0

I'm trying to ultimately encrypt a file with OpenSSL and decrypt with Objective-c CommonCrypto, but before that works I need both approaches to encrypt the same way.

This is what I have:

String to encrypt: "This is the string"

Key: "thisisthekey"

OpenSSL:

openssl enc -aes256 -a -e -nosalt -in InputFileWithString.txt -out OutputFile.txt thisisthekey

Resulting base 64 encoded string from openSSL: HncUM4ryxSR7Rdi7Z49HPl9veOPxkk3l8GYIgorBhbk=

Objective-c CommonCrypto:

+(NSString *)encryptText:(NSString *)text withKey:(NSString *)key{
    NSData *plainData = [text dataUsingEncoding:NSUTF8StringEncoding];

    NSData *encryptedData = [plainData AES256EncryptWithKey:key];

    NSString *base64String = [encryptedData base64EncodedStringWithOptions:0];

    return base64String;
}

- (NSData*)AES256EncryptWithKey:(NSString*)key {
    char keyPtr[kCCKeySizeAES256 + 1]; 
    bzero(keyPtr, sizeof(keyPtr)); 

    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [self length];

    size_t bufferSize           = dataLength + kCCBlockSizeAES128;
    void* buffer                = malloc(bufferSize);

    size_t numBytesEncrypted    = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                          keyPtr, kCCKeySizeAES256,
                                          NULL,
                                          [self bytes], dataLength, 
                                          buffer, bufferSize,
                                          &numBytesEncrypted);

    if (cryptStatus == kCCSuccess)
    {
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
    }

    free(buffer);
    return nil;
}

The resulting base 64 encoded string: gNCs4d0GAxZHRcOtu8RVpLgN0ONKk1r5XkJ4GtL7W2I=

As you can see, each approach is producing a different encrypted string. Any ideas how to make these both produce the same string?

user3564870
  • 385
  • 2
  • 13
  • 1
    Take a look at https://github.com/rnapier/RNOpenSSLCryptor which walks you through this and wraps it up. "thisisthekey" is not a proper key (see zaph's answer below). It is likely you actually mean to use a password, which RNOpenSSLCryptor will handle for you. – Rob Napier Oct 24 '16 at 22:34
  • Try [OpenSSL EVP_BytesToKey CommonCrypto site:stackoverflow.com](https://www.google.com/search?q=openssl+evp_bytestokey+commoncrypto+site%3Astackoverflow.com) – jww Oct 25 '16 at 03:20
  • This one seems very relevant: [How to decrypt data with Openssl tool encrypted with AES128 in iOS](http://stackoverflow.com/q/7535501), but the answer is not that good because it tells you to visit some blog. – jww Oct 25 '16 at 06:47
  • Thanks guys for the input. I found a very good writeup here: https://richardwarrender.com/2016/04/encrypt-data-using-aes-and-256-bit-keys/ – user3564870 Oct 26 '16 at 21:17

2 Answers2

3

  1. Use a full length key, 256-bits which is 32-bytes, do not rely on padding. CCCrypt expects a 32-byte key due to kCCKeySizeAES256 but you are supplying 12 bytes and zero padding the remaining key space.

  2. The default for CCCrypt is CBC mode but you provide a NULL IV. This will essentially give you ECB mode but it is better to speciky the option: kCCOptionECBMode.

zaph
  • 111,848
  • 21
  • 189
  • 228
0

A good working example is located here:

https://richardwarrender.com/2016/04/encrypt-data-using-aes-and-256-bit-keys/

user3564870
  • 385
  • 2
  • 13
  • Notes on the linked encryption: 1. Valid key sizes for AES are 128,192 & 256 bytes. 2. A random IV really needs to be used or two identical messages will be the same, even if only the first part is the same information can be determined. Create a random IV with SecRandomCopyBytes(), use it and as noted prepend it to the encrypted data. 3. The hexkey should be length validated, just padding can present interoperability issues. – zaph Nov 15 '16 at 22:30