Encrypting streaming content onto persistent storage and decrypting it to the stream on iPhone

Question

Hello fellow developers,

My app "streams" content (fixed sized files, hence quotation marks) from an HTTP server into a local file. Then there is another component of the app that opens that same file and displays it (plays it).

This is done for caching purposes, so that when the same file is requested next time, it will no longer need to be downloaded from the server.

App's spec requires that all local content is encrypted (even with the most light weight encryption)

Question: has there been done any work, allowing one to simply redirect the stream to a library which will then save the stream encrypted into a file? And then, when I request the stream from the local file, the library returns an on the fly decrypted stream?

I've been searching for a solution with no results so far

Thanks

Answer 1

I wouldn't worry about encryption just because Apple says so.

Make this work how you want it (without encryption, it sounds like) and submit it for approval. If approved, you're good. If not, worry about it then. If your design requires you to make a decision now, your design might be flawed.

Answer 2

I ended up writing a custom solution that uses RC4 encryption from the built in Crypt library. It was surprisingly straight forward. Basically it involved creating a function that encrypts/decrypts chunks of NSData and then read/write those chunks to files... Here's the function that does the encryption in case someone else is interested:

- (NSData*)RC4EncryptDecryptWithKey:(NSString *)key operation:(CCOperation)operation
{
        // convert to C string..
        int keySize = [key length];
        char keyPtr[keySize];
        bzero(keyPtr, sizeof(keyPtr));
        [key getCString:keyPtr
              maxLength:sizeof(keyPtr)
               encoding:NSUTF8StringEncoding];

        // encode/decode
        NSUInteger dataLength = [self length];
        size_t bufferSize = dataLength;
        void *buffer = malloc(bufferSize);

        size_t numBytesOut = 0;
        CCCryptorStatus cryptStatus = CCCrypt(operation,
                                              kCCAlgorithmRC4,
                                              kCCOptionECBMode,
                                              keyPtr,
                                              8,
                                              NULL,
                                              [self bytes],
                                              dataLength,
                                              buffer,
                                              bufferSize,
                                              &numBytesOut);
        if (cryptStatus == kCCSuccess) {
                return [NSData dataWithBytesNoCopy:buffer
                                            length:numBytesOut
                                      freeWhenDone:YES];
        }

        free(buffer);
        return nil;
}

- (NSData*)RC4EncryptWithKey:(NSString*)key {
   return [self RC4EncryptDecryptWithKey:key operation:kCCEncrypt];
}

- (NSData*)RC4DecryptWithKey:(NSString*)key {
   return [self RC4EncryptDecryptWithKey:key operation:kCCDecrypt];
}

Obviously one could create something more secure (eg AES) or whatever (in fact I used examples of other encryption wrappers to write this one)