Windows Phone 7 Data Encryption

Microsoft’s Rob Tiffany has just posted an article discussing Windows Phone 7′s Data Encryption features. People think that the lack of socket support and other functionalities means that WP7 only supports SSL encryption via IEMobile but this isn’t true. The OS currently includes support for the following cryptographic algorithms (that can be accessed via Silverlight apps):

•AES
•HMACSHA1
•HMACSHA256
•Rfc2898DeriveBytes
•SHA1
•SHA256

 

Rob included a sample application and tutorial detailing the different steps involved with build secure application featuring data encryption.

Encrypting the sensitive data you use in your Windows Phone 7 apps is completely within your reach. When you combine this with the following security elements:

•Apps are tested, digitally signed and securely delivered via the Windows Phone Marketplace
•No side-loading of potentially insecure apps
•SSL for data in transit
•Managed apps run inside secure sandbox
•Apps have private, inaccessible Isolated Storage
•Exchange Policies including PIN lock enforcement + Remote wipe

It’s clear that Windows Phone 7 has an excellent app security story that’s not only good for consumers, but also means that this mobile app platform is prime-time ready for the Secure Enterprise.

Source: Rob Tiffany

  • DustinHorne

    I published a library late last year that I’m actively updating that performs RSA encryption and works with Silverilght 3+ and Windows Phone 7. It’s absolutely free and full source is available, and the license is completely open to use it as you please:

    http://scrypt.codeplex.com

    That’s to some community contribution, I also added support for Blob based key formats this morning which is in beta at the moment. To interface with PHP you’ll need to use a library that properly implements the RSA spec for PKCS or OAEP padding (I would recommend using OAEP as it is the recommended standard).