You're right! Sorry for the mistake, I just checked and it's using NSUserDefaults. Updated.
That said, if you're going to store secure data such as private keys, you should encrypt it before saving. It's not about where you save it, but it's about HOW you save it--you must encrypt everything, especially when it comes to something like a private key, since private keys are used to prove someone's identity.
To elaborate, storing things on keychain doesn't make it automatically secure. Unless you encrypt the key before storing, if a hacker decides to hack it they can. Second, you can see the contents of keychain on a jailbroken phone. Lastly, keychain is shared on all your iOS devices automatically (if you have App1 on your iPhone 7 and iPad, the app will automatically use the same keychain on both devices) which is insecure IMO (especially for private keys). Bottom line, you just need to encrypt them before storing anywhere if you want to be secure.
So, as long as you encrypt it--which you 100% must do for private keys--it doesn't really matter where you store it (NSUserDefaults or KeyChain). Please let me know if you're aware of anything otherwise.
In fact, I actually have been working on an app myself that uses private key cryptography as well so I'm familiar with this situation. Here's what I do:
- The user communicates with the agent through JSON-RPC, doing all the encryption, and after it's encrypted, the agent triggers either
$global.set depending on the purpose, to store it natively.
Finally, in case you're working with cryptocurrency such as Bitcoin or Ethereum, you can also use their JS libraries and Jasonette agent to make them run on Jasonette. In case you take this route, most of these libraries have this type of encryption/decryption methods built in because they're mandatory for security, so you can use their private key encryption methods instead of having to go through all the key generation mechanism I mentioned above.
Hope this makes sense, feel free to ask further questions. Public key cryptography is going to be very important going forward for Jasonette (and I have personally verified that various use cases--including everything I mentioned above--all work seamlessly through the use of agents) so would love to exchange notes or share what I know so far.
I updated the comment above to explain why I stopped working on another storage API which internally used keychain. Don't forget to take a look at that too.