iOS framework for KeyService feature of Trifork Identity Manager. The purpose of this framework is to encrypt and decrypt data based on a user provided secret or with biometrics. The framework exchanges secrets for encryption keys in safe way and stores encrypted data in the Keychain.

What's New

Added missing public init


Added missing public init to TIMKeyModel.

Trifork Identity Manager Encrypted Storage iOS


TIMEncryptedStorage is a standalone framework designed for Trifork Identity Manager as a encrypted storage handler. .

This framework handles communication with the Trifork Identity Manager KeyService and stores/fetches encrypted/decrypted data from the iOS Keychain. Furthermore, it handles biometric access to data by a long secret from the key service

It is a crucial part of the TIM-iOS package, which is full blown Trifork Identity Manager framework, which also handles OpenID Connect operations, access and refresh tokens.



Add this repo to your SPM 📦



TIMEncryptedStorage depends on a secure storage and key service instance. The default way of configuring this is as in the example below.

import TIMEncryptedStorage // Required for TIMKeyServiceConfiguration

let config = TIMKeyServiceConfiguration(
    realmBaseUrl: "<TIM Keyservice URL>",
    version: .v1
let encryptedStorage = TIMEncryptedStorage(
    secureStorage: TIMKeychain(),
    keyService: TIMKeyService(configuration: config),
    encryptionMethod: .aesGcm

You might want to implement your own versions of the SecureStorage and TIMKeyServiceProtocol protocol for testing purposes.

Common use cases

The following exampes uses TIMEncryptedStorage's Combine interface, which returns Future classes. If you are developing an app with a deployment target lower than iOS 13, the same interfaces exists with completion closures instead (those are deprecated from iOS 13 though).

Store data encrypted with new key

// Store data encrypted for the first time with a new secret "1234"
let myRawData = Data("someData".utf8)
encryptedStorage.storeWithNewKey(id: "my-id", data: myRawData, secret: "1234")
    .sink { (_) in } receiveValue: { (result) in
        print("Key created with id: \(result.keyId)")
        print("Key created with longSecret: \(result.longSecret)")
    .store(in: &myStore)

Note: You don't have to create a new key for every item you save. Once created, the same key can be used to encrypt multiple types of data (if you will allow the same secret to unlock it). Use the TIMEncryptedStorage.store(id:data:keyId:secret:) to achieve that.

Load and decrypt data

let keyId = "<keyId from store with newKey>"
encryptedStorage.get(id: "my-id", keyId: keyId, secret: "1234")
    .sink { (_) in } receiveValue: { (data) in
        let string = String(data: data, encoding: .utf8)
        print("Loaded data from \(keyId): \(string)")
    .store(in: &myStore)

Trifork Logo


  • Swift Tools 5.3.0
View More Packages from this Author


  • None
Last updated: Wed Nov 09 2022 00:46:57 GMT-0500 (GMT-05:00)