Re: file encription/decriptoin iOS
Re: file encription/decriptoin iOS
- Subject: Re: file encription/decriptoin iOS
- From: Jean-Daniel <email@hidden>
- Date: Wed, 28 Jun 2017 15:14:11 +0200
> Le 27 juin 2017 à 04:25, Sandor Szatmari <email@hidden> a
> écrit :
>
> This is an interesting thread. The OP's original question made me think of
> the functionality Apple recently (how recently I'm not sure) added to the iOS
> Notes app. It allows you to selectively 'encrypt' (password protect) a note.
> This functionality allows you to pass your phone to someone to let them read
> a note and not worry about them skipping to your note with all your 'secret
> info'. Also, if someone got your phone in an unlocked state, (it could
> happen I guess) they couldn't trust a Mac and browse to plain text files.
Notes are sync with iCloud and can be read on a Mac where this is far more
common to share a session.
> I must say at this point I whole heartedly agree with all the warnings for
> implementing encryption schemes. But is there not also a valid use case
> here? Unless I'm misunderstanding things, Apple seemed to think so.
>
> Sandor
>
>> On Jun 26, 2017, at 13:59, Jens Alfke <email@hidden
>> <mailto:email@hidden>> wrote:
>>
>>
>>> On Jun 26, 2017, at 9:50 AM, Alex Zavatone <email@hidden> wrote:
>>>
>>> You can use the iExplore app to look in the Documents folder of any device
>>> you attach to your Mac.
>>
>> But you can only attach a device to your Mac if the device is unlocked,
>> since you have to OK the “Do you trust this computer?” alert.
>> As recent court cases have shown, unlocking an iOS device against the
>> owner’s will is nearly impossible.
>>
>>> Also, data protection SUCKS because it locks the files if the app goes in
>>> to the background, basically suspending any file based background
>>> operations like sql db updates.
>>
>> It does this by default, but you can alter those settings if you need
>> background access to certain files, basically trading some security for
>> greater access.
>>
>>> Thanks to the help of Chris Thorman, I was able to update an AES256 hmac
>>> method to work with UTF-8 char sets. We use this for data security over
>>> http.
>>
>> It’s much easier to just enable SSL/TLS on the HTTP server. (Though I
>> realize there are cases where you don’t have control over the server, or
>> circumstances prevent deploying HTTPS.)
>>
>>> Now, it might be overkill or just bad design, but we use a CoreData db with
>>> transformable property and encrypt the data stored.
>>
>> How do you store the encryption key? That’s often the downfall; even if you
>> put it in the Keychain, it can be accessed by an attacker if your app’s
>> files are accessible (unless you add TouchID authentication to it.)
>>
>> (Also, I hope you’re using a different IV for each record you encrypt. Sorry
>> to be a broken record about this, but it’s important.)
>>
>> —Jens
>> _______________________________________________
>>
>> Cocoa-dev mailing list (email@hidden)
>>
>> Please do not post admin requests or moderator comments to the list.
>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>
>> Help/Unsubscribe/Update your Subscription:
>>
>>
>> This email sent to email@hidden
>> <mailto:email@hidden>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden
> <mailto:email@hidden>)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> <http://lists.apple.com/>
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden <mailto:email@hidden>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden