Encrypted String
The default value of an encrypted String
is nil. You must change the default value of the property by assigning a new plain text value in an overridden reset
method.
This page describes encrypted strings. Appfigurate also supports plain textual strings.
Local properties
Editable List UI
Allows a string property to be changed in Appfigurate by allowing the user to select from a predefined list of valid choices. The user can customize the list adding by additional values using a text field and an optional regular expression validating input.
Swift @EncryptedStringPropertyListEdit prototype
@EncryptedStringPropertyListEdit(regex, description, encrypted, restart, values)
var propertyName:
The encrypted
parameter of EncryptedStringPropertyListEdit
must be the result of calling the ENCRYPTED()
function. e.g.
... description: "url", encrypted: ENCRYPTED(), restart: ...
Swift @EncryptedStringPropertyListEdit example
@EncryptedStringPropertyListEdit(regex: #"https://[\w\.-]+\.appfigurate.io/.*"#, description: "url", encrypted: ENCRYPTED(), restart: false, values: [
"Dev":ENCRYPTED_STRING("https://dev.appfigurate.io/list","H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ=="),
"Test":ENCRYPTED_STRING("https://test.appfigurate.io/list","PL+UtWB9WHuO7...aX5BdNqEcbmQE="),
"Prod":ENCRYPTED_STRING("https://m.appfigurate.io/list","IxrJFFUarMg6p...E7OWYOC2uJ1AQ==")])
var url:
override func reset() {
url = "https://m.appfigurate.io/list"
}
...
ENCRYPTED_STRING function
Swift ENCRYPTED_STRING prototype
func ENCRYPTED_STRING(_ plaintext: String, _ ciphertext: String) -> String
For an iOS app (or watchOS and it's companion iOS app) where the APLConfiguration
subclass has one public key use the ENCRYPTED_STRING
function for each list item in the @EncryptedStringPropertyListEdit
.
The first parameter of the ENCRYPTED_STRING
function is the plaintext, and will be used by DEBUG
builds. The second parameter of the ENCRYPTED_STRING
macro is the ciphertext, and will be used by RELEASE
builds. To generate the ciphertext, use the source editor extension for Xcode or AppfigurateSE app.
Swift ENCRYPTED_STRING example
@EncryptedStringPropertyListEdit(regex: #"https://[\w\.-]+\.appfigurate.io/.*"#, description: "url", encrypted: ENCRYPTED(), restart: false, values: [
"Dev":ENCRYPTED_STRING("https://dev.appfigurate.io/list","H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ=="),
"Test":ENCRYPTED_STRING("https://test.appfigurate.io/list","PL+UtWB9WHuO7...aX5BdNqEcbmQE="),
"Prod":ENCRYPTED_STRING("https://m.appfigurate.io/list","IxrJFFUarMg6p...E7OWYOC2uJ1AQ==")])
var url: String
ENCRYPTED_STRING_IOS_WATCHOS function
Note: Using different public keys and the ENCRYPTED_STRING_IOS_WATCHOS function for watchOS and it's companion iOS app is deprecated will be removed in the upcoming Appfigurate 4 release. Migrate to shared public keys and the ENCRYPTED_STRING function instead.
Swift ENCRYPTED_STRING_IOS_WATCHOS prototype
func ENCRYPTED_STRING_IOS_WATCHOS(_ plaintext: String, _ ciphertextIOS: String, _ ciphertextWatchOS: String) -> String
For an iOS and watchOS app where the APLConfiguration
subclass has two public keys, use the ENCRYPTED_STRING_IOS_WATCHOS
function for each list item in the @EncryptedStringPropertyListEdit
.
The first parameter of the ENCRYPTED_STRING
function is the plaintext, and will be used by DEBUG
builds. The second and third parameters of the ENCRYPTED_STRING
function are the ciphertext for iOS and watchOS apps, and will be used by RELEASE
builds. To generate the ciphertext, use the source editor extension for Xcode or AppfigurateSE app.
Swift ENCRYPTED_STRING_IOS_WATCHOS example
@EncryptedStringPropertyListEdit(regex: #"https://[\w\.-]+\.appfigurate.io/.*"#, description: "url", encrypted: ENCRYPTED(), restart: false, values: [
"Dev":ENCRYPTED_STRING_IOS_WATCHOS("https://dev.appfigurate.io/list","H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ==","JaMa92a122zZs...Mnz23KamnZ0a="),
"Test":ENCRYPTED_STRING_IOS_WATCHOS("https://test.appfigurate.io/list","PL+UtWB9WHuO7...aX5BdNqEcbmQE=","Na1MSadBCaDD...KKANZias199Km=="),
"Prod":ENCRYPTED_STRING_IOS_WATCHOS("https://m.appfigurate.io/list","IxrJFFUarMg6p...E7OWYOC2uJ1AQ==","aZSDIMSaasiaM...8SKS1MMahfpIa=")])
var url: String
...
ENCRYPTED function
Swift ENCRYPTED prototype
func ENCRYPTED() -> Bool
Used in conjunction with the @EncryptedStringPropertyListEdit
property wrapper. The encrypted
parameter of @EncryptedStringPropertyListEdit
must be the result of calling the ENCRYPTED()
function. e.g.
... description: "url", encrypted: ENCRYPTED(), restart: ...
The function returns true
if the calling app has been compiled in RELEASE mode or false
if the calling app has been compiled in DEBUG mode.
ENCRYPTED function & Swift compiler ‣ Optimizing for Size
Warning: The ENCRYPTED function will behave incorrectly if the apps build settings Swift compiler - Code generation ‣ Optimization Level
is set to Optimize for Size
(-Osize). The default Swift compiler optimization levels are No Optimization
for DEBUG
builds and Optimize for Speed
-Ospeed for RELEASE
builds. If you must use -Osize, then implement your own isEncrypted()
style function as follows:
Swift isEncrypted example
func isEncrypted() {
#if DEBUG
return false
#else
return true
#end
}
Then call your own isEncrypted()
function instead of the provided ENCRYPTED()
function e.g.
... description: "url", encrypted: isEncrypted(), restart: ...
Encryption best practice
iOS and watchOS
Using ENCRYPTED_STRING
and ENCRYPTED_STRING_IOS_WATCHOS
guarantees that the plaintext of the list item values will not be included in the resulting application binary, only the ciphertext. The ciphertext can only be decrypted by Appfigurate using the correct private key.
You can verify that the plain text is not included in the RELEASE application binary using the macOS strings
tool as follows:
Terminal
> cd ~/Library/Developer/Xcode/DerivedData/AppfigurateWorkspace-esajjxyazigjunfteipthjfiobut/Build/Products/Release-iphoneos/AppfigurateExample (iOS).app
> strings AppfigurateExample | grep "https://dev.appfigurate.io/list" // no results
> strings AppfigurateExample | grep "H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ==" // prints H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ==
It is best practice to use ENCRYPTED_STRING
and ENCRYPTED_STRING_IOS_WATCHOS
to encrypt sensitive information such as server urls (e.g. internal test environments), rather than expose them as plain text.
Android
Using a combination of BuildConfig.ENCRYPTED
and ProGuard guarantees that the plaintext of the list item values will not be included in the resulting application binary, only the ciphertext. The ciphertext can only be decrypted by Appfigurate using the correct private key.
You can verify that the plaintext is not included in the RELEASE build variant APK or AAB using the macOS strings tool as follows:
Terminal
> cd AppfigurateExample/build/outputs/apk/release
> unzip AppfigurateExample-release.apk
> d2j-dex2jar -f classes.dex
> unzip classes-dex2jar.jar
> cd nz/co/electricbolt/appfigurateexample
> strings - ExampleConfiguration.class | grep "https://dev.appfigurate.io/list" // no results
> strings - ExampleConfiguration.class | grep "jm9SM4MEYa4FR...glwMGnpRI4JAQ==" // prints jm9SM4MEYa4FR...glwMGnpRI4JAQ==
Flutter
Ensure you have read the encryption best practices for iOS and watchOS, and Android sections.
React Native
Ensure you have read the encryption best practices for iOS and watchOS, and Android sections.
Last updated