tags:

views:

70

answers:

1

I have some code that downloads a plist from a web server and stores it in the documents directory of the phone. My concern is that if the file becomes corrupt then it will effect the stability and user experience of the app.

I am coding defensively in the data read parts of the app, but wondered what advice is out there for checking the integrity of the file in the first place before the old one is over written. I am thinking of implementing some sort of computed value which is also stored in as a key in the plist for example.

Any thoughts about making this as robust as possible would be greatly appreciated.

Best regards

Dave

+5  A: 

Have a look at CommonCrypto/CommonDigest.h.

The CC_MD5(const void *data, CC_LONG len, unsigned char *md); function computes an MD5 hash.

@implementation NSData (MD5)

-(NSString*)md5
{
    unsigned char digest[CC_MD5_DIGEST_LENGTH];
    CC_MD5([self bytes], [self length], digest);

    NSString* s = [NSString stringWithFormat: @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
                   digest[0], digest[1], 
                   digest[2], digest[3],
                   digest[4], digest[5],
                   digest[6], digest[7],
                   digest[8], digest[9],
                   digest[10], digest[11],
                   digest[12], digest[13],
                   digest[14], digest[15]];
    return s;

}

@end

As part of the deployment of the files on the server, you can use OpenSSL to compute the hashs. The openssl md5 filename command computes an MD5 hash for a file. This can be integrated in a script.

Then after your application has downloaded a file, it computes the hash of what's been downloaded and compares it to the hash stored on the server.

Obviously, if you want to ensure the integrity of a plist file, this plist cannot contain its own hash.

Gregory Pakosz
Thanks Gregory, this is really helpful. Don't suppose you know if by doing this it constitutes the use of cryptography within your application? I'm referring to the question you get asked when submitting an app to the app store. Cheers Dave.
Magic Bullet Dave
Don't worry, your application won't be rejected for computing an MD5 hash.
Gregory Pakosz
+1 for suggesting this.
Sudhanshu