加密密钥：可以使用混淆吗？

Question

I am building an iOS app for someone. The app will be used to take mock exams on for a professional license. The question data is stored in Core Data but the question and answers strings need to be encrypted as the client spent a lot of time writing them and doesn't want someone else stealing his work to use in a competing product.

So what I want to do is set the attributes in core data to transformable, use a custom NSValueTransformer to transform the strings to NSData and while they are being transformed use RNEncrypt to encrypt and decrypt.

So far so good.

Here is my predicament: I need to use a key to encrypt and decrypt the data but how do I get/create it?

My options:

• hardcode it == bad!
• generate key and store in keychain == not the right type of security. ie. does not protect against owner of the device.
• generate key from user password == no other reason for the user to have to login.
• the app connects to a server and gets a key with some authentication stuff(I don't know what is involved exactly) == I don't want to rely on a network connection for the app to work.
• obfuscation, I feel like if I create a string from bits of other strings and method sigs and then hash it then that will be enough == It probably won't be.

My questions then are these: - Obfuscation, can it be enough, has anyone else had success with it? - From my research I've learnt that a hacker with an ipa can see all the hardcoded strings, class names and method sigs but they can't see the code inside the methods (is that correct?), so how could someone read the key if it was built up/generated inside a method? - As the title, Can I use Obfuscation? - Are there any options I have missed?

For the record, if I have to then I'll make people register and login.

Answer 1

You cannot store data locally securely . As soon as you are able to decrypt it an attacker can as well. That goes for EVERY encryption technique. No matter what you try.

You have to store the data or a different decryption key for each data point on a server and retrieve it one by one every time. You additionally have to make sure that the user does not just send 100s of requests and retrieves all data by hand.

Note that storing just one key on a server will result in the exact same thing as writing it hardcoded in the app. And not limiting the requests will just cause the attacker to need a little more time than just looking at an already decrypted local db.

Of course you can obfuscate it to make it seem like it has some good encryption behind it - but if someone WANTS to get the data, he will be able to.

Regarding the code in an ipa: you will not be able to see the original code but you will be able to see some code that produces the same output as the original code. As long as the device can produce the valid key, an attacker can as well.

I do not know if there is a huge community out there that is looking through random apps to steal some of its internal questions / answers / data, I doubt it.

You just have to make the product sooooo good that no competing product with the same data has any chance against it. The data itself can always be "stolen".