Post not yet marked as solved
in regards to padding, the documentation in the headers for the encryption cipher kSecKeyAlgorithmRSAEncryptionOAEPSHA1 declares that
data is padded using OAEP padding scheme internally using SHA1.
is it a secret which masking generator the OAEP is using? I need to be able to convey to our architects whether or not the iOS encryption is using MGF1.
so: Is it?
Thanks in advance,
|K<
Kent Clelland
Post not yet marked as solved
My iOS app is coded primarily in obj-c and is compartmentalised into 15 different traditional .framework bundles. One of these frameworks is exclusively swift. Now I am trying to create parcels which are more easily reused across the firm, so I want to extract core functionality from my swiftCode.framework and create swift packages, and use those new packages inside my swift framework. Unfortunately my first attempt to do this has been thwarted by 'no such module' errors when I try to import my package in a .swift file. my Xcode project downloads the package and it appears to build properly (and I can see it in the 'debug' folder of my derivedData folder). but every time I try to import it in a swift file I get the error 'no such module' with no further information on how to track down the error! I think the package manager is a really great Idea, and I am anxious to be using it, however... How can I make it work? (Xcode 12.2 on Catalina)
Post not yet marked as solved
My iOS application has a window inside of which a WKWebView is displayed. Some testers are complaining that since updating to iOS12.4 they can no longer load the content. I cannot reproduce this problem in our engineering offices and I cannot go onsite to the testers.The WKWebView loads a javascript resource (remotely) into 'about:blank' which opens a web application in an iframe.The webview reports that it has finished loading (webView:didFinishNavigation:), however the view is empty.the thing is... on iOS 12.3 this works fine...and on on engineering (non-hardened) environment everything works fine.on iOS12.4.x on an environement with strict security, the webkit view load command does nothing.most importantly, it does not 'fail' in the sense of calling webView:didFailNavigation:withError:I realize that there were quite a lot of changes to WebKit for the iOS 12.4 release... am I the only one seeing regression problems? Or have I been doing things wrongly all along?I was hoping to be able to debug the javascript in the Safari debugger, however because the problem is a load problem, I cannot set a breakpoint...I also see a lot of private features in the open source WKWebView code which are not accessible via iOS12... is there some secret sauce which I am missing?Any tips appreciated, thanks in advance for your insights,|K< additional info: ATS flag NSAllowsArbitraryLoads set to 'true'
Hello XCode Developers.The latest XCode release 11.4 introduced a new target integrity check which fails a build if the target links against a framework named "Collaboration.framework"This is a very presumptuous error. Our company has a proprietary framework with that name... and now our builds all fail unless we remove this framework. I noticed that if I build my target with our proprietary Collaboration.framework removed, and then insert it again and run without building, then I can work around this problem. Subsequent builds will not run the target integrity check and I can work smoothly for a while... until the target integrity check runs again. Is it possible to disable this check somehow? Moving forward, we would be very grateful if the XCode team would expand upon this check to be a bit more selective, or prefer to warn the developer instead of failing the build.Thanks,|K< Kent ClellandAvaloq Evolution
When our iOS app authenticates with the server, a background thread is initialized using thebeginBackgroundTaskWithExpirationHandler: interface.The intention is that when the user backgrounds our application while in an authenticated state, thebackground task will end the authentication session with the server after 3 minutes of not returning to the foreground.This design has been working well for us for years. Until the iPhoneX arrived and a small handful of clients started tocomplain that their session was being dropped after shortly sending our app to the background and returning to the app within ashort time. Which means that our expirationHandler is being called after an unexpectedly short amount of time (usually 15 seconds).when entering the background, our task calls[UIApplication sharedApplication].backgroundTimeRemainingwhich we typically expect to return something like 170.on the iPhoneX it returns 1.797693134862316e+308Why is the expirationHandler being called after 15 seconds on iPhoneX hardware? How can I allow for more time in the background before the expirationHandler is called?Thanks,|K<
How do I enable the XCode compiler to generate NX bit protected code?A client has requested that I re-compile their app with this protection enabled. However, after reading the Security Document:https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf (section: "Runtime process security" starting on page 26)I was under the impression that the NX bit security is enabled by default.Is it possible to optionallly compile with NX bit security enabled? if so, how?thanks,|K<
AvaloqKent.