Today’s guest tutorial comes to you courtesy of Mark Eberhardt, the founder of Minion Multimedia, an independent app development studio based in the Pacific Northwest. Mark has been a Corona developer for the last several years, releasing a variety of cross-platform apps for iOS and Android.


When Corona Labs introduced Corona Plugins, I was excited to learn that OpenSSL was one of the first in the initial batch. Using this, my apps can be further enhanced to protect my customers’ privacy. Most of this I learned from George Zhao’s documentation and files on his GitHub page. Now, in this tutorial, I’ll show you how to initialize the appropriate plugin module, then to do some basic encryption and decryption.

Additions to “build.settings”

The first step is to add a couple of lines to the build.settings file to support the OpenSSL plugin:

Setting Up

Next, you need to require the plugin in the main project file:

Next, we’ll create a cipher object. The method can be a variety of encryption methods. For the sake of this tutorial, we’ll use “aes-256-cbc”.


To encrypt a string of text, we’ll use the following line of code:

The text is a string that you want encrypted, and key is a string containing a passphrase, which can be anything.

If you want the user to be able to select their own passphrase, a simple native text field could be used to get their input. Additionally, you could have that input hashed using the crypto functions.

Encoding the Text for Transport

I also like to apply a base64 encode on the encrypted text. This allows for easier storage or data sharing. To encode the text as base64 is really simple. We enable the mime functions then call b64 to encode the text.

Now the encrypted data is stored as a base64 string.


If we want to decrypt something, it’s just as easy!

Just replace text with the encrypted text, and key with the the string that was used to encrypt the text with. If the encrypted text is base64 encoded, it’s easy to undo the encoding — just use mime.unb64.

Overall Code

Here’s the overall code up to this point:


If you want to take things further and if your web host has the OpenSSL module installed, you can create a PHP script that can encode/decode text sent to/from your app:

This will return a base64-encoded string that can be decoded with OpenSSL — and decryption is just as simple:

So the full scope of the php script would be:

In practical use, if you’re sending encrypted data to the script, you could replace the $source variable with:

Export Compliance

To be perfectly clear, I am not a lawyer. Most likely, you will need to fill out some forms to receive the proper paperwork when submitting apps to the Android stores or submitting to Apple for export compliance review.

More information on this subject can be found in the World Wide Trade Compliance section of iTunes Connect, under Policy and Best Practices in the Google Play Developer Console, or at the Bureau of Industry and Security.

In the meantime, these links may help narrow down your particular situation:

U.S. Export Compliance:

French Export Compliance:

In Summary…

As you can see, setting up Corona’s OpenSSL plugin is fast and easy. In just a few lines of code, you can be encrypting and decrypting data! For further reference, please review the documentation, and please post your questions and feedback below.

Excerpt from: 

Tutorial: Using the OpenSSL Plugin