6 Replies
      Latest reply on Sep 12, 2019 1:44 PM by Claude31
      iphonegamedeveloper Level 1 Level 1 (0 points)

        Is there any mechanism to generate a unique string/token(like UUID/ identifierForVendor) in device and verify the same in host/server?

        • Re: Authenticate with server
          Claude31 Level 8 Level 8 (7,885 points)

          Isn't Public key mechanism answer your need ?


          Generate a public / private key pair on device.

          Send the public key to server on registration

          send a message from server to device, sign (encrypt) with private key, send to server which decrypts with the public key to check it matches.

          • Re: Authenticate with server
            PBK Level 7 Level 7 (3,435 points)

            >Is there any mechanism to

            > 1) generate a unique string/token(like UUID/ identifierForVendor) in device

            > 2) and verify the same in host/server?


            You need to be a bit more specific about what you want to do in #1 and #2 above.  Specifically, what do you mean by "verify"


            If you are trying to communicate privately (sending and receiving encoded messages) between two devices you can use the public/private key mechanism available in OpenSSL.  It's complicated.  It allows you do encode information so that others can't read it even if they can read the back-and-forth that set up the public/private key.


            But if what you want to do is get a unique identifier for each device or user so that you can treat each user or device separately then there are two simple approaches.  The first is identifierForVendor (which you know about) and the second is a do-it-yourself of identifierForVendor:

                NSString *uniqueString=[[NSUUID UUID] UUIDString];


            In both cases you may want to store the identifier in the keychain so it won't change when the user deletes and reinstalls the app.  You may want to store it in the user's key-value file in iCloud so it is unique to the user's Apple ID not to the device.


            Regarding "verify" - if what you want to do is be sure this identifier comes from your app then that requires "signing" the transmission package.  You do that by generating a 'seeded hash' of the package and sending that with the package.  A seeded hash is created by adding something secret - like "abc iphonegamedeveloper" to the original string and then calculating the SHA1 hash with OpenSSL.