Securing xml plists in Cocoa / Objective C
Asked Answered
A

1

15

I am writing an application which reads information from am xml plist in the bundle upon startup. The information in the plist has been compiled through many days of work and I would like to ensure that it cannot be extracted easily from the app bundle by another party after distribution. Is there any way to secure or encrypt xml plists that one includes within your app bundle?

Any help would be greatly appreciated please.

Angele answered 23/9, 2009 at 10:49 Comment(1)
It’s a minor detail, but if you’re embedding a plist that’s not intended for human consumption, use the more efficient binary plist format. You can convert with plutil -convert binary1 file.plist.Precipitancy
E
16

There is no built-in encryption function in plist. Many people treats the compression as encryption.

Here is what I would do,

  1. Make up an encryption key.
  2. write a tiny program to encrypt the plist into a binary file using SecKeyEncrypt().
  3. Put the binary file in the bundle.
  4. In the app, hide the key somewhere. For example, store them as pieces so it's not easy to find from a dump.
  5. When you startup the app, read the binary file from bundle, decrypt it using SecKeyDecrypt() using the key and store the cleartext in memory.
  6. The cleartext is the plist and load the plist from the memory.

This is still considered obfuscating because key is available in your bundle but it will be hard enough to deter most casual hackers.

Emplacement answered 23/9, 2009 at 11:26 Comment(2)
As far as the encryption part, check out this SO question for ideas: #1418393Recalcitrate
@ZZ Coder Do you have any sample example to demonstrate this ?Evacuation

© 2022 - 2024 — McMap. All rights reserved.