt mergLA
http://mergext.com/home/mergla/ does the trick - well done.

The problem is how do I store a unique key to retrieve the UN/PW on the
server or even just store the values on the local device? I can use
encryption, they can read the key from code and have said it is NOT an
option. So, my good friends at the UN have suggested that I use the iOS
Keychain functionality.

They have provided a sample of what Apple is doing and suggest that
LiveCode be able to do the same. Is there any way to utilize the Keychain
functionality on the device?

WDC session video and presentation: You will need Safri to watch the video:
https://developer.apple.com/videos/play/wwdc2014/711/

Here is their Code:
https://developer.apple.com/library/content/samplecode/KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/uid/TP40014530-Intro-DontLinkElementID_2

So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
using LocalAuthentication. I think many of LC app developers must be facing
the same problem.

--Todd
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode