What exactly does *NSFileProtectionComplete* mean?

2019-07-18 04:47发布

问题:

I'm looking at the NSFileManager class reference and I'm a bit confused by what NSFileProtectionComplete means. This is what the class reference says:

The file is stored in an encrypted format on disk and cannot be read from or written to while the device is locked or booting.

Does this mean that the file is stored in encrypted format on disk always... regardless of whether the device has a passcode (or similar security mechanism) set?

回答1:

complete protection

(NSFileProtectionComplete): The class key is protected with a key derived from the user's passcode and the UID of the device. Shortly after the lock a device by the user (after 10 seconds when "Request code"> "Ready"), the decrypted class key is discarded, so that all data of this class are inaccessible until the user enters the code again or unlock the device with touch ID.

Q: GERMAN https://www.apple.com/de/business/docs/iOS_Security_Guide.pdf

=> so the decryption key is only valid while the device remains unlocked