See: http://www.coronalabs.com/blog/2013/06/11/tutorial-using-the-openssl-plugin/
Wow that is fantastic. How did I miss that.
nice
if im reading right it encrypts text
so if i want to encrypt a json file i would need to combine it all into one string or will it encrypt json?
I’m implementing now. It can not encrypt a table (I think that is what you mean), you need to convert to json string first.
Can one of you guys explain in words for a 5 year old what OpenSSL allows us to do? Will it actually encrypt files on a device? or is it just as it streams across the internet?
no my file is a json file
so im guessing id have to convert from json to a string the from string to json
your 5 years old and coding WOW
LOL
the way im reading it it can do both but this is the first i looked at it so i may be wrong
rxmarccall: What kind of assets are you trying to protect?
Sorry I’m just a noob compared to some of you guys so lots of the time I feel very out of the loop.
I am just trying to understand what benefits Open SSL allows for?
I would like to protect my app assets such as images, but also my app downloads new content via HTTP, which is very unsecure, would this help me in protecting my content in any way?
thanks
you can use HTTPS in corona for more secure connection
I think my biggest concern is the fact that anyone could hit the URL that I use to host my content and download the zip file with the content.
I wanted to use FTP for this reason, but with FTP corona doesn’t allow for a download progress event, so I switched back to HTTP. Would OpenSSL let me use HTTP but keep random people from being able to download my zip file?
For me I have a multiplayer game where I keep sensitive information in SQLite (Ice in your case). Before adding that information I encrypt it with
[lua]
encryptDataBeforeAddingToDB = mime.b64(cipher:encrypt(myData, mySecretKey))
[/lua]
If a user has jailbroken his device and opens the database to try to cheat he will just see gibberish.
When I need to use the information in the game, I fetch it from database and do:
[lua]
deCryptedinformationFromDB = cipher:decrypt(mime.unb64(encryptedDataFromDb), mySecretKey)
[/lua]
found error on plug in page. the descriptions are reversed
You can have user/pw authentication on your HTTP server like you have on FTP. It requires server side programming though.
From my read of that block post, it will encrypt/decrypt a string. JSON is a string. You json.encode your table to get a string, then json.decode a JSON string to create a table.
The encrypted data is binary, if you’re going to transmit that via an HTTP web service, you probably should base64 encode it for safe transmission. The blog post I believe covers it.
HTTPS: uses SSL to do it’s encryption. You can use https: to have your data encrypted between endpoints (your browser and server, your app and server), but HTTPS would be useless if the browser didn’t decrypt it the data.
May i make a suggestion?
Would it be possible to add, to the individual pages within the API documentation, pages recommended by Corona developers? So, all the tutorials and maybe some forum topics that help outline the usage of such items (I know that if the OpenSSL tutorial page had been referenced within the crypto.* area, then I would never have raised this topic)
Just FYI, I too have voted for Binary protection 
Hi,
Man all the stuff that complicates an indie shop trying to develop a simple little app. I’d like to encrypt some of the game data. I was planning on using the Corona SSL lib. I will only be using it for that purpose, not making remote secure connections etc. It appears that shipping encryption libraries as part of your code base requires additional paperwork to be filed.
Is this true? Has anyone gone through the process? Is it worth the effort, meaning there are bigger fish to fry versus worrying about locking down your app from piracy / data manipulation etc?
Thanks.
I am looking at using the “htaccess” method to password protect a directory on my web server that hosts my downloadable content. Should Corona’s network.request API be able to pass the username and password needed to access the content for download?
I was able to get the “htaccess” method working! Glad to have at least a little basic authentication before the user can download content.
My only concern is, if the download is taking longer than say 15 minutes, normally in a web browser the user would be asked to enter login information again, does Corona store this information so the download would continue without any interuptions?