Skip to content

Instantly share code, notes, and snippets.

@cvasilak

cvasilak/gist:e20f353e85e57e875a93 Secret

Last active December 24, 2015 21:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cvasilak/e20f353e85e57e875a93 to your computer and use it in GitHub Desktop.
Save cvasilak/e20f353e85e57e875a93 to your computer and use it in GitHub Desktop.
Download ZIP
Security (iOS)
Raw
gistfile1.md

Security Notes (iOS)

Areas Covered:

  • Symmetric Encryption GCM (Galois/Counter Mode)

    (apart from confidentiality provides integratity check, that is it is able to identify if the encrypted data were tampered) (fast and efficient especially in high speed networks)

    • IV -> An initialization vector, used to make each cipher message unique. This helps to prevent replay attacks and cryptanalytic attacks by ensuring that the same clear text encrypted with the same key will yield different cipher text, based on the ini- tialization vector. Each encrypted message should use a random value as an initi- alization vector and change this vector to protect the uniqueness of the cipher text.

    • Salt -> In cryptography, a salt is a series of bits used to complicate certain types of cryptanalytic attacks, such as dictionary attacks using rainbow tables. When a passphrase is com- bined with a salt, the same passphrase used elsewhere will yield a different key. The salt is left entirely up to the implementer.

    (JS)

    AeroGear.crypto.encrypt (Encrypts in GCM mode)

    AeroGear.crypto.decrypt (Decrypts in GCM mode)

    (iOS)

    (Common Crypto)

  • Asymmetric encryption with Elliptic Curve Cryptography (ECC)

    (JS)

    AeroGear.crypto.encrypt

    AeroGear.crypto.decrypt

    (iOS)

    ???? can't find a suitable impl, unknown state see http://lists.apple.com/archives/apple-cdsa/2011/Mar/msg00007.html

  • Cryptographic Hash Functions

    Verify the integrity of data than to keep it secret.

    A cryptographic hash function takes any amount of data and applies an algorithm that transforms it into a fixed-size output value. For a cryptographic hash function to be useful, it has to be extremely difficult or impossible to reconstruct the original data from the hash value, and it must be extremely unlikely that the same output value could result from any other input data.

    (JS)

    AeroGear.crypto.hash (Generates a hash output based on SHA-256)

    (iOS)

    SHA hashing -> CommonDigest.h

  • Digital Signatures Digital signatures are a way to ensure the integrity of a message or other data using public key cryptography. Like traditional signatures written with ink on paper, they can be used to authenticate the identity of the signer of the data. However, digital signatures go beyond traditional signatures in that they can also ensure that the data itself has not been altered. This is like signing a check in such a way that if someone changes the amount of the sum written on the check, an “Invalid” stamp becomes visible on the face of the check.

    (JS)

    AeroGear.crypto.sign (Sign messages with Elliptic_Curve_DSA(ECDSA))

    (iOS)

    ????

  • Public-Private Key-Pair AeroGear.crypto.KeyPair

    (JS)

    AeroGear.crypto.KeyPair

    (iOS)

    (Common Crypto) -> https://developer.apple.com/library/ios/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html#//apple_ref/c/func/SecKeyGeneratePair

  • Password-based key derivation (PBKDF2) (JS)

    AeroGear.crypto.deriveKey

    (iOS)

    CCKeyDerivationPBKDF

    • included in IOS SDK

    ../SDKs/iPhoneSimulator5.1.sdk/usr/include/CommonCrypto/CommonKeyDerivation.h ../SDKs/iPhoneSimulator6.1.sdk/usr/include/CommonCrypto/CommonKeyDerivation.h ../SDKs/iPhoneSimulator7.0.sdk/usr/include/CommonCrypto/CommonKeyDerivation.h

  • Encryption of storage

    Built into iOS - Data Protection (cons: Requires pass-code set by the user)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment