0

I have a custom requirement in one of my products and I need to protect or encrypt files that are stored inside the NSDocumentsDirectory folder. Even if these documents are mailed (The app has the ability to mail documents) to some other person , he or she will not be able to open this document without using my app (I will be using open in functionality of email attachments). So basically only the application can access all these documents and without the app the documents should be mere junk. IS there any way to do it, or has any one done something before.

I also saw this but could not get a complete idea.

Community
  • 1
  • 1
Satheesh
  • 10,998
  • 6
  • 50
  • 93
  • 1
    It's known as encryption. – Hot Licks Apr 23 '13 at 18:34
  • @HotLicks Thats what my title says. – Satheesh Apr 23 '13 at 19:51
  • So what's your question?? – Hot Licks Apr 23 '13 at 21:01
  • Note that it's not too difficult to extract the key from the enterprise app. – tc. Apr 23 '13 at 23:51
  • @HotLicks My question is what is the best way to encrypt those files so that only my app can open it. – Satheesh Apr 24 '13 at 02:44
  • @tc. How do you say it is easy to extract key from enterprise app?? – Satheesh Apr 24 '13 at 02:45
  • 1
    @satheeshwaran You have to store the key somewhere the user can access. The best you can hope for is making it hard enough that most people won't bother... but, only one person has to bother to figure it out, to completely break the system. Depending on your requirements, though, that might be an acceptable risk. – Kitsune Apr 24 '13 at 02:56
  • Use an [encryption algorithm](https://developer.apple.com/library/ios/#documentation/Security/Conceptual/cryptoservices/Introduction/Introduction.html). – Hot Licks Apr 24 '13 at 02:56
  • @Kitsune - You can store the key in the keychain, which is as secure as you can get on the iPhone. Or you can require the user to enter a password each time the app is accessed. – Hot Licks Apr 24 '13 at 02:57
  • @HotLicks It sounds like satheeshwaran is trying to protect the data from *the user*, so the data can be *only opened in his application* even if it's a common format. For those purposes, neither a password nor the keychain would do particularly much to keep the legitimate user out of their data. – Kitsune Apr 24 '13 at 03:08
  • @Kitsune Yea you got my point exactly, I am planning to store the credentials in the keychain - every time the user opens a doc the credentials from the keychain would be retrieved and used to open(decrypt) the doc. Is it the right approach guys? – Satheesh Apr 24 '13 at 04:39
  • That's roughly the right approach. The only way to maybe be more secure is to require that you download a key from your server every time the app opens. – Hot Licks Apr 24 '13 at 11:24
  • @satheeshwaran Your requirement is that the document can only be opened "using [your] app" (not that it can only be opened by people who know the password), which made it sound like the key was to be stored in the app executable, which will typically be easy to extract (Enterprise apps aren't even FairPlay-encrypted). Otherwise, secure key generation/distribution is outside the scope of this answer, but practically any solution will not be cryptographically secure unless you force the user to enter an unmemorable passphrase. – tc. Apr 24 '13 at 18:26
  • @HotLicks You are exactly right, I will be pushing the key from the server every day or so. – Satheesh Apr 25 '13 at 04:27
  • Please read [Under what circumstances may I add “urgent” or other similar phrases to my question, in order to obtain faster answers?](https://meta.stackoverflow.com/q/326569) - the summary is that this is not an ideal way to address volunteers, and is probably counterproductive to obtaining answers. Please refrain from adding this to your questions. – halfer Apr 14 '17 at 12:38

2 Answers2

2

If you want a quick and easy method for data that doesn't need serious security, just zip the files with a fixed password.

ZipArchive is a good library for this.

For a more serious approach, check iOS - Protecting files with a custom encryption key?

Community
  • 1
  • 1
Gordon Dove
  • 2,537
  • 1
  • 22
  • 23
  • Thanks , I am already using ZIP Archive in my project to handle html5 files(.zip) and also .zip files can be opened by other applications too. – Satheesh Apr 24 '13 at 02:49
1

The other post you mentioned works on the concept of password protecting the files, I had encountered the same issue that was for my custom defined files in which our team, encoded the contents of the file on random locations, and saved it. Only our Application could decode it correctly as we had the key :)

It was a windows application, It would work here also.

Ravi Dalmia
  • 75
  • 5