GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → NativeScript → nativescript-app-encryption

NativeScript / nativescript-app-encryption

Licence: Apache-2.0 license
This plugin encrypts all your app/**.js files during a release build. In experimental state.

Programming Languages

javascript
184084 projects - #8 most used programming language
java
68154 projects - #9 most used programming language
Objective-C++
1391 projects
shell
77523 projects
objective c
16641 projects - #2 most used programming language

ATTENTION: This repository is deprecated. Use Webpack with uglify as an encryption alternative.

This plugin encrypts all of your app/**.js files during a release build.

How it works

This plugins encrypts all .js files in the app folder, except those under tns_modules with a unique AES256 key that is generated on each build. On Android, the key is embedded in native code, on iOS - the key is kept in additional __DATA section in the app binary.

For the future we are thinking about enhancing the way the encryption key is used. We need your input here. For the moment the plugin is responsible for storing and retrieving the key, but we are open for other suggestions on how to improve this. See #1.

Encryption is only applied for Release builds.

Decryption is transparently performed the first time a file is required and the result is only cached in-memory.

generate-aes256-key.js

Generates a 256-bit Base64-encoded AES key during a release build.

encrypt-file.js

Encrypts a file with AES256 (you don't need to do this yourself). Usage: encrypt-file.js <base64-encoded key> <input file path> <output file path>

Usage

Install the platforms you need for your app before installing this plugin: tns platform add [ios|android]

iOS

No additional steps required; just tns build ios --release and your .js files will be encrypted in the .ipa binary.

You can validate this on a Mac by right-clicking the .ipa and inspecting the package contents.

Android

No additional steps required; just tns build android --release and your .js files will be encrypted in the .apk binary.

To test the plugin in debug comment out the following line in platforms/android/include.gradle

appProtectionInclude.onlyIf { project.hasProperty('release') }

Additional protection

Use Proguard or Dexguard to obfuscate or encrypt strings in native files so the encryption key is hidden even more deeply.

Further reading

Encryption does not guarantee 100% protection. Any sensitive/critical logic should be kept on the server. Please read this blog post for more details - How secure is NativeScript?.

Next steps

with our 2.5 release we will also enable code obfuscation for the code as part of our integration with WebPack.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].