Encryption API for Objective-C SDK

PubNub Objective-C SDK provides built-in message encryption to secure your real-time communications. This documentation covers crypto module configuration and utility methods for encrypting and decrypting messages using both legacy 128-bit and enhanced 256-bit AES-CBC encryption.

For general SDK configuration and initialization, refer to the Configuration page.

Configuration

`cryptoModule` configuration

To configure the cryptoModule to encrypt all messages/files, you can use the following methods in the Objective-C SDK:

// encrypts using 256-bit AES-CBC cipher (recommended)
// decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers
config.cryptoModule = [PNCryptoModule AESCBCCryptoModuleWithCipherKey:@"enigma"
                                           randomInitializationVector:YES];

// encrypts with 128-bit cipher key entropy (legacy)
// decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers
config.cryptoModule = [PNCryptoModule legacyCryptoModuleWithCipherKey:@"enigma" 
                                           randomInitializationVector:YES];

Your client can decrypt content encrypted using either of the modules. This way, you can interact with historical messages or messages sent from older clients while encoding new messages using the more secure 256-bit AES-CBC cipher.

Older SDK versions

Apps built using the SDK versions lower than 5.1.3 will not be able to decrypt data encrypted using the 256-bit AES-CBC cipher. Make sure to update your clients or encrypt data using the legacy algorithm.

SDK Initialization required

Before using encryption methods, ensure your PubNub client is properly configured with subscribe key and user ID. See the Configuration guide for setup instructions.

Encryption methods

Encrypt

This function allows to encrypt the data.

Deprecated

This method uses the legacy encryption with 128-bit cipher key entropy. For more information, refer to Crypto module configuration.

Method(s)

To encrypt the data you can use the following method(s) in Objective-C SDK.

+ (nullable NSString *)encrypt:(NSData *)data
                       withKey:(NSString *)key;

* required

Parameter	Description
`data` * Type: NSData	Reference on `NSData` object which should be encrypted.
`key` * Type: NSString	Reference on `key` which should be used to `encrypt` data basing on it.

+ (nullable NSString *)encrypt:(NSData *)data 
                       withKey:(NSString *)key 
                      andError:(NSError *__autoreleasing *)error;

* required

Parameter	Description
`data` * Type: NSData	Reference on `NSData` object which should be encrypted.
`key` * Type: NSString	Reference on `key` which should be used to `encrypt` data basing on it.
`error` Type: NSError	Reference on pointer into which encryption `error` will be stored in case of encryption failure. Error can be related to JSON string serialization and encryption itself.

Sample code

Encrypt part of message

PNCryptoModule *aesCBCCrypto = [PNCryptoModule AESCBCCryptoModuleWithCipherKey:@"enigma" randomInitializationVector:YES];

NSString *message = @"No one should see me as plain";
NSData *messageData = [message dataUsingEncoding:NSUTF8StringEncoding];
NSString *secretMessage = [aesCBCCrypto encrypt:messageData];

Returns

Encrypted Base64-encoded string received from Foundation object. nil will be returned in case of failure.

Decryption methods

Decrypt

This function allows to decrypt the data.

Deprecated

This method uses the legacy encryption with 128-bit cipher key entropy. For more information, refer to Crypto module configuration.

Method(s)

To decrypt the data you can use the following method(s) in Objective-C SDK.

+ (nullable NSData *)decrypt:(NSString *)object 
                     withKey:(NSString *)key;

* required

Parameter	Description
`object` * Type: NSString	Reference on previously encrypted `Base64-encoded` string which should be decrypted.
`key` * Type: NSString	Reference on `key` which should be used to `decrypt` data.

+ (nullable NSData *)decrypt:(NSString *)object 
                     withKey:(NSString *)key 
                    andError:(NSError *__autoreleasing *)error;

* required

Parameter	Description
`object` * Type: NSString	Reference on previously encrypted `Base64-encoded` string which should be decrypted.
`key` * Type: NSString	Reference on `key` which should be used to `decrypt` data.
`error` Type: NSError	Reference on pointer into which decryption `error` will be stored in case of decryption failure. Error can be related to JSON string deserialization and decryption itself.

Sample code

Decrypt part of message

PNCryptoModule *aesCBCCrypto = [PNCryptoModule AESCBCCryptoModuleWithCipherKey:@"enigma" randomInitializationVector:YES];

NSString *encryptedMessage = messagePayload[@"secret"];
NSData *secureData = [[NSData alloc] initWithBase64EncodedString:encryptedMessage options:0];
NSData *messageData = [aesCBCCrypto decrypt:secureData];
NSString *decryptedMessage = [[NSString alloc] initWithData:messageData encoding:NSUTF8StringEncoding];

Returns

Initial NSData which has been encrypted earlier. nil will be returned in case of decryption error.

Configuration​

cryptoModule configuration​

Older SDK versions

SDK Initialization required

Encryption methods​

Encrypt​

Deprecated

Method(s)​

Sample code​

Encrypt part of message​

Returns​

Decryption methods​

Decrypt​

Deprecated

Method(s)​

Sample code​

Decrypt part of message​

Returns​

Configuration

`cryptoModule` configuration

Encryption methods

Encrypt

Method(s)

Sample code

Encrypt part of message

Returns

Decryption methods

Decrypt

Method(s)

Sample code

Decrypt part of message

Returns