1

I have an important file saving in my app's document directory. I don't allow other to view its content so I encrypt the file with auto-generated AES key and encrypt this AES key with RSA public key, then save the encrypted AES key to NSUserDefaults.

When using the important file, I will fetch the encrypted AES key and decrypt the AES key with RSA public key, then decrypt the file.

But I don't know where to store the RSA private key, is it safe to write it in my code like NSString *rsaPrivateKey = @"%^^&*(())";, if not, is there a safer solution ?

I know how to generate RSA public and private key using openssl (This link helps me)

Edit:

The important file is only open to the user himself, you can consider it as a photo with some sensitive content and the photo is saved by the user.

Community
  • 1
  • 1
KudoCC
  • 6,912
  • 1
  • 24
  • 53
  • This is a sensitive subject. There is no way you can store it locally that will be completely hack proof. The best thing to do is get it from a server and store it in the iOS keychain. Getting a string literal out of a program is not very hard. – borrrden Apr 01 '14 at 07:05
  • @borrrden Thank you for answer. I know it's better to get it from a server, but actually I don't have a server... – KudoCC Apr 01 '14 at 07:10
  • If you don't have a server then I suggest using a `#define` instead, and making it a C-string. In fact, make it several and concat them together into one `NSString`, or even better you can base the key on a UUID that you generate at runtime. – borrrden Apr 01 '14 at 07:12
  • @borrrden "Generate at runtime" still faces the problem where to save the private key, but generate at runtime is better than write it in my code. BTW how to generate the private-public key pair at runtime :) ? – KudoCC Apr 01 '14 at 07:22
  • @borrrden That's tricky to do for RSA keys. You can however create an AES key from the UUID and some other data and encrypt the RSA keys with that. In general, you don't want to create asymmetric keys all the time. – Maarten Bodewes Apr 01 '14 at 07:22
  • Yes, it does. As I said the best place to store it would be in the iOS keychain. – borrrden Apr 01 '14 at 07:23
  • @owlstead Oh, I am unfamiliar with RSA keys so I didn't know that. I've only used AES keys. – borrrden Apr 01 '14 at 07:24

1 Answers1

1

In principle you are trying to solve the DRM problem. As long as you cannot trust the runtime system, there is no complete solution. Your best bet is to store keys in system provided containers and hope those are well protected (i.e. the iOS key chain as borrrden already mentioned).

If that fails you can encrypt your RSA key with an AES key generated from some static information within the device. This should be thought of as obfuscation rather than encryption as the key is not really secret. You should probably try and use a standard container format such as PKCS#8 to encrypt the keys.

It is possible to generate RSA keys from a static set of data (using a PRNG to feed this data in the RSA key pair generator) but those kind of schemes are not standardized, very brittle and take an unspecified amount of CPU time, so I would strongly recommend not to take that route.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Ok, as the important file is open to the user himself, so using the key chain should be an good solution. But the problem then I will face is how to generate RSA public and private keys at runtime. Do you have any suggestion. Thanks. – KudoCC Apr 01 '14 at 09:21
  • The question really becomes if you still need the RSA key pair. You may as well encrypt a symmetric key with a key from the chain. As long as everything stays on the same device there is no need for PKI. – Maarten Bodewes Apr 01 '14 at 09:30
  • As long as you're not mean, like the person that upvoted that comment :) – Maarten Bodewes Apr 01 '14 at 10:45