Machina Tools - SDK 2.1 brings dynamically loaded crypto - Ionic Security
machina tools sdk 2.1

Machina Tools – SDK 2.1 Brings Dynamically Loaded Crypto and Other New Features

Ionic Security continues to improve its SDKs in ways that add value for developers looking to build applications that secure and control access to sensitive data, like this latest release, which delivers dynamically loaded crypto capabilities. In general, Machina SDKs give developers an easy-to-use interface to access Ionic Machina key management and device registration services. Once an application has requested one or more keys, developers can choose to encrypt data using those keys. It’s worth pointing out that you can attach attributes to these keys that can later be used by the Machina dynamic authorization engine to authorize access to data.

Dynamically loaded crypto and OpenSSL

In this latest release, our SDK-Core (C++) 2.1 and wrapped versions for Python, C#, and Objective-C bring significant changes to the underlying cryptography, a key feature of which is the ability to dynamically load your crypto module. Dynamically loaded crypto offers several benefits including:

  • The ability to use other third-party FIPS-compliant crypto modules
  • Better application performance when initializing the Agent class
  • Updating the crypto module independently of the core SDK code (allowing crypto module updates independently of Machina SDK releases). 

By default, the core SDK loads a FIPS-validated version of the OpenSSL open source library. The SDK package also includes an additional platform-specific implementation crypto module that can be used instead of the OpenSSL FIPS implementation. This module is not FIPS validated, and is provided to work around cross-platform limitations including instances where there’s a limited source of entropy. 

In addition to dynamically loaded crypto, the core SDK 2.1 introduces other new features along with performance improvements, bug fixes, and documentation enhancements. These can be found in the changelog and release notes. Machina SDK 2.1 supports C/C++, Python, C#, and Objective-C. Note that Machina SDKs for Java and JavaScript are not affected by this update, so be sure to use the language selector to choose the right SDK docs for you.

So, what can you do with the SDK?

If you’re new to Machina SDKs, you can get a quick overview in this short video.

Typically applications will provide different data to users at the user level — with a given user always being able to see the same set of data — regardless of their current context. That “context” can be very dependent upon the user’s situation. As I wrote in my post on Zero Trust for Developers, “Developers can no longer rely on just an API token that acts as both authentication and authorization. You now need to understand how to secure each and every stage of an interaction within the context of the request: the identity of the user, the state of the device making the request, the app being used, and the sensitivity of data the request is trying to access.”

You don’t want to code this logic into every application. Machina SDKs let you delegate access control to a policy engine that dynamically authorizes access based on the full context of the request. If the application provides many different types of data to the user and some of which should only be accessible under some conditions, all you need to do as the developer is to:

  • Ask Machina Tools — SDK to encrypt data entered/ingested, and provide attributes about the data (e.g., what type of data is it)
  • Ask Machina Tools — SDK to decrypt data when needed, providing it context about the request that you may have in your application (e.g., user session information)

Common Use Cases

Some simple use cases call for encrypting files. The SDKs allow you to encrypt/decrypt PDF, OpenXML, and CSV files out of the box. For example, the following Python snippet shows how easy it is to encrypt and decrypt a PDF.

# define attributes (optional)
mutable_attributes = {
    "classification": "Restricted"
}

# initialize aes cipher object
cipher = ionicsdk.FileCipherPdf(agent)

# encrypt
print("Encrypting message and saving to Ciphertext File: {}".format(file_ciphertext))
cipher.encrypt(file_original, file_ciphertext, mutableAttributes=mutable_attributes)

# decrypt
print("Decrypting ciphertext and saving to Plaintext File: {}".format(file_plaintext))
cipher.decrypt(file_ciphertext, file_plaintext)

Other use cases include:

You can explore other use cases at Machina Developers where you’ll find tutorials, examples, and links to sample code on Github.

Getting Started

If you haven’t already done so, sign up for a Free tenant environment. All you need is your email address! Then follow our Getting Started to register your device, install your SDK of choice, and run “Hello, World!” Or simply run our JavaScript version directly from the Machina Developers site.

Resources