2

I need to develop an mobile application (android|iphone) that download some mp3 music and store on userphone, but I need to ensure that the user doesnt distribute that mp3. I need a way to encrypt these files.
There´s something I can do?

Thanks

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
rizidoro
  • 13,073
  • 18
  • 59
  • 86
  • well you can encrypt them, just generate a pgp/des/...etc key and encrypt the files and decrypt them when it's time to play. – Mike McMahon May 07 '12 at 22:45
  • 1
    If you encrypt them, you have to decrypt them at playtime. If you decrypt something, you need the key, and if you have the key on the device, it's possible for someone to get that key. If you want your file to be distribution protected, don't distribute it. – gcochard May 07 '12 at 22:46
  • 2
    @Greg not distributing is not a realistic solution, that is akin to credit card companied choosing between not distributing cards or not providing any security. There is a middle-ground of providing good security that can greatly reduce losses. – zaph May 08 '12 at 11:27

1 Answers1

1

You can use the CommonCrypto functions to encrypt/decrypt with AES and save the key in the keychain.

Here is some sample code:

#import <CommonCrypto/CommonCryptor.h>

+ (NSData *)doCipher:(NSData *)dataIn
                  iv:(NSData *)iv
                 key:(NSData *)symmetricKey
             context:(CCOperation)encryptOrDecrypt
{
    CCCryptorStatus ccStatus   = kCCSuccess;
    size_t          cryptBytes = 0;    // Number of bytes moved to buffer.
    NSMutableData  *dataOut    = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];

    ccStatus = CCCrypt( encryptOrDecrypt,
                       kCCAlgorithmAES128,
                       kCCOptionPKCS7Padding,
                       symmetricKey.bytes, 
                       kCCKeySizeAES128,
                       iv.bytes,
                       dataIn.bytes,
                       dataIn.length,
                       dataOut.mutableBytes,
                       dataOut.length,
                       &cryptBytes);

    if (ccStatus != kCCSuccess) {
        NSLog(@"CCCrypt status: %d", ccStatus);
    }

    dataOut.length = cryptBytes;

    return dataOut;
}
// Also add Security.framework to your project.

Note that this requires an iv (initialization vector) and a simmple password should not be used for a key. Good security requires more than a few crypto routines, it requires a good knowledge of cryptography and a through code review.

zaph
  • 111,848
  • 21
  • 189
  • 228