Enabling OpenSSL for iOS

The MobileFirst iOS SDK uses native iOS APIs for cryptography. You can configure the IBM MobileFirst™ Platform Foundation V8.0.0 to use the OpenSSL cryptography library in iOS apps.

Encryption/decryption is provided with the following APIs: WLSecurityUtils.encryptText() and WLSecurityUtils.decryptWithKey()

Option 1: Native encryption and decryption

Native encryption and decryption is provided by default, without using OpenSSL. This is equivalent to explicitly setting the encryption or decryption behavior as follows:

WLSecurityUtils enableOSNativeEncryption:YES

Option 2: Enabling OpenSSL

OpenSSL is disable by default. To enable it, proceed as follows:

Install the OpenSSL frameworks:
- With CocoaPods: Install the IBMMobileFirstPlatformFoundationOpenSSLUtils pod with CocoaPods. See Adding OpenSSL with CocoaPods.
- Manually in Xcode: Link the IBMMobileFirstPlatformFoundationOpenSSLUtils and openssl frameworks manually in the Link Binary With Libraries section of the Build Phases tab. See Adding OpenSSL frameworks manually.
The following code enables the OpenSSL option for the encryption/decryption:
WLSecurityUtils enableOSNativeEncryption:NO
The code will now use the OpenSSL implementation if found and otherwise throw an error if the frameworks are not installed correctly.

With this setup, the encryption/decryption calls use OpenSSL as in previous versions of the product.

Migration options

If you have an MobileFirst project that was written in an earlier version, you might need to incorporate changes to continue using OpenSSL.

If the application is not using encryption/decryption APIs and no encrypted data is cached on the device, no action is needed.
If the application is using encryption/decryption APIs, you have the option of using these APIs with or without OpenSSL.

Migrating to native encryption

Make sure the default native encryption/decryption option is chosen (see Option 1).
Migrating cached data: If the previous installation of IBM MobileFirst Platform Foundation saved encrypted data to the device using OpenSSL, OpenSSL frameworks must be installed as described in Option 2. The first time the application attempts to decrypt the data it will fall back to OpenSSL and then encrypt it using native encryption. If the OpenSSL framework is not installed an error is thrown. This way the data will be auto-migrated to native encryption allowing subsequent releases to work without the OpenSSL framework.

Continuing with OpenSSL

If OpenSSL is required use the setup described in Option 2.