I always assumed that when I tried to create a new cryptographic key with an existing identifier, it would throw an error. However, I discovered through the Keychain program on macOS that it always overwrites the old key. Is this behavior normal? Additionally, is it possible to look up keys in the Keychain on iOS using an app similar to the one on macOS?
That was the logic to save a new secret:
Button("Save") {
Task {
do {
try cryptoManager.createEncryptionKey(encryptionKeyIdentifier: "ch.romanindermuehle.iSecret.encryptionKey")
let encryptionKey = try cryptoManager.getEncryptionKey(encryptionKeyIdentifier: "ch.romanindermuehle.iSecret.encryptionKey")
guard let textData = text.data(using: .utf8) else { return }
guard let encryptedText = try? CryptoKit.AES.GCM.seal(textData, using: encryptionKey).combined! else { throw "Unable to encrypt" }
let secret = Secret(text: encryptedText.base64EncodedString())
try await supabaseManager.upsertSecret(secret)
dismiss()
} catch {
print(error)
}
}
}
But you’re right; it makes more sense to create a new key if necessary on startup.
I also considered an option to regenerate a key in the settings page. However, I anticipate that fetching all the data from Supabase and manually decrypting some individual properties in the data could become cumbersome. Do you have any suggestions on how I can dynamically decrypt all the encrypted data and then encrypt it again using the new key?