I would like to encrypt a string with AES 256 on the iPhone but have not found much via google. What I am trying to do is post some data to a web site as part of a game I am creating, but I do not want the user to be able to cheat by seeing how it is posted because it is plain text. So I want to post one encrypted string to my php page (ala www.test.com/test.php?encrypted= etc...) and then the php script will decrypt it and do what it needs to if it is valid.
Asked
Active
Viewed 5,228 times
3 Answers
5
You can just use the CryptoHelper which is adopted by CyrptoExercise Sample Project
notnoop
- 58,763
- 21
- 123
- 144
4
A much easier approach here would be to use an HTTPS POST, which would give you similar protections with far less code, though there are still difficulties for solving the problem you're attacking. The kind of solution you're describing generally requires some kind of shared secret, and it's very hard to protect code using a shared secret for long. You may find these posts helpful:
- Machine ID for Mac
- Store an encryption key in Keychain while application installation process
- Obfuscating Cocoa
Still, HTTPS is probably a much better solution than AES here.
Community
- 1
- 1
Rob Napier
- 286,113
- 34
- 456
- 610
-
I haven't had much experience with HTTPS. To set it up do you need to get a secure server and a certificate? – Codezy Aug 06 '09 at 00:46
-
Your server would need to run HTTPS. You can use a self-signed certificate, though it's a little more complicated on iPhone. There's discussion of it at http://stackoverflow.com/questions/933331/how-to-use-nsurlconnection-to-connect-with-ssl-for-an-untrusted-cert ASIHTTPRequest seems a good approach, though I've built my own for my existing projects so don't have direct experience with it. – Rob Napier Aug 06 '09 at 01:05
-
@RobNapier: By shared secret you mean symmetric encryption. You can also easily encrypt asymmetrically. The private key is secretly stored in the web server and used by the PHP script. It's (almost) impossible to break AES — and you don't have to resort to HTTPS. (Although I'm open to alternatives, such as HTTPS!) ;-) – Constantino Tsarouhas Sep 30 '11 at 15:05
-
Yes, asymmetric encryption, like that used by HTTPS, is a good solution here. That's why I recommend HTTPS. If the overhead of an HTTPS POST were too high for your web server, you could consider just asymmetrically encrypting the single value, but generally its simpler to just use the existing asymmetric solution: HTTPS. I don't understand your comment about "impossible to break AES." It's trivial to "break" AES if you have the shared secret (the key). Shipping the secret as part of your product makes it very hard to protect it. – Rob Napier Sep 30 '11 at 15:25
0
Check out this site: http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html
drvdijk
- 5,556
- 2
- 29
- 48