Hello - I want to encrypt a file before exporting it from my iOS app. Is there a system framework that can do this? For example, encrypting NSData object? Thanks!
Encryption before exporting file
Is there a system framework that can do this?
No. There are system APIs that can help you achieve this goal, but there’s no high-level ‘encrypt this file’ API. And that’s because there’s no standard format for encrypted files. Encrypting a file securely is quite hard; just running the file’s bytes through AES is not going to yield a reasonable level of security. So, before you ask the question “How do I encrypt this file?’, you have to ask “What encryption format is appropriate for my needs?”
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thank you very much, eskimo. That's a fair question, and I don't know enough to answer that question yet. But here is my scenario: My app needs to export its user data to a file for backup/restore purposes. In case the user needs to import from a previous backup, only the same app is expected to import that file assuming the user has the encryption key. So what I'm looking for is basically a "password protection" on exported files.
Thanks again.
What you’re trying to do here is encrypt data at rest. I generally recommend that you use a standard data format for that, something like CMS. That way the security of your data format has been checked by experts. Alas, iOS has no high-level APIs for CMS or any other standard data at rest format; there are APIs for many of the building blocks, but nothing that puts it all together.
Note If you'd like to see such support added in the future, I encourage you to file an enhancement request describing your requirements. Please post your bug number, just for the record.
In the absence of such APIs you have two options:
implement your own data at rest format
implement a standard data at rest format
The latter is tricky because the standard formats are generally very complex, so you end up needing a huge library of code to do the job (something like OpenSSL).
OTOH, implementing your own format is tricky because it’s very (very very) easy to get things wrong. I found the discussion in the Best practice security section of the RNCryptor documentation to be a good summary of the issues.
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"