I am looking forward to develop a secure mobile application.
I find my needs getting full-filled with PGP.
Since pgp includes full data encryption (symmetric-key).
So, is PGP a viable solution for mobile applications? (Computation power wise)
I plan to secure only my API responses (String only) with PGP.
- Can a mobile processor stand PGP while providing seamless communication?
- Or will it be an over-kill for a mobile device to use PGP?
My platforms of development (If that matters):
-
iPhone
-
Android
Under PGP I will use: [Since, PGP uses an Asym and a Sym encryption]
- RSA [Asym]
- Blowfish [Sym]
It should be noted that mobile devices perform asymmetric cryptography negotiations on a regular basis. After all that is the power behind SSL. Maybe at some point 20 years ago resource usage with cryptography was a concern, but today they are very light weight functions by comparison. Blowfish is very old, it was replaced by two-fish about a decade ago and three-fish is aviable but hasn’t been finalized so it shouldn’t be used. Use AES-256, perferably with GCM mode, because it is more diffcult to botch that implamentation. You should read up on modes of operation because even a very strong cipher can be very weak if you use the wrong mode (such as ECB).
In any case you should be performing useability testing on your own. Really this question is a symptom of a much more serious problem, and that is software testing and useability testing in general. If you tested the speed of this function you would know it wasn’t a problem. If you are not testing your applications you will be producing very low quality software.