Security through obscurity for iOS apps.
Inspired by twenty3/Obfuscator, and these articles:
This package contains both a library and command line tool.
obfuscate command line tool to encrypt your secret token. It generates both a token and a key (A.K.A. salt) you can use to reveal the original value.
Include the library in your application to decode the value at runtime.
$ mint install salishseasoftware/obfuscate
Clone the repo then:
$ make install
Or using swift itself:
$ swift build -c release $ cp .build/release/obfuscate /usr/local/bin/obfuscate
Generate the Xcode project:
$ swift package generate-xcodeproj $ open ./obfuscate.xcodeproj
/usr/local/bin/or wherever you prefer.
OVERVIEW: Security through obscurity A utility to obfuscate a string using a randomly generated salt, and reveal the original value using the obfuscates string and the salt. You can include the obfuscated string in your applications source code and provide the key through some type of configuration method (ENV, XCConfig file, etc). Then use the `Obfuscator` library to decrypt the token at runtime when needed. The important bit is that your original secret should not be present in your source code, config files, or your SCM system. It is recommended that your generated key not be checked into your SCM system either. Keep in mind however that it's likely you will need to include the generated key in your apps bundle, so it's far form a perfect solution. USAGE: obfuscate <subcommand> OPTIONS: -h, --help Show help information. SUBCOMMANDS: encrypt (default) Obfuscates a string. decrypt Reveals an obfuscated string. See 'obfuscate help <subcommand>' for detailed help.
OVERVIEW: Obfuscates a string. Generates a token from the provided string, along with a key that can be used to decrypt the token, and reveal the original value. USAGE: obfuscate encrypt <string> ARGUMENTS: <string> OPTIONS: -h, --help Show help information.
OVERVIEW: Reveals an obfuscated string. Decrypts the provided token using the key to reveal the original value. USAGE: obfuscate decrypt --token <token> --key <key> OPTIONS: -t, --token <token> The obfuscated string -k, --key <key> Secret key -h, --help Show help information.
The Obfuscator library provides just two functions:
Encrypt a string
An error or type
ObfuscatorError.encryptionFailure if the encryption fails.
(String, String) tuple consisting of the obfuscated string (token) and a randomly generated salt (key) used to perform the encryption.
Reveals the original value of an encrypted string.
token:The encrypted string.
key:The salt used to encrypt the string.
An error or type
ObfuscatorError.decryptionFailure if the decryption fails.
The original string.
Add the package as a dependency in your Package.swift file
let package = Package( // name, platforms, products, etc. dependencies: [ .package(url: "https://github.com/salishseasoftware/obfuscate", from: "0.1.0"), // other dependencies ], targets: [ .target(name: "<a-target>", dependencies: [ .product(name: "Obfuscator", package: "obfuscate"), ]), // other targets ] )