为 APN 安全发送设备令牌 [英] Sending Device Token Safely for APNs

问题描述

对于需要推送通知的 iOS 应用程序，它必须首先请求用户授予这样做的权限.之后，生成设备令牌，远程服务器可以通过此令牌与用户通信.

我在 以及 CertMaker，我可以嗅探 HTTPS 流量，这意味着客户端可能知道他们正在发送什么数据，以及发送到哪里.

我的问题是，知道 SSL 不安全，无法保护我的客户端看不到我发送到远程服务器的内容，我是否应该简单地使用在我的应用程序中找到的密钥进行加密?

比如encrypt("device_token","secretkey_a0a0a0a")(假装这是Objective-C)?

有人不能在我的应用程序中找到那个键吗?我还阅读了这个问题，似乎有可能取回秘钥.

我的计划是这样的:

1. 在 iOS 应用程序中，生成一个名为 activate 的随机字符串.
2. 加密(不是散列)，令牌由随机字符串和我只知道的密钥组成.(secretkey_a0a0a0)
3. 将加密字符串与随机生成的字符串(活动)一起发送.
4. 在服务器端，我检查是否可以使用 active 和我的密钥解密有效令牌.
5. 如果令牌有效，我会将其保存在我的数据库中.

这可以防止人们随机输入令牌是的，但是，secretkey_a0a0a0 是一个字符串文字.很有可能在应用程序二进制文件中获得它.

我的问题是，我该如何保护这个密钥?答案也可以是，我如何防止人们也向我的服务器发送无效令牌.

我听说过加密，但它不只适用于资源文件吗?

我应该如何处理这个问题?

解决方案

如果您进行 SSL-Pinning(AFNetworking 已实现此功能)，您将无法(在合理的时间范围内)嗅探如果您没有服务器私钥，则客户端和服务器之间的 https 流量.

For iOS applications that require push notifications, it must first request the user for permission to do so. After that, a device token is generated and with this, the remote server may communicate to the user through this token.

I have read a similar question here and I do not feel it is enough. The picture below is a trusted certificate, it allows me to view all traffic that happens on this device.

With Fiddler2 as well as CertMaker, I can sniff HTTPS traffic, which means the client can probably know what data they are sending, and to where.

My question is, knowing that SSL is not secure from protecting my clients from seeing what I send to the remote server, should I simply encypt with a secret key found within my application?

Such as encrypt("device_token","secretkey_a0a0a0a") (pretend this is Objective-C)?

Couldn't someone just find that key within my application? I also read this question, and it seems that it would be possible to get back the secret key.

My plan for this goes like this:

1. Within the iOS application, Generate a random string named activate.
2. Encrypt (not hash), the token by the random string and a secret key that I only know. (secretkey_a0a0a0)
3. Send the encrypted string along with the generated randomly generated string (active).
4. Within serverside, I check if I can decrypt a valid token from using the active and my secret key.
5. I save the token in my database if it is valid.

This prevents people from random entering tokens yes, however, secretkey_a0a0a0 is a string literal. It's very possible to get this within the application binary itself.

My question is, how do I protect this secret key? The answer can also be, how can I prevent people from sending invalid tokens to my server as well.

I have heard of encryption, but doesn't that only apply to resource files?

How should I approach this?

解决方案

If you do SSL-Pinning ( AFNetworking has this implemented ) you won't be able to (in a reasonable timeframe) sniff the https traffic between the client and server if you don't have the servers private key.

这篇关于为 APN 安全发送设备令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！