The VMware Workspace ONE SDK for iOS (Swift) offers the use of basic encrypt and decrypt methods to operate on raw data that the system encrypts using the SDK’s internal encryption keys.

These methods are defined in the AWController.


Do not use these encryption methods on any mission critical data or data that you cannot recover. Examples of unrecoverable data include no backup on a server or if the data cannot be re-derived through other means. The encrypted key (and associated encrypted data) is lost in the event that an end user deletes the application or if an enterprise wipe.


Before you call the encryption methods, ensure the AWControllerDelegate receives no errors.

  • Swift -Applications must ensure that AWControllerDelegate receives the controllerDidFinishInitialCheck(error: NSError?) callback with no errors before they call the encryption methods.

  • Objective-C - The AWControllerDelegate callback method is -(void)initialCheckDoneWithError:(NSError * _Nullable)error;.

Encryption Strength and Authentication Mode

The strength of the encryption depends on the enabling of the authentication mode.

If you set authentication passcode or username and password, then the system derives the key used for encryption from the passcode or username and passcode the user enters. The system keeps the key in device volatile memory for additional security.

If you disable authentication, the system randomly generates the encryption key and persists it in device storage.

Encrypt Data not Stored with Core Data

The Workspace ONE SDK for iOS (Swift) provides the ability to encrypt data that Core Data does not store. These methods take in the data input and return back either the encrypted or decrypted data. These methods are only used for the transformation of the data. The application developer is responsible for the storage of the encrypted data.

  • Encryption Method: Swif -

    • public func encrypt(_ data: Data) throws -> Data

    • public func decrypt(_ data: Data) throws -> Data

  • Encryption Method: Objective-C

    • (NSData * _Nullable)encrypt:(NSData * _Nonnull)data error:(NSError * _Nullable * _Nullable)error SWIFT_WARN_UNUSED_RESULT;

    • (NSData * _Nullable)decrypt:(NSData * _Nonnull)data error:(NSError * _Nullable * _Nullable)error SWIFT_WARN_UNUSED_RESULT;

Error Codes Defined and Examples

The enum AWSDKCryptError defines the error codes for the error thrown by the methods.

  • Encrypt

    let controller = AWController.clientInstance()
    let plainData: Data = .. //assign data to be encrypted
    do {
        let encryptedData = try controller.encrypt(plainData)
        //save encryptedData for future use
    } catch let error {
        print(" failed to encrypt data with error: \(String(describing: error))")
  • Decrypt

    let controller = AWController.clientInstance()
    let encryptedData = ..//fetch data previously encrypted using Encrypt method above
    do {
        let decryptedData = try controller.decrypt(encryptedData)
       //do something with decryptedData
    } catch let error {
        print(" failed to encrypt data with error: \(String(describing: error))")