Data encryption

  • Can someone direct me to some documentation on how to do data encryption in Cocoa/Objective C/C?

    Charlie Dickman
    <3tothe4th...>
  • Charles,

    Cryptographic services is a good place to start:
    https://developer.apple.com/library/mac/#documentation/Security/Conceptual/
    Security_Overview/CryptographicServices/CryptographicServices.html#//apple_
    ref/doc/uid/TP30000976-CH3-SW1


    Mikkel

    On 6 Jun 2012, at 18:51, Charlie Dickman wrote:

    > Can someone direct me to some documentation on how to do data encryption in Cocoa/Objective C/C?
    >
    > Charlie Dickman
    > <3tothe4th...>
  • Thanks Mike. I need to be able to use commoncrypto to do what I need to do. Is there a single source with reliable sample code?

    On Jun 6, 2012, at 1:02 PM, Mikkel Islay wrote:

    > Charles,
    >
    > Cryptographic services is a good place to start:
    > https://developer.apple.com/library/mac/#documentation/Security/Conceptual/
    Security_Overview/CryptographicServices/CryptographicServices.html#//apple_
    ref/doc/uid/TP30000976-CH3-SW1

    >
    > Mikkel
    >
    > On 6 Jun 2012, at 18:51, Charlie Dickman wrote:
    >
    >> Can someone direct me to some documentation on how to do data encryption in Cocoa/Objective C/C?
    >>
    >> Charlie Dickman
    >> <3tothe4th...>
    >

    Charlie Dickman
    <3tothe4th...>
  • On Jun 6, 2012, at 9:51 AM, Charlie Dickman wrote:

    > Can someone direct me to some documentation on how to do data encryption in Cocoa/Objective C/C?

    That's a pretty broad question! What type of encryption — symmetric or asymmetric (aka public key)? Any particular algorithm? Are you implementing the decryption as well or is that done by an existing implementation? How is the data going to be stored/transmitted and what strength of security do you need?

    Maybe it's best if you describe at a high level what you need to accomplish.

    I could point you to documentation, but you're not going to like it :/ In general this is in the Security framework, although some stuff is in CommonCrypto. The APIs are complicated, badly designed, and have changed over time; and the documentation is quite inadequate. I have found this to be the single most frustrating area to work on in Mac OS or (especially) iOS, worse even than audio. Be warned: Here Be Dragons.

    I do have a framework called MYCrypto* I wrote a few years ago that tries to put a friendly face on this stuff. It's still useable, but in 10.7 Apple decided to suddenly deprecate the standard APIs I was using in favor of newer APIs that I still haven't completely figured out :-p so MYCrypto needs either the 10.6 SDK or deprecation warnings disabled.

    Also, if you are going to do anything serious with security (i.e. anything that people other than you are going to rely on), you really need to learn some fundamentals. I highly recommend the book "Practical Cryptography" by Fergusen & Schneier. It's very easy to get things wrong if you don't know what you're doing, and unlike typical bugs that will be triggered or not by random chance, with security you have very smart and motivated people actively trying to find and exploit your bugs.

    —Jens

    * https://github.com/snej/MYCrypto
  • This is a very broad question and the actual approach to be taken will vary with the details of what you intend to do (e.g. real-time or not? Files or just individual data? For local consumption or for sharing?)

    To get started, take a look at the Cryptographic Services Guide: https://developer.apple.com/library/mac/documentation/security/Conceptual/c
    ryptoservices/Introduction/Introduction.html


    I believe there's also a separate security mailing list.

    One piece of advice: no matter what you are doing, figure out how to use the APIs to get it done. *Do not* implement your own crypto scheme because you will get it wrong.

    (Sent from my iPhone.)

    --
    Conrad Shultz

    On Jun 6, 2012, at 9:51, Charlie Dickman <3tothe4th...> wrote:

    > Can someone direct me to some documentation on how to do data encryption in Cocoa/Objective C/C?
    >
    > Charlie Dickman
    > <3tothe4th...>
  • Jens,

    Thanks for your reply.

    I have an application on OS X, not IOS, that contains some sensitive data that I want to withhold from those not licensed to use it. I wish to use RSA encryption/decryption in block mode (I think). I want to encrypt both the public and the private key and I think I want to use (at least) 128 bit techniques although 64 bit would probably do.

    I intend to store the encrypted information in an NSDictionary as NSData and keep it in the application bundle. I plan to re-encrypt the keys after each use. I have code that does the archiving but I need the encryption/decryption methods. I have tried packages that are available on the internet (AquaPrime, SSCrypto) but they are difficult to manage and require a lot of busy work to keep up to date.

    On Jun 6, 2012, at 1:12 PM, Jens Alfke wrote:

    >
    > On Jun 6, 2012, at 9:51 AM, Charlie Dickman wrote:
    >
    >> Can someone direct me to some documentation on how to do data encryption in Cocoa/Objective C/C?
    >
    > That's a pretty broad question! What type of encryption — symmetric or asymmetric (aka public key)? Any particular algorithm? Are you implementing the decryption as well or is that done by an existing implementation? How is the data going to be stored/transmitted and what strength of security do you need?
    >
    > Maybe it's best if you describe at a high level what you need to accomplish.
    >
    > I could point you to documentation, but you're not going to like it :/ In general this is in the Security framework, although some stuff is in CommonCrypto. The APIs are complicated, badly designed, and have changed over time; and the documentation is quite inadequate. I have found this to be the single most frustrating area to work on in Mac OS or (especially) iOS, worse even than audio. Be warned: Here Be Dragons.
    >
    > I do have a framework called MYCrypto* I wrote a few years ago that tries to put a friendly face on this stuff. It's still useable, but in 10.7 Apple decided to suddenly deprecate the standard APIs I was using in favor of newer APIs that I still haven't completely figured out :-p so MYCrypto needs either the 10.6 SDK or deprecation warnings disabled.
    >
    > Also, if you are going to do anything serious with security (i.e. anything that people other than you are going to rely on), you really need to learn some fundamentals. I highly recommend the book "Practical Cryptography" by Fergusen & Schneier. It's very easy to get things wrong if you don't know what you're doing, and unlike typical bugs that will be triggered or not by random chance, with security you have very smart and motivated people actively trying to find and exploit your bugs.
    >
    > —Jens
    >
    > * https://github.com/snej/MYCrypto

    Charlie Dickman
    <3tothe4th...>
  • On Jun 6, 2012, at 10:24 AM, Charlie Dickman wrote:

    > I have an application on OS X, not IOS, that contains some sensitive data that I want to withhold from those not licensed to use it. I wish to use RSA encryption/decryption in block mode (I think).

    It sounds like the data is hardcoded into, and distributed with, your app, but encrypted, and when the user gets a license they'll be provided with a key to decrypt it?

    That sounds more like a case for a symmetric cipher, not RSA. You make up a key, then encrypt the data with it when you build the app. When a user registers, you send them the key, and the app can then use it to decrypt the data.

    > I want to encrypt both the public and the private key and I think I want to use (at least) 128 bit techniques although 64 bit would probably do.

    128-bit would be better. Although in this use case no one's going to try to brute-force decrypt the data; they'll just look around on a warez site for the key that some earlier unscrupulous user has uploaded.

    > I plan to re-encrypt the keys after each use.

    I'm not sure what that means. I *think* you're referring to keeping the decryption key secure on the user's machine? To do this you'd add it to the keychain.

    The API you want is probably the one in <CommonCrypto/CommonCryptor.h>. AES128 is good default algorithm to use. To access the keychain use <Security/SecKeychainItem.h>.

    —Jens
previous month june 2012 next month
MTWTFSS
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Go to today