save the private key to the keychain and not user defaults

damus.xcodeproj/project.pbxproj

@@ -129,6 +129,7 @@
 		4CEE2AF7280B2DEA00AB5EEF /* ProfileName.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CEE2AF6280B2DEA00AB5EEF /* ProfileName.swift */; };
 		4CEE2AF9280B2EAC00AB5EEF /* PowView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CEE2AF8280B2EAC00AB5EEF /* PowView.swift */; };
 		4CEE2B02280B39E800AB5EEF /* EventActionBar.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4CEE2B01280B39E800AB5EEF /* EventActionBar.swift */; };
+		6C7DE41F2955169800E66263 /* Vault in Frameworks */ = {isa = PBXBuildFile; productRef = 6C7DE41E2955169800E66263 /* Vault */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -314,6 +315,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				4C06670428FC7EC500038D2A /* Kingfisher in Frameworks */,
+				6C7DE41F2955169800E66263 /* Vault in Frameworks */,
 				4CE6DF1227F7A2B300C66700 /* Starscream in Frameworks */,
 				4C649881286E0EE300EAE2B3 /* secp256k1 in Frameworks */,
 			);
@@ -623,6 +625,7 @@
 				4CE6DF1127F7A2B300C66700 /* Starscream */,
 				4C649880286E0EE300EAE2B3 /* secp256k1 */,
 				4C06670328FC7EC500038D2A /* Kingfisher */,
+				6C7DE41E2955169800E66263 /* Vault */,
 			);
 			productName = damus;
 			productReference = 4CE6DEE327F7A08100C66700 /* damus.app */;
@@ -702,6 +705,7 @@
 				4C64987F286E0EE300EAE2B3 /* XCRemoteSwiftPackageReference "secp256k1" */,
 				4C06670228FC7EC500038D2A /* XCRemoteSwiftPackageReference "Kingfisher" */,
 				3169CAE9294FCABA00EE4006 /* XCRemoteSwiftPackageReference "Shimmer" */,
+				6C7DE41D2955169800E66263 /* XCRemoteSwiftPackageReference "Vault" */,
 			);
 			productRefGroup = 4CE6DEE427F7A08100C66700 /* Products */;
 			projectDirPath = "";
@@ -1238,6 +1242,14 @@
 				minimumVersion = 4.0.0;
 			};
 		};
+		6C7DE41D2955169800E66263 /* XCRemoteSwiftPackageReference "Vault" */ = {
+			isa = XCRemoteSwiftPackageReference;
+			repositoryURL = "https://github.com/SparrowTek/Vault";
+			requirement = {
+				kind = upToNextMajorVersion;
+				minimumVersion = 1.0.0;
+			};
+		};
 /* End XCRemoteSwiftPackageReference section */
 
 /* Begin XCSwiftPackageProductDependency section */
@@ -1256,6 +1268,11 @@
 			package = 4CE6DF1027F7A2B300C66700 /* XCRemoteSwiftPackageReference "Starscream" */;
 			productName = Starscream;
 		};
+		6C7DE41E2955169800E66263 /* Vault */ = {
+			isa = XCSwiftPackageProductDependency;
+			package = 6C7DE41D2955169800E66263 /* XCRemoteSwiftPackageReference "Vault" */;
+			productName = Vault;
+		};
 /* End XCSwiftPackageProductDependency section */
 	};
 	rootObject = 4CE6DEDB27F7A08100C66700 /* Project object */;

damus.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -34,6 +34,15 @@
         "revision" : "df8d82047f6654d8e4b655d1b1525c64e1059d21",
         "version" : "4.0.4"
       }
+    },
+    {
+      "identity" : "vault",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/SparrowTek/Vault",
+      "state" : {
+        "revision" : "f5707fac23f4a17b3e5ed32dd444f502773615ae",
+        "version" : "1.0.2"
+      }
     }
   ],
   "version" : 2

damus/Util/Keys.swift

@@ -7,6 +7,7 @@
 
 import Foundation
 import secp256k1
+import Vault
 
 let PUBKEY_HRP = "npub"
 let PRIVKEY_HRP = "nsec"
@@ -29,6 +30,12 @@ enum Bech32Key {
     case sec(String)
 }
 
+struct DamusKeychainConfiguration: KeychainConfiguration {
+    var serviceName = "damus"
+    var accessGroup: String? = nil
+    var accountName = "privkey"
+}
+
 func decode_bech32_key(_ key: String) -> Bech32Key? {
     guard let decoded = try? bech32_decode(key) else {
         return nil
@@ -86,32 +93,38 @@ func save_pubkey(pubkey: String) {
     UserDefaults.standard.set(pubkey, forKey: "pubkey")
 }
 
-func save_privkey(privkey: String) {
+func save_privkey(privkey: String) throws {
-    UserDefaults.standard.set(privkey, forKey: "privkey")
+    try Vault.savePrivateKey(privkey, keychainConfiguration: DamusKeychainConfiguration())
 }
 
-func clear_saved_privkey() {
+func clear_saved_privkey() throws {
-    UserDefaults.standard.removeObject(forKey: "privkey")
+    try Vault.deletePrivateKey(keychainConfiguration: DamusKeychainConfiguration())
 }
 
 func clear_saved_pubkey() {
     UserDefaults.standard.removeObject(forKey: "pubkey")
 }
 
-func save_keypair(pubkey: String, privkey: String) {
+func save_keypair(pubkey: String, privkey: String) throws {
     save_pubkey(pubkey: pubkey)
-    save_privkey(privkey: privkey)
+    try save_privkey(privkey: privkey)
 }
 
-func clear_keypair() {
+func clear_keypair() throws {
-    clear_saved_privkey()
+    try clear_saved_privkey()
     clear_saved_pubkey()
 }
 
 func get_saved_keypair() -> Keypair? {
-    get_saved_pubkey().flatMap { pubkey in
+    do {
-        let privkey = get_saved_privkey()
+        try removePrivateKeyFromUserDefaults()
-        return Keypair(pubkey: pubkey, privkey: privkey)
+        
+        return get_saved_pubkey().flatMap { pubkey in
+            let privkey = get_saved_privkey()
+            return Keypair(pubkey: pubkey, privkey: privkey)
+        }
+    } catch {
+        return nil
     }
 }
 
@@ -120,5 +133,11 @@ func get_saved_pubkey() -> String? {
 }
 
 func get_saved_privkey() -> String? {
-    return UserDefaults.standard.string(forKey: "privkey")
+    try? Vault.getPrivateKey(keychainConfiguration: DamusKeychainConfiguration())
+}
+
+fileprivate func removePrivateKeyFromUserDefaults() throws {
+    guard let privKey = UserDefaults.standard.string(forKey: "privkey") else { return }
+    try save_privkey(privkey: privKey)
+    UserDefaults.standard.removeObject(forKey: "privkey")
 }

damus/Views/LoginView.swift

@@ -52,14 +52,24 @@ struct LoginView: View {
     func process_login(_ key: ParsedKey, is_pubkey: Bool) -> Bool {
         switch key {
         case .priv(let priv):
-            save_privkey(privkey: priv)
+            do {
+                try save_privkey(privkey: priv)
+            } catch {
+                return false
+            }
+            
             guard let pk = privkey_to_pubkey(privkey: priv) else {
                 return false
             }
             save_pubkey(pubkey: pk)
 
         case .pub(let pub):
-            clear_saved_privkey()
+            do {
+                try clear_saved_privkey()
+            } catch {
+                return false
+            }
+            
             save_pubkey(pubkey: pub)
 
         case .nip05(let id):
@@ -82,10 +92,20 @@ struct LoginView: View {
 
         case .hex(let hexstr):
             if is_pubkey {
-                clear_saved_privkey()
+                do {
+                    try clear_saved_privkey()
+                } catch {
+                    return false
+                }
+                
                 save_pubkey(pubkey: hexstr)
             } else {
-                save_privkey(privkey: hexstr)
+                do {
+                    try save_privkey(privkey: hexstr)
+                } catch {
+                    return false
+                }
+                
                 guard let pk = privkey_to_pubkey(privkey: hexstr) else {
                     return false
                 }

damus/Views/SaveKeysView.swift

@@ -107,8 +107,13 @@ struct SaveKeysView: View {
                     self.pool.send(.event(contacts_ev))
                 }
                 
-                save_keypair(pubkey: account.pubkey, privkey: account.privkey)
+                do {
-                notify(.login, account.keypair)
+                    try save_keypair(pubkey: account.pubkey, privkey: account.privkey)
+                    notify(.login, account.keypair)
+                } catch {
+                    self.error = "Failed to save keys"
+                }
+                
             case .error(let err):
                 self.loading = false
                 self.error = "\(err.debugDescription)"

damus/damusApp.swift

@@ -36,7 +36,7 @@ struct MainView: View {
             }
         }
         .onReceive(handle_notify(.logout)) { _ in
-            clear_keypair()
+            try? clear_keypair()
             keypair = nil
         }
         .onAppear {