Encrypt - send - save - receive files in iOS

About

Asked 16/10, 2018 at 20:18 Answered 28/1, 2019 at 15:41

ios encryption icloud imessage-extension

I have an iMessage application that send files. Data is saved in iCloud servers using CloudKit. Everything works well.

Now I want to add a new level of security. I want to encrypt the data before sending it to iCloud.

The problem is that using public/private key pairs is not possible:

In iMessage the extension can't identify users.
No real time session can be opened between conversation participants to exchange keys.

None of the options below are strong enough to make the data secure:

Use a key encryption hardcoded in the application.
Generate a random key, encrypt data with it and save it with the data in the iCloud servers, so it can be downloaded with the file to decrypt it.

iCloud may be secure but users' data could be personal/sensitive so I want to add a new security layer + it's a fun exercice for me.

Could anyone help to find the right encryption method?

Webworm answered 16/10, 2018 at 20:18 Comment(7)

You can ask the sender for a passphrase that you use to generate a key that you then use with a symmetric key algorithm; the problem is then how do you get passphrase to the other party if you don't trust the channel. This is the problem that public/private key cryptography solves; this was considered an almost impossible task until RSA and James Ellis & Clifford Cocks from the British GCHQ (independently) found the solution. – Taggart 23/1, 2019 at 3:27

@Taggart this would be a solution if actually there a Channel between sender and receiver. But as explained, i can’t identify the receiver because ios will not give the info. – Webworm 23/1, 2019 at 13:12

You don't need to identify the receiver, you need some way of sharing the key with the receiver. Either you send the key over the only channel you have (but you don't trust this channel, so) you need the participants to exchange the key "out of band" – Taggart 23/1, 2019 at 13:51

@Taggart thanks for the answer, the problème is that there’s no channel between then, iMessage is just like enhanced sms, so if i want to send the key i have to send a « real » message that the user will see. – Webworm 23/1, 2019 at 17:11

Yes, that is what I am saying; you can't do this "in-band" purely from the sender if you don't trust the channel, which you don't because it is just an imesssge. The only way it can work is if the sender asks the receiver to send their public key first. Then the sender can use the public key to encrypt the file encryption key and send that to the receiver before finally encrypting the file with the encryption key and providing the file. – Taggart 23/1, 2019 at 19:6

@Taggart ok this is what i thought from the beginning, one solution would be to use a master key to encrypt/decrypt, not an ideal solution but i see no other way .. – Webworm 23/1, 2019 at 19:31

Let us continue this discussion in chat. – Taggart 23/1, 2019 at 21:12

You could send the key in the url of a custom MSMessage, along with the CloudKit address. The url key and address can be encoded, base-64 format as a data url so only your app knows how to decode.

That way at least someone needs to know how to decode your standard url's before getting the encryption key.

Aeriform answered 28/1, 2019 at 15:41 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags