Re: file encription/decriptoin iOS
Re: file encription/decriptoin iOS
- Subject: Re: file encription/decriptoin iOS
- From: Jens Alfke <email@hidden>
- Date: Mon, 26 Jun 2017 10:59:33 -0700
> On Jun 26, 2017, at 9:50 AM, Alex Zavatone <email@hidden> wrote:
>
> You can use the iExplore app to look in the Documents folder of any device
> you attach to your Mac.
But you can only attach a device to your Mac if the device is unlocked, since
you have to OK the “Do you trust this computer?” alert.
As recent court cases have shown, unlocking an iOS device against the owner’s
will is nearly impossible.
> Also, data protection SUCKS because it locks the files if the app goes in to
> the background, basically suspending any file based background operations
> like sql db updates.
It does this by default, but you can alter those settings if you need
background access to certain files, basically trading some security for greater
access.
> Thanks to the help of Chris Thorman, I was able to update an AES256 hmac
> method to work with UTF-8 char sets. We use this for data security over http.
It’s much easier to just enable SSL/TLS on the HTTP server. (Though I realize
there are cases where you don’t have control over the server, or circumstances
prevent deploying HTTPS.)
> Now, it might be overkill or just bad design, but we use a CoreData db with
> transformable property and encrypt the data stored.
How do you store the encryption key? That’s often the downfall; even if you put
it in the Keychain, it can be accessed by an attacker if your app’s files are
accessible (unless you add TouchID authentication to it.)
(Also, I hope you’re using a different IV for each record you encrypt. Sorry to
be a broken record about this, but it’s important.)
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden