This cordova plugin allows the decryption of RSA encrypted data files in iOS applications. This is done by importing a P12 certificate in the application key-chain and using this certificate to decrypted the data files.
Note that this plugin is only able to decrypt data files using the RSA certificate. Refer to repository JS RSA Encryption for the encryption of data files using the RSA certificate.
-
iOS version 10 or later
-
RSA Key Pair (public and private key)
This plugin makes use of RSA encryption. This is a asymmetric algorithm: encryption and decryption is done via different keys. Data is encrypted using a RSA public key. The decryption is only possible via the related RSA private key. The Cordova Plugin requires this private key in order to decrypt data files. The public key is used in the application that will create the encrypted data files (see repository JS RSA Encryption)There are various ways to retrieve a RSA keypair. Below the steps are explained which make use of the KeyChain in MacOS to generate a RSA Key-Pair.
- Open the Keychain Access App on MacOS
- Choose Keychain Access > Certificate Assistant > Create a Certificate.
- Enter a name for the certificate.
- Choose for "Self-Signed" identity type
- Choose for "S/MIME" certificate type
- Check the "Let me override defaults" setting
- In the next screen, set the validity period of the certificate
- In the next screen, enter your certificate information
- Set the key-size to 2048-bits and choose for the RSA algorithm
- In the next screen choose for Key Usage Extension "Key encipherment", uncheck "Signature"
- In the next screen, uncheck "Include extended key usage extension"
- In the next screens, uncheck all options
- Store the certificate in "Login"
- Open the Keychain Access App on MacOS
- Select category "Certificates" from the "Login" keychain
- Right mouse-click on the certificate that you just created and select "Export..."
- Save the P12-file to a location on your MacOS. During the export, you will be asked for a password to protect the file.
- Change the extension from .p12 to your preferred extension which later is mapped to your application during the installation of the Cordova plugin (see Certificate Extension).
Note:
Be careful with this file, this contains the private key that is able to decrypt all the data. This file including its password should be kept save.- Open the Keychain Access App on MacOS
- Select category "Keys" from the "Login" keychain
- Select your created public key (key type is 'public key')
- Right mouse-click on the key and select "Export..."
- Save the PEM-file to a location on your MacOS
This plugin allows users to install certificates and decrypt files. Both the certificate and the encrypted data files are provided to the to the application via the iOS 'Open in...' functionality. In order to make this work, file extensions need to be mapped to the application. This mapping is done during the installation of the plugin.
Two variables need to be passed:
-
CERTIFICATE_EXTENSION
This is the file extension that will be mapped in order to install the certificate. When exporting the certificate from the key chain (which is explained in js-rsaencryption) the file has extension p12. P12 extensions are automatically installed in an internal key-chain which is not accessible in the application. For that reason, the P12 extension should be changed to something else. That 'something else' is what needs to be provided in this variable. When receiving a file with that extension (via email or via safari), the file will be opened into the application. -
ENCRYPTEDDATA_EXTENSION
Just like the extension for the certificate, a mapping needs to be made for the encrypted data files. This extension needs to differ from the certificate extension.
The plugin can be installed from the master repo using:
$ cordova plugin add https://github.com/just-bi/cordova-plugin-rsacertificate --variable CERTIFICATE_EXTENSION=jbc --variable ENCRYPTEDDATA_EXTENSION=jbiThe check for new data files should be done everytime the application is started or resumed:
document.addEventListener('deviceready', onApplicationStarted, false);
document.addEventListener('resume', onApplicationStarted, false);
function onApplicationStarted() {
// insert the cordova authentication plugin code here
}First you'll want to check if a new certificate is imported to the application. This is done via the updateCertificate function. It checks for a file in the Inbox that has the extension that is defined for the certificates in the configuration of the plugin.
In case a new certificate is found, the certificate is added to the key chain and a message is displayed. Afterwards the success callback in JavaScript is triggered. When no new certificate was found, the success callback is directly triggered. When anything goes wrong during the check for a new certificate, the error callback is triggered.
cordova.plugin.rsacertificate.updateCertificate(
// update of the certificate is done
function(newCertificateInstalled) {
if (newCertificateInstalled) {
cordova.plugin.rsacertificate.deleteDataFiles(function() {
alert('Successfully installed the new cerficate!\n\nPlease select a data file and use the Open in... functionality in order to use this application.');
});
} else {
getData();
}
}.bind(this),
// something went wrong during the update of the certificate
function(errorMessage) {
console.error(errorMessage);
}
);Next the function for reading the encrypted data file can be called. This function will check if a file in the Inbox is available with the extension that was defined for the encrypted datafiles in the configuration of the plugin. If found, the plugin will try to decrypt the file based on the certificate in the app. If that is possible, the file content will be passed back to JavaScript as a parameter of the success callback. If something goes wrong, the error callback is triggered having the error message as parameter.
function getData() {
cordova.plugin.rsacertificate.decryptFile(
// successfully decrypted the file
function(fileContent) {
startYourApplication();
},
// unable to decrypt the file
function(errorMessage) {
console.error(errorMessage);
}
);
}For security reasons you may need to remove data files or the certificate. The following functions can be used for that.
-
Data Files Only
function deleteDataFiles() { cordova.plugin.rsacertificate.deleteDataFiles(function() { // data files are deleted }); }
-
Certificate Only
function deleteCertificate() { cordova.plugin.rsacertificate.deleteCertificate(function() { // certificate is deleted }); }
-
Both Certificate and Data Files:
function cleanUp() { cordova.plugin.rsacertificate.cleanup(function() { // certificate and data files are deleted }); }
-
Bootstap a cordova test application
cordova create testapp com.justbi.testapp TestApp cd testapp -
Add the iOS platform
cordova platform add ios
-
Add the cordova plugin
cordova plugin add https://github.com/just-bi/cordova-plugin-rsacertificate --variable CERTIFICATE_EXTENSION=jbc --variable ENCRYPTEDDATA_EXTENSION=jbi
-
Setup the application authentication Replace the content of the www/js/index.js file with the following:
document.addEventListener('deviceready', onApplicationStarted, false); document.addEventListener('resume', onApplicationStarted, false); function onApplicationStarted() { // Function to update the certificate to the iOS key-chain function updateCertificate() { cordova.plugin.rsacertificate.updateCertificate( function(newCertificateInstalled) { if (newCertificateInstalled) { cordova.plugin.rsacertificate.deleteDataFiles(function() { alert('Successfully installed the new cerficate!\n\nPlease select a data file and use the Open in... functionality in order to use this application.'); }); } else { getData(); } }.bind(this), function(errorMessage) { alert(errorMessage); } ); } // Function to decrypt the data file function getData() { cordova.plugin.rsacertificate.decryptFile( function(fileContent) { alert(fileContent); }, function(errorMessage) { alert(errorMessage); } ); } updateCertificate(); }
-
Build the iOS application
cordova build ios