[Mono-osx] secure html file in app

Aaron Oneal aaron.oneal at spicypixel.com
Tue Dec 18 18:33:37 UTC 2012

Keep in mind that using encryption to obfuscate the data at rest may not 
be sufficient for all situations. Depending on how this approach is 
implemented one can attach a debugger to retrieve the decrypted HTML 
from memory. If an interested party has physical access to the device 
and app while doing the decrypting, the data is not safe.

If you trust your users not to do this and are requiring authentication 
before decrypting, then this could work if you don't ship the encryption 
keys with your app but instead release them over a secure channel after 
authentication and clear them when not in use. If you can't trust your 
users with the content, or if you ship the encryption keys with your 
app, then an attacker already has what they need.

Tufnell wrote:
> One approach would be:
> 1) Encrypt your HTML text and store it as an embedded resource file.
> 2) Decrypt the encrypted HTML from the resource into memory on on the fly in
> your app when you need it.

More information about the Mono-osx mailing list