1

I have gone through apple developer videos on Security they have mentioned to use ssl https certificates and keychain to deal with security.

My iOS app will be giving access to sensitive paid files. so hackers should not get access to these files. I will be using in app purchase, so that user can buy these file.

1) My first question is: Should i host my files on apple server (Hosted Contents) , is the apple to client communication secure enough or should i implement my own server code with certificates and ssl authentication.

2) i want to know or get idea on how to encrypt files using private key on my desktop machine and then upload it on my server. When asked for by my iOS app pass the public key and encrypted file and save the public key in Keychain for further use. I want this feature so as to save the file on disk without anyone getting access to it by jailbreaking or other hack.

3) What should be used as public and private keys and what type of encryption to use. Currently i have come across AES looks good enough but is there a better way? Can certificates itself used to encrypt data or pass keys?

4) Which certificate authority to contact for most secure certificates.

Thanks in advance...

EDIT: Main purpose to achieve is to download pdf and that pdf should not be accessible to user outside the app.

1) I have decided to use root certificates from CA and https to transfer content, to avoid MINM.

2) On app side i will generate public private key pair.

3) Save Private key in keychain.

4) Send Public key to server.

5) Server will encrypt pdf using MAIN-AES-Key.

6) MAIN-AES-Key will be encrypted using Public key sent by app.

7) Encrypted-pdf and Encrypted-MAIN-AES-Key will be sent to app.

8) Encrypted-pdf will saved to disk with secure write options just incase.

9) Encrypted-MAIN-AES-Key will be saved in keychain.

10) To decrypt pdf: Private key generated by app will be used to decrypt Encrypted MAIN-AES-Key and MAIN-AES-KEY will be used to decrypt pdf.

11) Finally will be trusting Apple-KeyChain to keep Private-Key secure.

Satyam Raikar
  • 465
  • 6
  • 20
  • You probably do not mean "public key", that has the connotation of asymmetric encryption with a public/private key pair. This form is generally not used to encrypt data. Generally data is encrypted with a symmetric key and an encryption algorithm such as AES (Advanced Encryption Standard) which uses a shared key. If you use https the entire connection is encrypted to additional encryption is not required for the transmission. – zaph Jul 01 '15 at 14:10
  • All certificates are essentially equally secure, just go to any top-level CA. Probably whoever you bought your domain from also provided certificates. – zaph Jul 01 '15 at 14:14
  • Encryption is to save that file to disk and then use it by decrypting whenever required. – Satyam Raikar Jul 02 '15 at 03:30
  • You can save it with `NSData` `writeToFile:options:error:` with a `DataWritingFileProtection*` that will write the file to disk encrypted and handle the key automatically. – zaph Jul 02 '15 at 03:45
  • You will not like this but if you want a secure system get a cryptographic domain expert, security design is not programming, getting the code to work is the trivial part. I always have an expert review my design, assumptions and implementation. The old saw is: "Anybody can develop a system they can't break". If you just want to feel secure go it alone. – zaph Jul 02 '15 at 03:55
  • 1
    DatawritingFileproctection requires passcode to be setup on phone for it to be more secure. is it better to send sharedKey as you mentioned earlier over network after https and certificate auth and save this key in keychain and use it for further use. As you mentioned some where have faith in apple KeyChain ?? Do you see a flaw here ? – Satyam Raikar Jul 02 '15 at 03:59
  • http://stackoverflow.com/questions/24291264/ios-app-data-encryption-with-public-private-keys – Satyam Raikar Jul 02 '15 at 04:04
  • First one needs to do a security analysts of what is being protected, from whom, how valuable (in monetary terms) it is to the owner, to the attacker, who the attacker might be. Is the data being protected against the device user? A 3rd party, etc. If the device owner wants to protect the data a passcode may be a reasonable assumption. – zaph Jul 02 '15 at 04:04
  • The keychain is the most secure place to save a key, we can do no better. In the 5s and above the keychain is in the secure enclave with is a separate processor. – zaph Jul 02 '15 at 04:08
  • As you mentioned in the post linked above, one should encrypt the shared key using public key send over network and use private key to decrypt the shared key for further use. Where will the private key reside and how to save it securely within the app so that reverse engineering cannot have access to that key? – Satyam Raikar Jul 02 '15 at 04:11
  • Security is the whole enchilada, device, server, data at rest, data in transit. Right down to server backups and two factor authentication on the server. How the pass wards are saved, how they are extended for key use. Get just one thing wrong and the security is lost. If you want to get an idea of security read NakedSecurity or Krebs on Security. The first serious security project I was involved in was a disaster, we were shash.doted. I had trusted my bosses key generator and it turns out it was worse than horrible. After that I took had the company hire a domain expert to vet my design. – zaph Jul 02 '15 at 04:20
  • https does all this for you. The server has a signed certificate with a public/private key pair. A random symmetric key is generated to encrypt the data. The data is sent encrypted to the server with this short lived shared key. For a real description Google, I'm writing this while watch TV. – zaph Jul 02 '15 at 04:28
  • My recommended starter crypto book is Cryptography Decrypted by H. X. Mel and Doris M. Baker. For guts see *The Handbook of Applied Cryptography*, legally free at [FreeComputerBooks](http://freecomputerbooks.com/handbook-of-applied-cryptography.html). Finally Applied Cryptography by Bruce Schneier, We have two of those in the house, his and hers. Those cover the basics. – zaph Jul 02 '15 at 04:36
  • Thanks Zaph will go through these books... Somethings cannot be just avoided... :) – Satyam Raikar Jul 02 '15 at 05:02
  • @zaph whats your take on EDIT is it ok? – Satyam Raikar Jul 02 '15 at 17:39

1 Answers1

1

The solution is unnecessarily complicated. The more complicated, the less secure due to more potential errors/over-sights.

  1. Do use https with a CA signed certificate
  2. To avoid MITM pin the certificate on the app side
  3. There is no need to further encrypt the data being sent over https
  4. Encrypt the file on the device and save:
    • Create an encryption from random bytes
    • Save the key in the Keychain
    • Create an iv from random bytes
    • Add the iv to the beginning of the encryption buffer
    • Encrypt the data with AES, CBC mode and PKS7 padding into the buffer following the iv
    • Save the data into a file the the app file area, possibly under the Documents or Library directory
  5. Decrypt the file on the device and use:
    • Get the key from the Keychain
    • Read the encrypted data file
    • Get the iv from the beginning of the data
    • Decrypt the data starting just past the iv
  6. Do not ignore the server
    • Use two factor authentication.
    • Properly hash with a salt any passwords
    • Use good user authentication

For the app data encryption consider using RNCryptor instead of writing the encryption portion yourself.

zaph
  • 111,848
  • 21
  • 189
  • 228