AGKeyManager Class Reference

Inherits from	NSObject
Declared in	AGKeyManager.h AGKeyManager.m

Overview

AGKeyManager manages different AGEncryptionService implementations. It is basically a factory that hides the concrete instantiations of a specific AGEncryptionService implementation.

Example usage

Here is an example usage of retrieving an encryption service (based on PBKDF2) and assigning to a data store to provide on-the fly encryption and decryption of data:

 // randomly generate salt
 NSData *salt = [AGRandomGenerator randomBytes];  // [1]

 // set up crypto params configuration object
 AGPassphraseCryptoConfig *config = [[AGPassphraseCryptoConfig alloc] init];  // [2]
 [config setSalt:salt];  // [3]
 [config setPassphrase:self.password.text];   // [4]

 // initialize the encryption service passing the config
 id<AGEncryptionService> encService = [[AGKeyManager manager] keyService:config];  // [5]

 // access Store Manager
 AGDataManager *manager = [AGDataManager manager];  // [6]

 // create store
 store = [manager store:^(id<AGStoreConfig> config) {
     [config setName:@"CredentialsStorage"];
     [config setType:@"ENCRYPTED_PLIST"];  // [7]
     [config setEncryptionService:encService];  // [8]
 }];

 // ok time to attempt reading..
 NSArray *data = [store readAll]) { // [9]

 if (data)
    // decryption succeeded!

In [1] we initialize a random salt that will be used in the encryption. In [2] we initialize an instance of a CryptoConfig configuration object to set our crypto params. Here we use an PassphraseCryptoConfig object, that sets the necessary crypto params for the PBKDF2 Encryption Service, mainly the salt [3] and the passphrase [4].

Now that we have setup the configuration, it’s time to obtain an instance of an EncryptionService and that’s exactly what we do in [5]. KeyManager parses the configuration and returns an instance of it. Because we passed an PassphraseCryptoConfig object, a PBKDF2 encryption service would be returned.

In [6] we initialize our data store (an encrypted plist [7]), setting the encryption service we obtained earlier [8]. Reading and saving operations are done like all the other stores, but this time the data are transparently encrypted/decrypted.

In [9] we attempt to read data from the store. If that fails, then user supplied wrong crypto parameters (either passphrase or salt).

Class Methods

manager

A factory method to instantiate the AGKeyManager object.

+ (id)manager

Return Value

the AGKeyManager object

Discussion

A factory method to instantiate the AGKeyManager object.

Declared In

AGKeyManager.h

Instance Methods

keyService:

Return an implementation of an AGEncryptionService based on the AGCryptoConfig configuration object passed in. See AGPasswordKeyServices and AGPassphraseKeyServices for the different encyption providers.

- (id<AGEncryptionService>)keyService:(id<AGCryptoConfig>)config

Parameters

config: The CryptoConfig object. See AGKeyStoreCryptoConfig and AGPassphraseCryptoConfig configuration objects.

Return Value

the newly created AGEncryptionService object.

Discussion

Return an implementation of an AGEncryptionService based on the AGCryptoConfig configuration object passed in. See AGPasswordKeyServices and AGPassphraseKeyServices for the different encyption providers.

Declared In

AGKeyManager.h

keyServiceWithName:

Look up for an AGEncryptionService object.

- (id<AGEncryptionService>)keyServiceWithName:(NSString *)name

Parameters

name: the name of the actual AGEncryptionService.

Return Value

the AGEncryptionService object.

Discussion

Look up for an AGEncryptionService object.

Declared In

AGKeyManager.h

remove:

Removes am AGEncryptionService from the AGKeyManager object.

- (id<AGEncryptionService>)remove:(NSString *)name

Parameters

name: the name of the actual AGEncryptionService.

Return Value

the AGEncryptionService object.

Discussion

Removes am AGEncryptionService from the AGKeyManager object.

Declared In

AGKeyManager.h