We are continuing our series on extending Magnet Message with a look at security. Security is a top concern for the enterprise. While basic security and encryption is standard, some industries will need more personalized options. In this edition we will look at adding additional encryption to message content. In particular we will look at encrypting text content but the suggestions we offer is extensible. Applying it to the file attachments we covered last time would not take much effort.
Our first step was to find a library that would work cross platform. On iOS I am using RNCryptor and on android we are using JNCryptor, a Java port of the library. A quick test proved that we could encrypt on one platform and decrypt on the other.
I built a simple utility class that wraps around RNCryptor and SSKeychain. SSKeychain is a popular library that adds an abstraction layer on top of the Apple keychain. Both libraries are available via CocoaPods. With these simple tools I can devise a strategy that works well for my particular use case.
Some examples would be:
- I could have a separate key for each user. The user could then decide who should have the ability to decrypt their messages and posts.
- I could have a key per role; admin, HR, sales, etc. Only those that fit the role can decrypt the data.
- I could have a default key so that anyone in my app can decrypt the data but I can still feel more secure by adding that extra layer.
In reality I would most likely use a combination of these approaches. I can use the meta data for the message to pass the necessary data needed to know how to handle decryption on the receiving side. It would not be difficult to have different content encrypted at different levels even within the same message. I have attached the utility class I created for iOS. Download it and take a look. We would also love to hear alternative approaches. If you have an elegant or interesting approach let us know!