I need to encrypt some data that a Mac app will include within the app’s Resources folder, and that will be updated periodically via download from my website. I realize that nothing in userland can possibly offer perfect security, but I want to make it as hard as possible for an attacker to gain access to this data.
The Crypto stuff in Xojo looked promising, but won’t allow me to encrypt with a private key and decrypt with a public key - it throws an exception - so that’s out. I found a good Blowfish library that seems to work well. I suppose that I could use a password that could be computed within the code to make it hard to find, but someone with a copy of Hopper Disassembler could get in there and figure out the password. (Of course, a public key would probably be harder to hide.)
Anybody have any advice? Would Blowfish work well for this purpose, or would it… well, blow?
I’m using encrypted database file, with extension .dll
I’m using encrypted database file, with extension .dll :)[/quote]
That would work, but I’ve already got a file format and code to read it. I’d hate to rewrite all that unless it would give clear benefits, but either with Blowfish or an encrypted SQLite database, I’d still be storing a password somehow. (Not that I see any way around that… the app has to have information about how to decrypt the data, so a sufficiently determined and knowledgeable user potentially harvest that information.)
Ideally, I’d like to just be able to decrypt the data into a string in memory containing the unencrypted data, and then parse that with my existing code. But would a database be better, security-wise?
You do realize I hope… that if you wish to write to or update any data or files in the RESOURCE folder of your application bundle, it will have to be moved to another location. You cannot write to the bundle.
I’d suggest (if your data fits the model) to use encrypted SQLite… The encryption is builtin already
Not quite. It is possible in a non sandboxed apps. Personally, I would not do it…
rephrase : “You SHOULD not write to the bundle”… not allowed in Sandboxed apps, and likely to mess with CRC integrity in others
Yes. I should have written not sandboxed, not digitally signed. Anyway, should not be done in our modern days of Gatekeeper and MAS. Copying to ApplicationData is simple enough.
Especially with the fact that the data comes from a website already. I’d add to this and just download it fresh from the website on first launch
it isn’t that you CANT write to them. you SHOULDNT write to them. Now if the app is a MAS app, their security will probably freak out when you write to the resource folder.
I agree on writing to the ApplicationData over the resources folder.
you may break the app signature resulting in an app that wont launch again
it may be prevented by the OS with a permissions error
any way you try to do this is a bad idea and you’re going to have a bad time
It is even simpler : the sandbox will simply block out the operation.
At any rate writing to the bundle is simply a very bad idea.
Updating the file isn’t an issue. I copy it from the app bundle to Application Support on first run, and when it needs updating, that’s the copy that gets replaced.