I want to store static NSString securely. I am storing in plist file but its not secure as it can retrieved if anyone gets IPA. Is there any way to store a string or token securely?
Replies
You never told the level of security you are looking for.
Is it to protect a bank account access ?
If so, probably need some strong crypto, but also export authorizations
Or just protect some private information so that they are not visible to anyone ?
If so, you could design your own encryption.
I suggest to make it specific to each device
For instance (to be adapted if String contains non ASCII), to encode a String s:
- select a codeS string which is device specific (e.g, MAC address)
- append codeS to s
- select a number N between 3 and 6 (may be also device dependant)
- pad the resulting s to have a length multiple of N
- convert each char of String to another char with a f func (you could use a parameter to make it depend on device) - give a name that does not show it is part of encryption ; build g, the reverse func
- mangle the resulting String with a reversible algo (for instance by moving packets of N char)
Decoding is just the reverse order.
Level of security for storing api-secret key: Free from exposing or making the api-secret key non human-readable .
So, there is no risk for users sensitive data ?
In this case, probably don't need strong encryption. Could look to what I proposed.