I hope you can appreciate that open-sourcing my app has a number of implications for its viability in the App Store. A devil's advocate might even argue that wide publication doesn't always guarantee security, as was the case with Heartbleed.
If it helps, internally I used the iOS framework APIs for AES/RSA directly. I didn't attempt to implement them on my own. What I built was simply an abstraction on top of that. Granted, I understand that there are still ways to go astray, but certainly less if I fundamentally rely on what the crypto experts implemented.
So, to address your concerns, what if I got a commercial security audit? Can you recommend any places you would trust?
3 comments
[ 3.8 ms ] story [ 16.1 ms ] threadEither way, its a nice idea.
If it helps, internally I used the iOS framework APIs for AES/RSA directly. I didn't attempt to implement them on my own. What I built was simply an abstraction on top of that. Granted, I understand that there are still ways to go astray, but certainly less if I fundamentally rely on what the crypto experts implemented.
So, to address your concerns, what if I got a commercial security audit? Can you recommend any places you would trust?