Swift: Encryption of a file or plain text

Question

Hello i'm about to write an app that enables me to store remote files on iPhone's local disk to make the data permanent in a file and manipulate with it. But i have a question about this. I have no idea about encrypting data by the way.

So if any iPhone hacker crack the prone with jailbreak and access my local file? In this situation, i want to use Encryption. But i'm missing something. My json files contains long plain texts like 100,000 words. So if i apply the CryptoSwift library which is on Github now, using the AES and NSDATA my computer is stuck to encrypt it.

    let plain = "mylongtextfromfile".dataUsingEncoding(NSUTF8StringEncoding)

    let key: Array<UInt8> = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]
    let iv: Array<UInt8> = AES.randomIV(AES.blockSize)
    let encrypted: NSData = try! plain!.encrypt(ChaCha20(key: key, iv: iv)!)
    print(encrypted)
    let decrypted: NSData = try! encrypted.decrypt(ChaCha20(key: key, iv: iv)!)

    let string1 = NSString(data: decrypted, encoding: NSUTF8StringEncoding)

    print(string1)

I also noticed that Apple does not want to use of another encryption libraries unlike its built-in APIs. The Itunnes connect policy requires an extended verification process of the app. I want to ask you experts that what i must to do. I do not want to user to interact with any mobile service-back-end, API or server for downloading the words and query them once the users want to use the words each time.

What i need to use to keep the process fast. Actually is there any way to only encrypt file itself unless the data in. Or what is the mistakes i'm facing.

sincelery,

Answer 1

So if any iPhone hacker crack the prone with jailbreak and access my local file?

Yes. This is true, and there is nothing effective you can do about. You can create some layers of obfuscation. You can slow down attackers by a few hours. With sufficient resources and an ongoing team of security experts you may be able to slow down an attacker for longer. But if Apple with control of every piece of the ecosystem, and extensive and expert resources dedicated to it, can't stop attackers from jailbreaking the phone, you have no hope, especially, if as you say, you know nothing about encryption.

That is not to say that there is nothing at all you can do; it just won't be very effective, so don't spend tons of time on it. You must assume that if your data is of any significant value, attackers will extract it. You must design your system and business model to be resilient to that. Or you must employ an ongoing team to mitigate attacks, like Apple or Blizzard do.

So what can you do that will be simple and provide some kind of obfuscation, even if it's pretty ineffective? As you appear to be trying to do, encrypt it against a hard-coded key. It won't stop anyone who knows what they're doing, but it'll keep away some people, and that's about as good as you can do.

CryptoSwift is a nice library, written by a smart guy, but it's very low level, and assumes you know what you're doing. This is not the kind of tool you want to be using for this. You want something that does all the work for you. I have one, RNCryptor. It has the advantage of being very simple, cross-platform, and only using Apple crypto primitives. There is also libSodium which is even more portable and is a more powerful format, but doesn't use Apple's primitives.

The important thing to look for is something that offers an encryption format, not just crypto primitives. It is very challenging to build a secure format out of primitives. Don't attempt it without first studying how it's done.

If you do want to move forward with CryptoSwift, then you'll need to explain more precisely what is going wrong. When you say "my computer is stuck," what precisely is happening?