I am new of iOS swift 3 development. Now, I am working on a project which needs encryption, message authentication code(MAC) and Hashed-base-MAC. These algorithms require secret keys. I know that it is a bad practice to hard-code the keys inside the code, like:

let key = "secretkeyabc123"

Searched and read some articles like: In iOS, how can I store a secret "key" that will allow me to communicate with my server?

Since other people may perform reverse engineering, I am finding a way to protect my keys. Requirements:

1. No hash the key. Time allows to crack it, or with hashed table and dictionary
2. May not connect to Internet (My app. is an offline app. If your answer needs to connect to Internet. Yes, please point it out. I will think about it)
3. It is a static key. It may change monthly
4. It is a symmetry key.

Codes, concept or other things are welcome. Thanks!

Don't store the key at all. Perform a Diffie-Hellman key exchange to start an asymmetrically encrypted channel, and use this channel to send across a symmetric key to the client, which can be used for subsequent client use.

Check iCloud Keychain (based on your tags [ios], [swift], [key]).

It functions as a secure database that allows information including a user's website login passwords, Wi-Fi network passwords, credit/debit card management (though without CVV), and other account data, to be securely stored for quick access and auto-fill on webpages and elsewhere when the user needs instant access to them. They are always stored encrypted using 256-bit AES encryption, are stored on device and pushed from iCloud between devices, and only available on a user's trusted devices.