1

I am trying to decrypt a string that was first encrypted using des in ecb mode, and then encoded in base64.

This is my code:

+ (NSString *)decrypt:(NSString *)encryptedText
{
    NSString *key = @"12345678";
    NSData *decodedData = [[NSData alloc] initWithBase64EncodedString:encryptedText options:0];
    size_t numBytesDecrypted = 0;
    size_t bufferSize = [decodedData length] + kCCBlockSizeDES;
    void *buffer = malloc(bufferSize);
    char keyPtr[kCCKeySizeDES+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr));
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];


    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt,
                                      kCCAlgorithmDES,
                                      kCCOptionPKCS7Padding | kCCOptionECBMode,
                                      keyPtr,
                                      kCCKeySizeAES256,
                                      NULL /* initialization vector (optional) */,
                                      [decodedData bytes], [decodedData length], /* input */
                                      buffer,       bufferSize, /* output */
                                      &numBytesDecrypted);

    NSData *val = [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    return [[NSString alloc] initWithData:val encoding:NSUTF8StringEncoding];
}

However I am getting a nil string in return...any ideas?

Atul Bhatia
  • 1,633
  • 5
  • 25
  • 50
  • Interestingly this is a copy/paste of the same base code as another question earlier today. This looks like a class project. – zaph Apr 04 '14 at 03:37
  • I can assure you it's not a class project. I did find that code elsewhere however. – Atul Bhatia Apr 04 '14 at 04:55
  • OK, just interesting that the same base code was chosen on the same day. I can see that the base code is simpler and that is a reasonably compelling reason for its choice. Unfortunatly the code is old enough that it is no longer best practice, a better alternative is [RNCryptor](https://github.com/RNCryptor/RNCryptor) by Rob Napier. – zaph Apr 04 '14 at 10:43

1 Answers1

1

You are using DES but are specifying the key size as: kCCKeySizeAES256 in the call to: CCCrypt.

There are so many things wrong with this code from a security standpoint, don't use this in a real app. This is no longer best practice. Among other things the password should be converted to key with a Password-Based Key Derivation Function such as PBKDF2. Also using DES and ECB mode is a weaknesses.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • The encryption aspect is meant as a mitigating factor. I am encoding data into a qr code, and to prevent it from being easily read I am encrypting the data. Even with the decrypted data, not much security is compromised...unless the amount of time it would take me to make this much more secure is minimal I don't think it is worth the effort. – Atul Bhatia Apr 04 '14 at 05:00
  • 1
    Consider using AES, it is just as easy to use and provides better security. – zaph Apr 04 '14 at 10:37