During the Enterprise Titanium development cycle, there is often the requirement to encrypt in-process or persisted JavaScript objects or variables. The Securely
framework provides a StringCrypto
proxy with convenience methods for key generation of AES and DES bi-directional encryption.
This recipe describes how to use the Securely.StringCrypto
object to encrypt and decrypt JavaScript objects in a secure manner.
This recipe uses the Securely
native module. This module and other code assets can be downloaded from the source provided by the book. Installing these in your project is straightforward. Simply copy the modules
folder into the root of your Titanium Project. Please review the Getting ready section of the Using secure properties recipe for instructions on module setup before continuing.
This example is designed to run within the context of a Ti.UI.Window
or other component within a single Titanium context. This section demonstrates how to use the StringCrypto
method of Securely
to encrypt JavaScript objects. For more information, please reference the app.js
included with the recipe's source.
Once you have added the Securely
module to your project, you need to create your application namespace in the app.js
file and use require
to import the module into your code as the following code snippet demonstrates:
//Create our application namespace var my = { secure : require('bencoding.securely'), isAndroid : Ti.Platform.osname === 'android' };
Key generation is an important part of cryptography and to assist with this process, Securely
has two built-in convenience methods.
The first key generation convenience method is called generateDerivedKey
. This method includes the string input provided by the user into the salt algorithm used to determine the key. This approach is helpful if the seed value needs to be known or derived by another accessing system. The following steps demonstrate two common approaches for generating the seed value to be provided to the generateDerivedKey
method:
Ti.Platform.createUUID
method to generate a GUID:var usingGUID = my.secure.generateDerivedKey(Ti.Platform.createUUID());
Ti.App.guid
to create a derived key using the GUID from your project's tiapp.xml
file.var usingAppID = my.secure.generateDerivedKey(Ti.App.guid);
The second key generation convenience method is called generateRandomKey
. As its name indicates, a random alphanumeric string is generated and used as the seed value. The following code snippet demonstrates how to create a key value using the generateRandomKey
method.
var randomKey = my.secure.generateRandomKey();
Securely
supports the older Data Encryption Standard (DES) encryption algorithm. Support for this algorithm is primarily provided for intercommunication with legacy systems. Wherever possible, the stronger AES encryption should be used instead.
The DESEncrypt
method requires a key and a string to encrypt. This method will then return a DES encrypted string. If an error is generated during the encryption process a null value is returned. The following demonstrates how to encrypt both a JavaScript string and object using this method.
var desEncryptedString = stringCrypto.DESEncrypt (usingGUID, plainTextString); var desEncryptedObject = stringCrypto.DESEncrypt (usingGUID, JSON.stringify(plainObject));
Any non-JavaScript string elements must first be converted into a JavaScript string before being provided to the DESEncrypt
function.
The DESDecrypt
method is used to decrypt a string encrypted with the DES algorithm. This method requires the key and a string with the encrypted value. The DESDecrypt
method will then return a string with the decrypted value. The following snippet demonstrates how to use the DESDecrypt
method to decrypt both a string and object.
var desDecryptedString = stringCrypto.DESDecrypt (usingGUID, desEncryptedString);
The following code snippet demonstrates how to use JSON.parse
to re-build the JavaScript object from the decrypted JSON string.
var desDecryptedObject = JSON.parse (stringCrypto.DESDecrypt(usingGUID, desEncryptedObject));
The AESEncrypt
method requires a key and a string to encrypt. This method will then return an AES-encrypted string. If an error is generated during the encryption process, a null value is returned. The following code snippet demonstrates how to encrypt both a JavaScript string and object using this method.
var aesEncryptedString = stringCrypto.AESEncrypt (usingGUID, plainTextString); var aesEncryptedObject = stringCrypto.AESEncrypt (usingGUID, JSON.stringify(plainObject));
The AESDecrypt
method is used to decrypt a string encrypted with the AES algorithm. This method requires the key and a string with the encrypted value. The AESDecrypt
method will then return a string with the decrypted value. The following code snippet demonstrates how to use the AESDecrypt
method to decrypt both a string and an object.
var aesDecryptedString = stringCrypto.AESDecrypt (usingGUID, aesEncryptedString);
The following code snippet demonstrates how to use JSON.parse
to rebuild the JavaScript object from the decrypted JSON string.
var aesDecryptedObject = JSON.parse (stringCrypto.AESDecrypt(usingGUID, aesEncryptedObject));
Titanium SDK objects such as Ti.UI.View
are not real JavaScript objects, and therefore, cannot be serialized and encrypted effectively. To encrypt Titanium objects, you must first copy all of the Titanium object's properties into a pure JavaScript object and then convert the JavaScript object to a JSON string as shown earlier. During the decryption process, the reverse approach can be taken to recreate the Titanium object.
Securely
module, for installation details please review the Getting ready section of the Using secure properties recipe18.117.103.219