Search Results for encrypt
When we are working on apps which have lot of sensitive information (like Banking etc). We should be a lot of careful about strings. There is nice write up why (https://www.raywenderlich.com/2666-ios-app-security-and-analysis-part-1-2). To prevent leaking of potentially sensitive data, it is not a good idea that certain strings be stored in the app's memory in plain text longer than they need to be. I want to create an obfuscation wrapper for strings. The purpose of such wrapper is to prevent sensitive data from being present in memory in unobfuscated form all the time. It will be passed to classes and functions where a string would normally be passed and when a wrapper is destroyed, the underlying obfuscated data must be completely purged from memory. it is also possible to use different obfuscation algorithms Target MGObfuscate needs to be selected and build before running playground or Test target. Project will only compile with Xcode 10 as it is using CommonCrpto which is not shipped in former versions. I have not compiled CommonCrpto (I might do it later). Follow this link for compiling for previous versions (https://stackoverflow.com/questions/25248598/importing-commoncrypto-in-a-swift-framework) Working: When user enters a pin/passcode, as an initialiser we will provide a salt and algorithm type. It quickly takes password and generate DrivedKey (Salted stretched Hash from PBKDF2). We can always save this in keychain if we don't want user to enter pin again (generally not in case of banking app). Encrypt Function: public func encriptAndPurge(inputString: inout String) -> Data It takes inout parameter and quickly provide a encrypted data from derivedkey. Original string is erased after encryption. Decrypt Function: public func decript(data: Data, result: (String) -> Void) It provides a callback with decrypted string. the scope of string is limited to Clouser. For further use user has to save it to some variable.
Add an extra layer of security against prying eyes. **IT IS NOT A FAIL-SAFE MEASURE** Security Sensitive strings can be: * REST API Credentials * OAuth Credentials * Passwords * URLs not intended to be known to the public (i.e. private backend API endpoints) * Keys & Secrets This library hard-codes typical NSStrings as C language strings encoded in hexadecimal. When your app needs the original unobfuscated NSStrings, it dynamically decodes it back. This makes it harder for people with jail-broken iPhones from opening up your app's executable file and looking for strings embedded in the binary that may appear 'interesting'. See generally: *http://www.raywenderlich.com/46223/ios-app-security-analysis-part-2 *http://www.splinter.com.au/2014/09/16/storing-secret-keys/
OpenSSL is the most powerful SSL and TLS library available which wraps a full cryptographic library. The library is written in pure C and due to its endless size and not-so-well-designed C interface it is very hard for beginners to step into it. The aim of the MIHCrypto library is to provide an object-oriented interface which allows developers to write simple and clean code by still using the power of the OpenSSL libCrypto library.