All geek questions in one place

File Permissions with the Mac App

I am creating a mac application that encrypts a file. Now that the user is ready to open the file, I have to decrypt it and transfer it to the application, say, a preview in this case.

What is the best approach for this? Should I decrypt the file to a folder and send this place for preview? Is this the best approach, can I make any file permissions for other applications or processes, do not access this file?

+6
source share
1 answer

If you need to put a plaintext file on the file system to allow another program to read, then it may not be possible to make it 100% safe. My preference would be to avoid if security is important. Possible alternatives:

  • Use an encrypted exchange format that another tool accepts. For example, Preview can read encrypted PDF files . You can use the PDF Kit or the basic Quartz 2D library to write encrypted PDF files. Note that the default encryption is 40 bits; you probably want to increase this with kCGPDFContextEncryptionKeyLength .
  • Serve the data through localhost in another program, for example. browser. You can embed a loopback in your web server and present your data as a web page. You must disable browser caching (so that the browser does not write text), and you will need to add some form of authentication (so that the hacker does not request data).

If you must put cleartext in the file system, in addition to restricting file permissions, you can unlink the file after it opens another program. This will prevent normal file access methods and delete it when another program closes it. However, this does not protect access to the file system before the file is detached or from attacks that bypass the file system.

+2
source

Source: https://habr.com/ru/post/986765/

More articles:


All Articles