AES/cbc/pkcs5padding encription IOS

Question

I have used AES algorithm for encryption in android. The following code we have used for encryption.

String seed = "somekey";
        Key key = null;
        // 128 bit key
        byte[] byteKey = seed.substring(0, 16).getBytes("UTF-8");
        key = new SecretKeySpec(byteKey, "AES");

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(
                new byte[16]));
        byte[] encValue = cipher.doFinal(pValue.getBytes());
        encryptedText = new BASE64Encoder().encode(encValue);

Can any one please provide the above logic for IOS.

Thanking in Advance.

Provide information on `SecretKeySpec`, `Cipher` such as a link to the documentation. There is not enough information. It would also help if you provided sample data and hex dumps after each statement. — zaph, Jul 31 '15 at 12:39

score 2 · Answer 1 · edited Nov 07 '16 at 21:06

2

It works both on android with:

#define FBENCRYPT_KEY_SIZE      kCCKeySizeAES128

instead:

#define FBENCRYPT_KEY_SIZE      kCCKeySizeAES256

edited Nov 07 '16 at 21:06

slfan

8,950
115
65
78

answered Nov 07 '16 at 20:42

Валерий Спиридонов

21
2

Doro · Accepted Answer · 2015-07-31T13:37:51.070

You can use the following snippet as start point:

+ (NSData*)encryptData:(NSData*)data key:(NSData*)key iv:(NSData*)iv;
{
    NSData* result = nil;

    // setup key
    unsigned char cKey[FBENCRYPT_KEY_SIZE];
    bzero(cKey, sizeof(cKey));
    [key getBytes:cKey length:FBENCRYPT_KEY_SIZE];

    // setup iv
    char cIv[FBENCRYPT_BLOCK_SIZE];
    bzero(cIv, FBENCRYPT_BLOCK_SIZE);
    if (iv) {
        [iv getBytes:cIv length:FBENCRYPT_BLOCK_SIZE];
    }

    // setup output buffer
    size_t bufferSize = [data length] + FBENCRYPT_BLOCK_SIZE;
    void *buffer = malloc(bufferSize);

    // do encrypt
    size_t encryptedSize = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,
                                          FBENCRYPT_ALGORITHM,
                                          kCCOptionPKCS7Padding,
                                          cKey,
                                          FBENCRYPT_KEY_SIZE,
                                          cIv,
                                          [data bytes],
                                          [data length],
                                          buffer,
                                          bufferSize,
                                          &encryptedSize);
    if (cryptStatus == kCCSuccess) {
        result = [NSData dataWithBytesNoCopy:buffer length:encryptedSize];
    } else {
        free(buffer);
        NSLog(@"[ERROR] failed to encrypt|CCCryptoStatus: %d", cryptStatus);
    }

    return result;
}

+ (NSData*)decryptData:(NSData*)data key:(NSData*)key iv:(NSData*)iv;
{
    NSData* result = nil;

    // setup key
    unsigned char cKey[FBENCRYPT_KEY_SIZE];
    bzero(cKey, sizeof(cKey));
    [key getBytes:cKey length:FBENCRYPT_KEY_SIZE];

    // setup iv
    char cIv[FBENCRYPT_BLOCK_SIZE];
    bzero(cIv, FBENCRYPT_BLOCK_SIZE);
    if (iv) {
        [iv getBytes:cIv length:FBENCRYPT_BLOCK_SIZE];
    }

    // setup output buffer
    size_t bufferSize = [data length] + FBENCRYPT_BLOCK_SIZE;
    void *buffer = malloc(bufferSize);

    // do decrypt
    size_t decryptedSize = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt,
                                          FBENCRYPT_ALGORITHM,
                                          kCCOptionPKCS7Padding,
                                          cKey,
                                          FBENCRYPT_KEY_SIZE,
                                          cIv,
                                          [data bytes],
                                          [data length],
                                          buffer,
                                          bufferSize,
                                          &decryptedSize);

    if (cryptStatus == kCCSuccess) {
        result = [NSData dataWithBytesNoCopy:buffer length:decryptedSize];
    } else {
        free(buffer);
        NSLog(@"[ERROR] failed to decrypt| CCCryptoStatus: %d", cryptStatus);
    }

    return result;
}

Constants

#define FBENCRYPT_ALGORITHM     kCCAlgorithmAES128
#define FBENCRYPT_BLOCK_SIZE    kCCBlockSizeAES128
#define FBENCRYPT_KEY_SIZE      kCCKeySizeAES256

For more information, see FBEncryptor

Hope this helps.

Hello Doro,Thanks for your valuable suggestion,CommonCrypto iOS not supporting PKCS5Padding. iOS supports only PKCS7Padding only.is there any third party tool available for support PKCS5Padding also. — Jagadeesh K, Jul 31 '15 at 07:02
Hello Artjom,i need follow algorithm for iOS (AES/CBC/PKCS5Padding).constraint is iOS supports only PKCS7Padding . — Jagadeesh K, Jul 31 '15 at 09:17
@jagadeeshkarri As I said, they are the same: http://crypto.stackexchange.com/questions/9043/what-is-the-difference-between-pkcs5-padding-and-pkcs7-padding — Artjom B., Jul 31 '15 at 12:06
@Doro The OP is using a 128-bit key. Also the key is extended with the method `SecretKeySpec`. There is also an iv created by` IvParameterSpec` which may be pre-pended to the encrypted data. None of this is handled in the answer. The block AES block size is 16-bytes but the answer is adding 8 to `bufferSize` for padding is incorrect, it is much better to use constants: `kCCBlockSizeAES128`. — zaph, Jul 31 '15 at 13:16
@Doro Why are you defining `FBENCRYPT_*` constants and not just using the Common Crypto constants? Don't it just adds confusion and code. Still unchanged: The OP specifies a 128-bit key the answer is using 256-bit. The seed is extended with the method SecretKeySpec into the key. There is also an iv created by` IvParameterSpec` which may be pre-pended to the encrypted data. None of this is handled in the answer. The encrypt and decrypt are almost identical which creates duplicate code that needs to be managed together, that is a very poor practice. — zaph, Jul 31 '15 at 15:39

score 1 · Answer 3 · answered Aug 02 '15 at 05:59

1

Since AES has a bock size of 16-bytes PKCS#7Padding is required. Some earlier AES library implementers specified PKCS#5Padding in error.

PKCS#5Padding is only specified for a block size up to 8-bytes and PKCS#7Padding is specified for a block size up to 255-bytes. See Wikipedia: Padding. IOW PKCS#7Padding can be used in place of PKCS#5Padding.

answered Aug 02 '15 at 05:59

zaph

111,848
21
189
228

Hi Zaph I found a link where you have posted a very good code. https://stackoverflow.com/questions/46221794/generate-initialization-vector-in-objective-c . Can you please tell how to generate random "key" here ? – User1075 Nov 03 '20 at 14:41

AES/cbc/pkcs5padding encription IOS

3 Answers3

Linked