For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Encrypting the web resources of your Cordova packages

We can use the MobileFirst Platform CLI to encrypt the content in the www folder of the .apk or .ipa packages of your Cordova web apps.

Before you begin

• You must have the Cordova development tools installed. This example uses the Apache Cordova CLI. If we use other Cordova development tools, some of your steps will be different. Refer to our Cordova tool documentation for instructions.
• You must have the MobileFirst Platform CLI installed. For more information, see Install the MobileFirst Platform CLI.
• You must have the IBM MobileFirst Platform Foundation plug-in. See Cordova plug-ins for MobileFirst features for more information about the plug-in.

The best time to complete this procedure is after finishing your app development and are ready to deploy the app. If you run any of the following commands after you complete the web resources encryption procedure, the content that was encrypted becomes decrypted:

• cordova prepare
• cordova build
• cordova run
• cordova emulate
• mfpdev app webupdate
• mfpdev app preview

If you run one of the listed commands after you encrypt the web resources, we must complete this procedure again to encrypt the web resources.

To minimize the risk of someone viewing and modifying your web resources while it is in the .apk or .ipa package, we can use the IBM MobileFirst Platform Foundation mfpdev app webencrypt command or the mfpwebencrypt flag to encrypt the information. This procedure does not provide encryption that is impossible to defeat, but it provides a basic level of obfuscation.

To encrypt the content in the package of your Cordova app with the MobileFirst Platform CLI, complete the following steps:

Procedure

1. Open a terminal window and navigate to the root directory of the Cordova app that we want to encrypt.
2. Prepare the app by entering one of the following commands:
   • cordova prepare
   • mfpdev app webupdate

3. Complete one of the following procedures to encrypt the content:
   • Enter the following command:

     mfpdev app webencrypt

     Tip: We can view information about the mfpdev app webencrypt command by entering mfpdev help app webencrypt.

   • We can also encrypt the web resources of your Cordova packages by adding the mfpwebencrypt flag to the cordova compile or to the cordova build command when you build your packages.

     cordova compile -- --mfpwebencrypt

     cordova build -- --mfpwebencrypt

   The operating system information in the www folder is replaced by a resources.zip file that contains the encrypted content.

   If your app is for the Android operating system and the resources.zip file is larger than 1 MB, the resources.zip file is divided into smaller 768 KB .zip files that are named resources.zip.nnn. The variable nnn is a number from 001 through 999.

4. Test the application with the encrypted resources by using the emulator that is provided with the platform-specific tools. For example, we can use the emulator in Android Studio for Android, or Xcode for iOS.

   Note: Do not use the following Cordova commands to test the application after you encrypt it:

   • cordova run
   • cordova emulate

   These commands refresh the content that was encrypted in the www folder, and saves it again as decrypted content. If we use these commands, remember to complete the procedure again to encrypt it before you publish the app.