> On Jun 26, 2017, at 10:24 PM, Jens Alfke <j...@mooseyard.com> wrote: > > There’s some use in a scenario like this, and it could be a nice feature to > add to apps … if there were a convenient and trustworthy file encryption API > available. But there doesn’t seem to be.
I just remembered libsodium <libsodium.org <http://libsodium.org/>>, which is an open source crypto library with some very reputable authors like Jeremy Bernstein. Its philosophy is to provide very high-level APIs that focus on a specific task, like “I want to encrypt a file”, which are implemented using appropriate algorithms. This ensures that you’re a lot less likely to make a mistake and break things. The drawback is that it tends to use less-common algorithms; they have good reasons for their choices, but it makes interoperability difficult unless you use libsodium on both ends. The appropriate function for encrypting a file looks like crypto_secretbox_easy(): https://download.libsodium.org/doc/secret-key_cryptography/authenticated_encryption.html <https://download.libsodium.org/doc/secret-key_cryptography/authenticated_encryption.html> If you want to make the user type a passphrase, libsodium has some key-derivation functions to convert the passphrase to a key. If you want to randomly generate a key and store it in the Keychain, you’ll unfortunately have to deal with Apple’s Keychain APIs, but I think there is some reasonable sample code for storing a key. (Caution: Do not under any circumstances try to store the key as a SecKey! The API implies that you can do so, but trying to get this to work on iOS nearly drove me into a nervous breakdown a few years ago. Instead, just turn it into a hex or base64 string and store it as though it were a password.) —Jens _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
