1 Reply
      Latest reply on Feb 12, 2020 2:44 AM by eskimo
      deepeshcko Level 1 Level 1 (0 points)

        Hi

         

        I am currently using chilkat  ( refer : https://www.chilkatsoft.com/downloads_ios.asp ) for json web encryption and wrapping a cek (content encryption )key to the JWE object. This is currently supported by chilkat using a method setWrappingKey. For example I use it as below

         

         

                let jweProtHdr = CkoJsonObject()
                jweProtHdr!.load(headerJson)
                jwe!.setProtectedHeader(jweProtHdr)
        
                print("JWE Protected Header: \(jweProtHdr!.emit())")
                jwe!.setWrappingKey(0, encodedKey: cekKey, encoding: "base64")
              

        Question : is Chilkat approved by apple to use used for production purposes ?.

        Or is there any other alternatives or similar libraries available which are free to be used.

        Does apple have its own APIs to support JWE json web encrytion ?

         

        Thanks

        Deepesh

        • Re: Is chilkat approved library to be used for encryption any other alternatives ?
          eskimo Apple Staff Apple Staff (13,035 points)

          is Chilkat approved by apple to use used for production purposes ?.

          Apple does not approve libraries.  There are two relevant approval steps here:

          • If you’re distributing via the App Store, your app must be approved by App Review.  App Review looks at your app as a whole, not at specific libraries.  They publish guidelines about what is or isn’t allowed on the store.  If your app follows these guidelines then you can reasonably expect to be approved, but this is a complex process and it’s ultimately App Review’s call.

          • App Store Connect has specific rules about publishing software that uses encryption.  See Export compliance overview and related sections in App Store Connect Help.

          If you’re looking for advice specifically related to the Chilkat, I recommend that you talk to them.

          Or is there any other alternatives or similar libraries available which are free to be used.

          I don’t have any recommendations here, but perhaps other folks might like to chime in.

          Does apple have its own APIs to support JWE json web encrytion ?

          Not directly.  However, JWE is layered on top of a bunch of lower-level technologies (JSON and various crypto algorithms) and many of those are covered by APIs in our various platforms SDKs.  I recently spent some time playing with JWT (and specific use case for JWE) and I had great success with Swift’s JSONEncoder / JSONDecoder, Foundation’s Base64 API on Data, and Apple CryptoKit.  Be warned, however, that dropping down a layer like this requires you to actually understand more details about the encoding and algorithms defined by the standard.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"