Re: file encription/decriptoin iOS
Re: file encription/decriptoin iOS
- Subject: Re: file encription/decriptoin iOS
- From: Sandor Szatmari <email@hidden>
- Date: Mon, 26 Jun 2017 22:25:51 -0400
This is an interesting thread. The OP's original question made me think of the
functionality Apple recently (how recently I'm not sure) added to the iOS Notes
app. It allows you to selectively 'encrypt' (password protect) a note. This
functionality allows you to pass your phone to someone to let them read a note
and not worry about them skipping to your note with all your 'secret info'.
Also, if someone got your phone in an unlocked state, (it could happen I guess)
they couldn't trust a Mac and browse to plain text files.
I must say at this point I whole heartedly agree with all the warnings for
implementing encryption schemes. But is there not also a valid use case here?
Unless I'm misunderstanding things, Apple seemed to think so.
Sandor
> On Jun 26, 2017, at 13:59, Jens Alfke <email@hidden> wrote:
>
>
>> On Jun 26, 2017, at 9:50 AM, Alex Zavatone <email@hidden> wrote:
>>
>> You can use the iExplore app to look in the Documents folder of any device
>> you attach to your Mac.
>
> But you can only attach a device to your Mac if the device is unlocked, since
> you have to OK the “Do you trust this computer?” alert.
> As recent court cases have shown, unlocking an iOS device against the owner’s
> will is nearly impossible.
>
>> Also, data protection SUCKS because it locks the files if the app goes in to
>> the background, basically suspending any file based background operations
>> like sql db updates.
>
> It does this by default, but you can alter those settings if you need
> background access to certain files, basically trading some security for
> greater access.
>
>> Thanks to the help of Chris Thorman, I was able to update an AES256 hmac
>> method to work with UTF-8 char sets. We use this for data security over
>> http.
>
> It’s much easier to just enable SSL/TLS on the HTTP server. (Though I realize
> there are cases where you don’t have control over the server, or
> circumstances prevent deploying HTTPS.)
>
>> Now, it might be overkill or just bad design, but we use a CoreData db with
>> transformable property and encrypt the data stored.
>
> How do you store the encryption key? That’s often the downfall; even if you
> put it in the Keychain, it can be accessed by an attacker if your app’s files
> are accessible (unless you add TouchID authentication to it.)
>
> (Also, I hope you’re using a different IV for each record you encrypt. Sorry
> to be a broken record about this, but it’s important.)
>
> —Jens
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden