HomeDocumentation

Encrypted String

The default value of an encrypted String is "". You must change the default value of the property by assigning a new plain text value in an overridden reset method.

This page describes encrypted strings. Appfigurate also supports plain textual strings.

Local properties

Editable List UI

Allows a string property to be changed in Appfigurate by allowing the user to select from a predefined list of valid choices. The user can customize the list adding by additional values using a text field and an optional regular expression validating input.

Swift @EncryptedStringPropertyListEdit prototype

@EncryptedStringPropertyListEdit(regex, description, encrypted, restart, values)
var propertyName:

The encrypted parameter of EncryptedStringPropertyListEdit must be the result of calling the ENCRYPTED() function. e.g.

... description: "url", encrypted: ENCRYPTED(), restart: ...

Swift @EncryptedStringPropertyListEdit example

    @EncryptedStringPropertyListEdit(regex: #"https://[\w\.-]+\.appfigurate.io/.*"#, description: "url", encrypted: ENCRYPTED(), restart: false, values: [
        "Dev":ENCRYPTED_STRING("https://dev.appfigurate.io/list","H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ=="),
        "Test":ENCRYPTED_STRING("https://test.appfigurate.io/list","PL+UtWB9WHuO7...aX5BdNqEcbmQE="),
        "Prod":ENCRYPTED_STRING("https://m.appfigurate.io/list","IxrJFFUarMg6p...E7OWYOC2uJ1AQ==")])
    var url: 
    
    override func reset() {
        url = "https://m.appfigurate.io/list"
    }
    ...

ENCRYPTED_STRING function

Swift ENCRYPTED_STRING prototype

func ENCRYPTED_STRING(_ plaintext: String, _ ciphertext: String) -> String

For an iOS app (or watchOS and it's companion iOS app) where the APLConfiguration subclass has one public key use the ENCRYPTED_STRING function for each list item in the @EncryptedStringPropertyListEdit.

The first parameter of the ENCRYPTED_STRING function is the plaintext, and will be used by DEBUG builds. The second parameter of the ENCRYPTED_STRING macro is the ciphertext, and will be used by RELEASE builds. To generate the ciphertext, use the source editor extension for Xcode or AppfigurateSE app.

Swift ENCRYPTED_STRING example

    @EncryptedStringPropertyListEdit(regex: #"https://[\w\.-]+\.appfigurate.io/.*"#, description: "url", encrypted: ENCRYPTED(), restart: false, values: [
        "Dev":ENCRYPTED_STRING("https://dev.appfigurate.io/list","H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ=="),
        "Test":ENCRYPTED_STRING("https://test.appfigurate.io/list","PL+UtWB9WHuO7...aX5BdNqEcbmQE="),
        "Prod":ENCRYPTED_STRING("https://m.appfigurate.io/list","IxrJFFUarMg6p...E7OWYOC2uJ1AQ==")])
    var url: String

ENCRYPTED function

Swift ENCRYPTED prototype

func ENCRYPTED() -> Bool

Used in conjunction with the @EncryptedStringPropertyListEdit property wrapper. The encrypted parameter of @EncryptedStringPropertyListEdit must be the result of calling the ENCRYPTED() function. e.g.

... description: "url", encrypted: ENCRYPTED(), restart: ...

The function returns true if the calling app has been compiled in RELEASE mode or false if the calling app has been compiled in DEBUG mode.

ENCRYPTED function & Swift compiler ‣ Optimizing for Size

Warning: The ENCRYPTED function will behave incorrectly if the apps build settings Swift compiler - Code generation ‣ Optimization Level is set to Optimize for Size (-Osize). The default Swift compiler optimization levels are No Optimization for DEBUG builds and Optimize for Speed -Ospeed for RELEASE builds. If you must use -Osize, then implement your own isEncrypted() style function as follows:

Swift isEncrypted example

func isEncrypted() {
#if DEBUG
	return false
#else
	return true
#end
}

Then call your own isEncrypted() function instead of the provided ENCRYPTED() function e.g.

... description: "url", encrypted: isEncrypted(), restart: ...

Encryption best practice

iOS and watchOS

Using ENCRYPTED_STRING guarantees that the plaintext of the list item values will not be included in the resulting application binary, only the ciphertext. The ciphertext can only be decrypted by Appfigurate using the correct private key.

You can verify that the plain text is not included in the RELEASE application binary using the macOS strings tool as follows:

Terminal

> cd ~/Library/Developer/Xcode/DerivedData/AppfigurateWorkspace-esajjxyazigjunfteipthjfiobut/Build/Products/Release-iphoneos/AppfigurateExample (iOS).app
> strings AppfigurateExample | grep "https://dev.appfigurate.io/list"     // no results
> strings AppfigurateExample | grep "H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ=="     // prints H7o9Lgqd4RgMJ...rtJQGh8DiiSAQ==

It is best practice to use ENCRYPTED_STRING to encrypt sensitive information such as server urls (e.g. internal test environments), rather than expose them as plain text.

Android

Using a combination of BuildConfig.ENCRYPTED and ProGuard guarantees that the plaintext of the list item values will not be included in the resulting application binary, only the ciphertext. The ciphertext can only be decrypted by Appfigurate using the correct private key.

You can verify that the plaintext is not included in the RELEASE build variant APK or AAB using the macOS strings tool as follows:

Terminal

> cd AppfigurateExample/build/outputs/apk/release
> unzip AppfigurateExample-release.apk
> d2j-dex2jar -f classes.dex
> unzip classes-dex2jar.jar
> cd nz/co/electricbolt/appfigurateexample
> strings - ExampleConfiguration.class | grep "https://dev.appfigurate.io/list" // no results
> strings - ExampleConfiguration.class | grep "jm9SM4MEYa4FR...glwMGnpRI4JAQ==" // prints jm9SM4MEYa4FR...glwMGnpRI4JAQ==

The dex2jar tool can be installed using brew.

Flutter

Ensure you have read the encryption best practices for iOS and watchOS, and Android sections.

React Native

Ensure you have read the encryption best practices for iOS and watchOS, and Android sections.

PreviousPlain StringNextCustom executable actions

Last updated