Version 3.5.0 introduces the option to save a mount password. The mount password is extremely sensitive since it provides full access to the content of the encrypted disk.
Disk Decipher stores the encrypted password in the keychain (of course), and allows you to control the protection level of the keychain entry (for each encrypted disk individually).
You can choose between several different access control levels:
- None - this will allow anyone who is able to open the Disk Decipher app to use the saved password. Be sure to enable passcode protection in iOS and/or Disk Decipher (preferably both)
- User Presence - requires biometry (either currently enrolled or future) or providing the device passcode
- User Presence and Password - this adds an extra layer to User Presence by requiring an extra password (of your choice)
- Device Passcode
- Current Biometry - requires currently enrolled biometry (enrolling new TouchID or FaceID registrations will invalidate the keychain entry)
- Current Biometry and Device Passcode - requires both currently enrolled biometry and providing the device passcode
Do let me know if you need another combination, there are many possible combinations, the ones listed above are the most common ones.
If one (or more) of the options above are greyed out on your device, please check if the corresponding item is available and enrolled. E.g. for Device Passcode to be available, a passcode must obviously be set on your device.
This feature will initially be available in the Disk Decipher app only.
The iOS File Provider will be extended with this feature in a later version, although it is not certain if all access control levels can be supported by the iOS File Provider due to limitations imposed by iOS on the iOS File Provider.
Other items stored in the keychain¶
Disk Decipher uses the keychain for storing other items too, considering the sensitivity of the data. This includes
- Disk configuration data
- App Passcode
- Storage Provider OAuth2 tokens