I need to protect a file with password when I send it as email attachment from iPhone. I have zipped the file using libz.dylib zlib.h class. Basically I followed the approach discussed in http://www.cocoadev.com/index.pl?NSDataCategory ie., to create NSDataCategory and calling zlib methods to compress the file. So I have the .gz format file as NSData and I want to protect it with a password. My question is how to protect a .gz file with a password. And I have also a basic question of how the password protection on a file work? Will it encrypt the total file with the given password or will it just act as a gate keeper to open the file?
You can't add password encryption to a .gz file, there is no support in libz. What you are thinking of is .zip tools that also add a simple layer of encryption where the password is used to decrypt the file. You might want to have a look at lzmaSDK to implement that sort of feature, I have read that it supports AES. But, be aware that adding encryption code to your iPhone app is more trouble that it is worth because then you will need to also register to export the encryption. It will significantly complicate your app release process.
Related
I'm generating an xls file and would like to protect it with a password before attaching it to an email. The excel package doesn't have this feature yet. Is there a walk around solution like packing the file into a password protected archive? Thanks!
I have an iOS application, which stores all downloaded *.pdf files in its cache. Is there a way to prevent this data from extracting? Encryption or something else? Thanks in advance.
There are quite a few ways to encrypt files, and I'm sure everyone will have an opinion on the best way to do so.
In a project I've recently been working on, we've been using CommonCrypto (https://github.com/AlanQuatermain/aqtoolkit). Just take any NSData, encrypt it, and save it to a file, and vice versa. You can even write an easy Transformer by subclassing NSValueTransformer, which abstracts all of the encryption to one spot and you will never have to worry about it again.
You can protect PDF files with a password. I assume you create the PDF files not within the application but externally. For example you can use Preview.app in Mac OS X to secure existing PDF files with a password (Hit Cmd-P, then select PDF in the print menu and there you can set security options. Or even more simple: in the menu choose Export...).
In iOS you can then open the PDF files like this:
CGPDFDocumentRef documentRef = CGPDFDocumentCreateWithURL((__bridge CFURLRef)[NSURL fileURLWithPath:filePath]);
if (!CGPDFDocumentIsUnlocked(documentRef))
CGPDFDocumentUnlockWithPassword(documentRef, password);
...
There are actually 2 Documents folders in which your app can store content. One can be extracted, and one is private. Check the accepted answer in this ticket.
Access files in "private Documents" folder transferred with iTunes
Assuming you want the PDF files from getting extracted on jailbroken devices, the most straight forward approach would be along the following lines:
generate a random string during the first launch of the app
save the random string either in NSUserDefaults in state file inside your own app's sandbox
using this random string create a secret key using a deterministic but hard to figure out algorithm
use this secret key, which you don't store anywhere but always generate on demand, symmetrically encrypt your buffer with AES or something similar
You would probably find the source code here very helpful.
I have application which exports data in csv file which is stored in Document's Directory.
Also I have enabled File Sharing in my app with iTunes so that whenever i will connect my iPhone with iTunes it will allow me to save csv file. But my data needs security, so i want generate Password for my CSV file, So that whenever we open file in computer, it will ask for Password. How to achieve generating Password protected file in iPhone??
Well, you would have to create a disk image (.dmg file) in order to have the file password protected once it was on your computer. I don't think this is possible in iOS. I think your only solution would be to use an encryption/decryption algorithm. Store encrypted data into the file, and use your algorithm to decrypt the file once it is on your desktop. Here is a solution for encrypting/decrypting NSData.
How about it doing it this way :
Use some generic encrypting algorithm
Either generate a key or ask from user (as per your needs ) while generating csv
Then when its copied to dekstop ask user to download a utility to decrypt..
Or create simple online decrptor in php .. should be simple enough..
Or use existing : http://www.tools4noobs.com/online_tools/decrypt/
Recently i've asked about the security implications of storing sensitive info in the xml string resources in Android: the answer? Heavy security implications, is really easy to get the contents of every xml file with a simple command line tool, so it is almost mandatory to have important info encrypted.
Now, how is it like in iOS? How secure it is to have a certain data in a plist or a .strings localizable file, in plain text, non encrypted?
Still not very secure.
There is nothing stopping a user from unzipping an application stored on their computer in iTunes and viewing the contents. Its very easy to do, even without a jail broken phone. Any strings resources, plist files etc will be immediately accessible.
Even hard coded string literals are visible in the compiled binary when one views it with the strings utility. And going a set further, using the nm utility one can see all your applications symbols, such as method names, constants, etc.
I would recommend against storing anything that could be considered sensitive in plain text.
You can access any file on a jailbroken iPhone, so you'll need to encrypt sensitive data.
If your app ships with a .plist file, then the end user can unzip the .ipa app file and see the .plist file and do whatever they want with it.
The exact same problems, a plist is a very common file for Mac OSX and iOS and it is just a XML file. Secure your sensitive data on ALL platforms!
I would like to add that apple does provide a way to securely store sensitive information in the Keychain.
I want to use a dynamic email signature in Thunderbird, that is context aware (depends on date, events in db, etc.)
If I have a PHP that can generate the signature html (i.e. http://www.site.com/email_sign.php)
how do I force Thunderbird to use it?
(the only options I see are using static html (whether inline, of from a local system file).
any ideas?
You can use the Signature Switch add-on and a batch file calling wget to achieve what you want. I wrote a simple executable to replace the bat file; you can read about it (and download it if you want to) from http://www.else.co.nz/portfolio/020-code/dynamic-email-signatures
I doubt you can do this simply. Thunderbird does allow scripting via the creation of plugins but I wouldn't personally know how do do it or how easy it might be.
Best answer I can think of would be to set a scheduled task / cron job to download the php to a local file then follow the instructions in the knowledge base, namely:
You can use Thunderbird to create signature files, or you can use your operating system tools to create them—for example, a plain text editor.
Thunderbird does not provide any
special place to store signature
files. You could create a Signatures
directory in your profile to store
them, making them easy to back up
along with the rest of your profile.
Or you could store them somewhere
else.
To use a signature file, specify it in
Account Settings as the signature for
an identity. Check the box "Attach the
signature from a file instead" and
specify the signature file.
This will work unless Thunderbird caches the HTML internally, however I see no indication in the FAQ that this is the case.
For years I updated the signature for my email client manually – until I got fed up… That’s why I wrote a PHP script to create a randomized signature block automatically from an RSS feed! Check it out: https://github.com/birdy1976/signature :-D