Overview

The purpose of the White-Box Cryptography SDK (WBC SDK) is to keep secret cryptographic keys hidden in the source code, even during runtime. To achieve this, application developers can convert key values into an encoded key table with the White-Box Table Generator. This encoded key table is ready to be integrated into the application, instead of hard-coding the key values into the source code.

The WBC SDK provides the implementation of a white-box AES algorithm in counter (CTR) mode. It uses encoded table representations of AES 128-bit key. The representation of the keys is created by the White-Box Table Generator.

The WBC SDK has the same output as any regular AES encryption process that uses the clear-text value of an AES key.

Available methods

The WBC SDK provides methods for encrypting and decrypting data using the key table generated by the White-Box Table Generator. For the correct usage and considerations of these methods, refer to the technical documentation included in the product package.

Errors

When an error occurs, a WBCError object is thrown. Refer to the tutorials included in the product package for examples of error handling.

Supported platforms

The WBC SDK can be used on a variety of devices and supports the following platforms:

• White-Box Cryptography SDK Android:
  • minimum Android 6 and later
  • target Android 13
  • Java Development Kit (JDK) 6 and later
• White-Box Cryptography SDK C++:
  • iOS 13 and later
  • using Swift 5.0 and later
  • Xcode 14

The WBC SDK package includes the following:

• WBCSDK.aar for Java platforms (e.g. Android)
• MSSWBC.xcframework for iOS

As of OneSpan Mobile Security Suite 4.35.2, the integration of the White-Box Cryptography SDK has changed for Android and iOS. For more information see Integrate the WBC SDK.