I need to transfer user's private key (RSA) to my App. Is file sharing a good solution?

Question

I've asked a similar question here earlier iOS: Is it ok to store a RSA private key (use to decrypt text) in your application document directory?

However, the person recommend me to use keychain access. This will not work for me because after further research only mac users can use keychains in the first place. Which limits the people who can do this.

I was wondering if it is secure to use Apple's file sharing https://support.apple.com/en-us/HT201301 to allow the user to use his/her private key with the iOS App? According to the documents regarding file sharing only my App should be able to access the private key because it is store in the document directory. There is some text that needs to be decrypted in my App.

Answer 1

I presume that you're having the user generate an RSA keypair. If that's so, you simply need to stash it somewhere that, ideally, no other applications are permitted to look.

As you said, apps can't access other apps' document directories. However, the Apple File System Programming Guide advises you to put data the user shouldn't access in the Library directory (most likely as an Application Support file). It doesn't specifically address what to do with sensitive data, though, so you may want to dig a little deeper into these documents.

Of course, this won't stop users from getting at the private key if they really want to. You can probably use file permissions to keep the private key from being exposed by a casual search, though.

I'm not sure what file sharing would do for you here - unless you're having the server generate the keypair, perhaps?

Also, are you sure that you can't use Keychain? This Apple support document says that you can set it up with Mavericks 10.9 or iOS 7.0.3

If that's the case, then it's the best option available.