0

I would like to generate an encryption key from the build script and make the key an accessible variable from within my application.

I don't have very much shell scripting experience, and I'm looking for more examples similar to this:

http://aptogo.co.uk/2010/07/protecting-resources/

OR, if there are any current data protection frameworks that I am not aware of.

The intent is to add a layer of e n c r y p t i o n to my bundle resources. So that the media files are not accessible outside of the device.

Current script:

DIRNAME=CCResource
ENC_KEY="Generate and store key here and make available from within application"

INDIR=$PROJECT_DIR/$DIRNAME
OUTDIR=$TARGET_BUILD_DIR/$CONTENTS_FOLDER_PATH/$DIRNAME

if [ ! -d "$OUTDIR" ]; then
mkdir -p "$OUTDIR"
fi

for file in "$INDIR"/*
do
 echo "Encrypting $file"
 "$PROJECT_DIR/crypt" -e -k $ENC_KEY -i "$file" -o "$OUTDIR/`basename "$file"`"
done
zoosjuice
  • 1
  • 2
  • 1
    Note that this won't stop attackers from decrypting your media files. It may slow them down briefly (minutes? hours?) But since you're going to have to ship your key along with the media, they'll just pull the key out of our program and decrypt the files. What you're creating here is a weak form of DRM. That doesn't make it worthless, but don't spend too much time on it, since the system you build in a few minutes and the system you build in several days will both be broken in the same amount of time. – Rob Napier Jan 27 '14 at 20:46
  • @RobNapier Noted. Fan of your book btw. As per client spec, they understand that anyone can obtain the files if they googled how to do it. I am interested in the bigger picture how to protect the app's media files, would I have to setup a hosted DRM resource, or does Apple already provide that service to In-App-Purchased consumables? Still learning about this overall topic. Any references would help. – zoosjuice Jan 27 '14 at 21:31
  • 1
    Apple already provides protection against reading the files on non-jailbroken devices. Jailbroken devices, by definition, have circumvented those protections. For one of the many previous discussions on this, see http://stackoverflow.com/questions/9181186/secure-https-encryption-for-iphone-app-to-webpage. If you are serious about DRM, then it's a full-time commitment that needs experienced staff (and still won't work close to 100%). If you just want something to stop trivial attacks, encrypt against a hard-coded key and move on, knowing that it will be broken, but it was cheap. – Rob Napier Jan 27 '14 at 21:58

0 Answers0