Version 3.5.0 introduces the option to save a mount password. The mount password is extremely sensitive since it provides full access to the content of the encrypted disk.
Disk Decipher stores the encrypted password in the keychain (of course), and allows you to control the protection level of the keychain entry (for each encrypted disk individually).
You can choose between several different access control levels:
- None - this will allow anyone who is able to open the Disk Decipher app to use the saved password. Be sure to enable passcode protection in iOS and/or Disk Decipher (preferably both)
- User Presence - requires biometry (either currently enrolled or future) or providing the device passcode
- User Presence and Password - this adds an extra layer to User Presence by requiring an extra password (of your choice)
- Device Passcode
- Current Biometry - requires currently enrolled biometry (enrolling new TouchID or FaceID registrations will invalidate the keychain entry)
- Current Biometry and Device Passcode - requires both currently enrolled biometry and providing the device passcode
Do let me know if you need another combination, there are many possible combinations, the ones listed above are the most common ones.
If one (or more) of the options above are greyed out on your device, please check if the corresponding item is available and enrolled. E.g. for Device Passcode to be available, a passcode must obviously be set on your device.
This feature is available both in the Disk Decipher app (since version 3.5.0) and in the iOS File Provider (since version 3.5.4).
Note that iOS closes the iOS File Provider user interface on performing biometric or passcode authentication. Just tap the "Authenticate" button a second time and your saved password will be there.
Other items stored in the keychain¶
Disk Decipher uses the keychain for storing other items too, considering the sensitivity of the data. This includes
- Disk configuration data
- App Passcode
- Storage Provider OAuth2 tokens