iPad On Disk Encryption是否仅影响一个应用程序或整个系统 [英] Does iPad On Disk Encryption affect only one application or whole system
问题描述
我需要我的原生iPad应用程序以加密形式存储其数据(例如通过HTTPS下载的.DOC文档)。那些.DOC文件将在iPad上的第三方应用程序中打开。
我需要知道我的应用程序和第三方应用程序的数据是否可以加密?意思是我的.DOC文件永远不会以设备的未加密形式存储。 (这里的动机是我的应用程序使用敏感信息下载文档,我希望这些文档能够在iPad上阅读,而且可以通过磁盘加密保护层。)
我正在阅读高级应用技巧@ apple.com ,使用磁盘加密保护数据一节,但无法找到任何相关信息。
首先,让我们得到硬件加密方面:
iOS支持对磁盘上的所有内容进行硬件加密。它使用与设备密码无关的密钥加密。此功能允许快速擦除设备的数据(通过覆盖设备加密密钥)。然而,它并没有真正保护您的数据不被一个能够获得您的设备的技术熟练的人员检索到;越狱将会绕过这个。
通过Data Protection API进行的每个文件加密:可以告诉iOS某些文件是要加密的通过在它们上设置一个标志。然后使用设备密码加密(如果已设置)。 注意:如果用户没有设置密码,则不会应用此额外的保护!因此,从技术上讲,此保护不受您的控制,除非您的用户在强制使用密码锁定的组织政策(使用iPhone配置实用程序或类似软件)。
使用CommonCrypto进行加密可以使用加密API来手动进行自己的加密/解密。请注意,如果您不知道自己在做什么,那么很容易滥用这些API,而不是非常安全的加密。。但是,有一些包装器,例如 RNCryptor ,这使得滥用这些API变得更加困难。
保护第三方应用程序使用的文件:您可以澄清应用程序如何与第三方应用程序共享文件?
更多信息:
-
http://www.ilounge.com/index.php / articles / comments / ios-encryption-and-data-protection /
-
< a href =https://github.com/rnapier/RNCryptor =nofollow noreferrer> https://github.com/rnapier/RNCryptor
-
依靠Data Protection API保护磁盘上的文档(用户必须设置密码,您需要告诉iOS,特定文件将被保护才能使其工作)
-
使用提到的NSURLProtocol技巧此处解密加密文件on-the-fly
Rely on Data Protection API to protect the document on-disk (user has to set a passcode and you need to tell iOS that the particular file is to be protected for this to work)
Using the NSURLProtocol trick mentioned here to decrypt an encrypted file on disk on-the-fly
使用
UIDocumentInteractionController
更新 c $ c>:
使用此方法将文档转交给其他应用程序后,数据不在您的手中,第三方应用可以做什么它喜欢它。如果您对此感到满意,并且您的主要关注点是将文档以受保护的方式存储在设备上,那么有以下几种可能性:
I need my native iPad application to store its data (say .DOC documents downloaded via HTTPS) in an encrypted form. Those .DOC files are to be opened in 3rd party apps on the iPad.
I need to know whether there is a way that data of both my application and those of 3rd party apps can be encrypted? Meaning that my .DOC file will never be stored in unencrypted form on the device. (motivation here being that my app downloads documents with sensitive information and I want those documents to be read on the iPad, but with the layer of disk-encryption protection.)
I was reading through Advanced App Tricks @ apple.com, section "Protecting Data Using On-Disk Encryption", but was unable to find any relevant information.
解决方案 First, let's get the hardware encryption aspect out of the way:
iOS supports hardware encrpytion of everything on the disk. It's encrypted with a key that has nothing to do with your device pass code. This feature is there to allow quick wiping of the device's data (by overwriting the device encryption key). It doesn't really protect your data from being retrieved by a skilled interloper who can get your device, however; a jailbreak will get around this.
Per-file encryption via the Data Protection API: iOS can be told that certain files are to be encrypted by setting a flag on them. They are then encrypted using the device pass code (if one has been set). Note: if the user hasn't set a passcode, this extra protection isn't applied! Therefore, technically, this protection is out of your control, unless your users work at an organisation that enforces passcode lock policies (using iPhone Configuration Utility or similar).
Encryption using CommonCrypto: you can use encryption APIs such as this to manually do your own encryption/decryption. Note that if you don't know what you're doing it's easily to abuse such APIs and end up with not very secure encryption. However, there are some wrappers such as RNCryptor which make it much harder to abuse these APIs.
Protecting files used by third party apps: Can you clarify how your app will share files with third party apps please?
More info:
Update
On using UIDocumentInteractionController:
Once you've handed off your document to another app using this method, the data is out of your hands and the third party app can do what it likes with it. If you're happy with that, and your main concern is just having the document stored on your device in a protected way, then there are a couple of possibilities:
这篇关于iPad On Disk Encryption是否仅影响一个应用程序或整个系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
