White-Box Cryptography SDK

The purpose of the White-Box Cryptography SDK (WBC SDK) is to keep secret cryptographic keys hidden in the source code, even during runtime. To achieve this, application developers can convert key values into an encoded key table with the White-Box Table Generator. This encoded key table is ready to be integrated into the application, instead of hard-coding the key values into the source code.

Conversion of clear-text key into obfuscated source code

During runtime, the White-Box Cryptography SDK uses the source code that represents the key for encryption and/or decryption; the key is based on an AESClosed Symmetric key encryption algorithm. A block cipher with a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. 128-bit block cipher that runs in counter (CTRClosed Operation mode of block ciphers. CTR uses the AES block cipher to create a stream cipher. Data is encrypted and decrypted by XORing with the key stream produced by AES encrypting sequential counter block values.) mode.

If white-box cryptography is not used, cryptographic keys can be extracted from the source code as clear-text assets. Application without the White-Box Cryptography SDK and Application with the White-Box Cryptography SDK illustrate the difference between an application that does not use white-box cryptography and one that does.

Application without the White-Box Cryptography SDK

Application with the White-Box Cryptography SDK

For more detailed information about the SDK and integration instructions, refer to the OneSpan White-Box Cryptography SDK Integration Guide included in the OneSpan Mobile Security Suite product package.