- 03 Dec 2024
- 1 Minute to read
- DarkLight
- PDF
White-Box Cryptography SDK overview
- Updated on 03 Dec 2024
- 1 Minute to read
- DarkLight
- PDF
The purpose of the White-Box Cryptography SDK (WBC SDK) is to keep secret cryptographic keys hidden in the source code, even during runtime. To achieve this, application developers can convert key values into an encoded key table with the White-Box Table Generator. This encoded key table is ready to be integrated into the application, instead of hard-coding the key values into the source code.On iOS, the WBC SDK does not support multi-threading, i.e., running multiple encryption or decryption threads concurrently is not possible!
Conversion of clear-text key into obfuscated source code
During runtime, the White-Box Cryptography SDK uses the source code that represents the key for encryption and/or decryption; the key is based on an AES 128-bit block cipher that runs in counter (CTR) mode.
If white-box cryptography is not used, cryptographic keys can be extracted from the source code as clear-text assets. Application without the White-Box Cryptography SDK and Application with the White-Box Cryptography SDK illustrate the difference between an application that does not use white-box cryptography and one that does.
Application without the White-Box Cryptography SDK
Application with the White-Box Cryptography SDK
For more detailed information about the SDK and integration instructions, refer to the White-Box Cryptography SDK Integration Guide included in the OneSpan Mobile Security Suite product package.